11 matches found
CVE-2013-2161
OpenStack Swift (Folsom, Grizzly, Havana) is affected by CVE-2013-2161 due to an XML injection in the account/utils.py path that handles account names. The root cause is unchecked/unvalidated user input in XML responses, allowing attackers to trigger invalid or spoofed Swift responses. Remediatio...
CVE-2013-4477
CVE-2013-4477 affects the LDAP backend of OpenStack Identity (Keystone) in the Grizzly and Havana releases. The issue occurs when removing a role on a tenant for a user who does not have that role; Keystone ends up granting that role to the user, effectively allowing local users to gain privilege...
CVE-2013-2096
OpenStack Compute (Nova) variants Folsom/Grizzly/Havana fail to verify the QCOW2 image virtual size, enabling local users to trigger host filesystem disk consumption (DoS) by using large virtual sizes with little data. Root cause: incomplete/incorrect validation of QCOW2 virtual size, as noted ac...
CVE-2013-4155
OpenStack Swift vulnerability CVE-2013-4155 affects Swift before 1.9.1 in Folsom, Grizzly, and Havana. An authenticated user can trigger a denial of service by issuing a DELETE request with an outdated timestamp, causing superfluous tombstone consumption and Swift cluster slowdown. The primary im...
CVE-2013-4497
Summary: CVE-2013-4497 affects the XenAPI backend of OpenStack Compute (Nova) in Folsom/Grizzly/Havana before 2013.2. The issue is that security groups were not properly reapplied after certain operations (resize or live migration), potentially exposing affected VM instances to unintended network...
CVE-2013-4179
OpenStack Nova (Grizzly 2013.1.3, Havana before havana-3, and earlier) is affected by CVE-2013-4179, a denial-of-service due to XML Entity Expansion (XEE) in the security group extension. The issue stems from an incomplete fix for CVE-2013-1664 and can allow remote attackers to cause resource con...
CVE-2013-4469
CVE-2013-4469 affects OpenStack Nova (Folsom, Grizzly, Havana) where use_cow_images=False allows a local attacker to cause a DoS by transferring a QCOW2 image with a large virtual size but little data, because the code does not verify the image’s virtual size. Root cause noted as an incomplete fi...
CVE-2013-6419
CVE-2013-6419 affects OpenStack Nova and Neutron. The vulnerability arises from an missing authorization check on the device ID bound to a port, allowing remote tenants to retrieve metadata by spoofing that device ID. Affected components include Nova’s api/metadata/handler.py and Neutron’s neutro...
CVE-2013-4463
OpenStack Compute (Nova) in Folsom/Grizzly/Havana does not verify the QCOW2 image’s virtual size, allowing an authenticated local user to cause a denial of service by consuming host disk space with a malicious or oversized image. The issue is noted as an incomplete fix for CVE-2013-2096, and mult...
CVE-2013-7130
CVE-2013-7130 affects the OpenStack OpenStack Compute (Nova) libvirt driver when performing KVM live block migration. The i_create_images_and_backing path does not create all expected files, which could let an authenticated attacker obtain the snapshot root disk contents of other users via epheme...
CVE-2013-2030
CVE-2013-2030 affects OpenStack Nova (keystone/middleware/auth_token.py) in Folsom, Grizzly, and Havana. It uses an insecure temporary directory to store signing certificates, enabling local users to spoof servers by pre-creating the directory (e.g., /tmp/keystone-signing-nova on Fedora). Several...