Filtered by vendor Openstack
Subscriptions
Total
259 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-4111 | 3 Openstack, Opensuse, Redhat | 3 Python Glanceclient, Opensuse, Openstack | 2024-11-21 | N/A |
The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
CVE-2013-2256 | 2 Openstack, Redhat | 2 Nova, Openstack | 2024-11-21 | N/A |
OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id. | ||||
CVE-2013-2255 | 3 Debian, Openstack, Redhat | 4 Debian Linux, Compute, Keystone and 1 more | 2024-11-21 | 5.9 Medium |
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. | ||||
CVE-2013-2167 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Python-keystoneclient, Openstack | 2024-11-21 | 9.8 Critical |
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass | ||||
CVE-2013-2166 | 4 Debian, Fedoraproject, Openstack and 1 more | 4 Debian Linux, Fedora, Python-keystoneclient and 1 more | 2024-11-21 | 9.8 Critical |
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass | ||||
CVE-2013-2161 | 3 Openstack, Opensuse, Redhat | 5 Folsom, Grizzly, Havana and 2 more | 2024-11-21 | N/A |
XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name. | ||||
CVE-2013-2157 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2024-11-21 | N/A |
OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password. | ||||
CVE-2013-2104 | 2 Openstack, Redhat | 2 Python-keystoneclient, Openstack | 2024-11-21 | N/A |
python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires. | ||||
CVE-2013-2096 | 1 Openstack | 3 Folsom, Grizzly, Havana | 2024-11-21 | N/A |
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data. | ||||
CVE-2013-2059 | 1 Openstack | 1 Keystone | 2024-11-21 | N/A |
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token. | ||||
CVE-2013-2030 | 1 Openstack | 4 Compute, Folsom, Grizzly and 1 more | 2024-11-21 | N/A |
keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora. | ||||
CVE-2013-2014 | 2 Fedoraproject, Openstack | 2 Fedora, Keystone | 2024-11-21 | N/A |
OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests. | ||||
CVE-2013-2013 | 1 Openstack | 1 Python-keystoneclient | 2024-11-21 | N/A |
The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process. | ||||
CVE-2013-2006 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2024-11-21 | N/A |
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file. | ||||
CVE-2013-1977 | 1 Openstack | 1 Devstack | 2024-11-21 | N/A |
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file. | ||||
CVE-2013-1865 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Folsom, Openstack | 2024-11-21 | N/A |
OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token. | ||||
CVE-2013-1840 | 3 Amazon, Openstack, Redhat | 6 S3 Store, Essex, Folsom and 3 more | 2024-11-21 | N/A |
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image. | ||||
CVE-2013-1838 | 3 Canonical, Openstack, Redhat | 5 Ubuntu Linux, Essex, Folsom and 2 more | 2024-11-21 | N/A |
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function. | ||||
CVE-2013-1665 | 2 Openstack, Redhat | 3 Folsom, Keystone Essex, Openstack | 2024-11-21 | N/A |
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack. | ||||
CVE-2013-1664 | 2 Openstack, Redhat | 7 Cinder Folsom, Compute \(nova\) Essex, Compute \(nova\) Folsom and 4 more | 2024-11-21 | N/A |
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. |