Lucene search
+L

7 matches found

CVE
CVE
added 2013/08/20 10:0 p.m.111 views

CVE-2013-2161

OpenStack Swift (Folsom, Grizzly, Havana) is affected by CVE-2013-2161 due to an XML injection in the account/utils.py path that handles account names. The root cause is unchecked/unvalidated user input in XML responses, allowing attackers to trigger invalid or spoofed Swift responses. Remediatio...

7.5CVSS9.3AI score0.01894EPSS
CVE
CVE
added 2013/11/02 7:0 p.m.96 views

CVE-2013-4477

CVE-2013-4477 affects the LDAP backend of OpenStack Identity (Keystone) in the Grizzly and Havana releases. The issue occurs when removing a role on a tenant for a user who does not have that role; Keystone ends up granting that role to the user, effectively allowing local users to gain privilege...

3.3CVSS6.3AI score0.00444EPSS
CVE
CVE
added 2013/07/09 5:0 p.m.89 views

CVE-2013-2096

OpenStack Compute (Nova) variants Folsom/Grizzly/Havana fail to verify the QCOW2 image virtual size, enabling local users to trigger host filesystem disk consumption (DoS) by using large virtual sizes with little data. Root cause: incomplete/incorrect validation of QCOW2 virtual size, as noted ac...

2.1CVSS5.9AI score0.00383EPSS
CVE
CVE
added 2013/08/20 10:0 p.m.87 views

CVE-2013-4155

OpenStack Swift vulnerability CVE-2013-4155 affects Swift before 1.9.1 in Folsom, Grizzly, and Havana. An authenticated user can trigger a denial of service by issuing a DELETE request with an outdated timestamp, causing superfluous tombstone consumption and Swift cluster slowdown. The primary im...

4CVSS6AI score0.01661EPSS
CVE
CVE
added 2013/11/02 6:0 p.m.81 views

CVE-2013-4469

CVE-2013-4469 affects OpenStack Nova (Folsom, Grizzly, Havana) where use_cow_images=False allows a local attacker to cause a DoS by transferring a QCOW2 image with a large virtual size but little data, because the code does not verify the image’s virtual size. Root cause noted as an incomplete fi...

1.9CVSS6AI score0.00438EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.77 views

CVE-2013-4463

OpenStack Compute (Nova) in Folsom/Grizzly/Havana does not verify the QCOW2 image’s virtual size, allowing an authenticated local user to cause a denial of service by consuming host disk space with a malicious or oversized image. The issue is noted as an incomplete fix for CVE-2013-2096, and mult...

2.1CVSS5.9AI score0.00368EPSS
CVE
CVE
added 2014/02/06 4:0 p.m.71 views

CVE-2013-7130

CVE-2013-7130 affects the OpenStack OpenStack Compute (Nova) libvirt driver when performing KVM live block migration. The i_create_images_and_backing path does not create all expected files, which could let an authenticated attacker obtain the snapshot root disk contents of other users via epheme...

7.1CVSS6.2AI score0.02159EPSS