Filtered by vendor Redhat Subscriptions
Filtered by product Openstack Subscriptions
Total 718 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2013-2166 4 Debian, Fedoraproject, Openstack and 1 more 4 Debian Linux, Fedora, Python-keystoneclient and 1 more 2024-11-21 9.8 Critical
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
CVE-2013-2161 3 Openstack, Opensuse, Redhat 5 Folsom, Grizzly, Havana and 2 more 2024-11-21 N/A
XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name.
CVE-2013-2157 2 Openstack, Redhat 2 Keystone, Openstack 2024-11-21 N/A
OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.
CVE-2013-2146 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more 2024-11-21 N/A
arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit.
CVE-2013-2128 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Openstack 2024-11-21 5.5 Medium
The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice system call for a TCP socket.
CVE-2013-2121 2 Redhat, Theforeman 3 Openstack, Satellite, Foreman 2024-11-21 N/A
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
CVE-2013-2113 2 Redhat, Theforeman 2 Openstack, Foreman 2024-11-21 N/A
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
CVE-2013-2104 2 Openstack, Redhat 2 Python-keystoneclient, Openstack 2024-11-21 N/A
python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.
CVE-2013-2099 3 Canonical, Python, Redhat 8 Ubuntu Linux, Python, Openstack and 5 more 2024-11-21 N/A
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.
CVE-2013-2029 1 Redhat 1 Openstack 2024-11-21 N/A
nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.
CVE-2013-2006 2 Openstack, Redhat 2 Keystone, Openstack 2024-11-21 N/A
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2013-1865 3 Canonical, Openstack, Redhat 3 Ubuntu Linux, Folsom, Openstack 2024-11-21 N/A
OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.
CVE-2013-1848 2 Linux, Redhat 5 Linux Kernel, Enterprise Linux, Enterprise Mrg and 2 more 2024-11-21 N/A
fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application.
CVE-2013-1840 3 Amazon, Openstack, Redhat 6 S3 Store, Essex, Folsom and 3 more 2024-11-21 N/A
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
CVE-2013-1838 3 Canonical, Openstack, Redhat 5 Ubuntu Linux, Essex, Folsom and 2 more 2024-11-21 N/A
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.
CVE-2013-1815 1 Redhat 4 Openstack, Openstack Essex, Openstack Folsom and 1 more 2024-11-21 N/A
PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file.
CVE-2013-1793 1 Redhat 2 Openstack, Openstack Essex 2024-11-21 7.5 High
openstack-utils openstack-db has insecure password creation
CVE-2013-1665 2 Openstack, Redhat 3 Folsom, Keystone Essex, Openstack 2024-11-21 N/A
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.
CVE-2013-1664 2 Openstack, Redhat 7 Cinder Folsom, Compute \(nova\) Essex, Compute \(nova\) Folsom and 4 more 2024-11-21 N/A
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.
CVE-2013-1654 4 Canonical, Puppet, Puppetlabs and 1 more 5 Ubuntu Linux, Puppet, Puppet Enterprise and 2 more 2024-11-21 N/A
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.