Search
Search Results (26 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5571 | 2 Openstack, Redhat | 3 Essex, Folsom, Openstack | 2025-04-11 | N/A |
| OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role. | ||||
| CVE-2013-0261 | 2 Openstack, Redhat | 3 Essex, Folsom, Openstack | 2025-04-11 | N/A |
| (1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. | ||||
| CVE-2013-1664 | 2 Openstack, Redhat | 7 Cinder Folsom, Compute \(nova\) Essex, Compute \(nova\) Folsom and 4 more | 2025-04-11 | N/A |
| The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. | ||||
| CVE-2013-1838 | 3 Canonical, Openstack, Redhat | 5 Ubuntu Linux, Essex, Folsom and 2 more | 2025-04-11 | N/A |
| OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function. | ||||
| CVE-2013-4155 | 2 Openstack, Redhat | 5 Folsom, Grizzly, Havana and 2 more | 2025-04-11 | N/A |
| OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected. | ||||
| CVE-2013-4261 | 2 Openstack, Redhat | 3 Folsom, Grizzly, Openstack | 2025-04-11 | N/A |
| OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log. | ||||