Filtered by vendor Redhat Subscriptions
Filtered by product Openstack Subscriptions
Total 718 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2013-1652 4 Canonical, Puppet, Puppetlabs and 1 more 5 Ubuntu Linux, Puppet, Puppet Enterprise and 2 more 2024-11-21 N/A
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.
CVE-2013-1640 3 Canonical, Puppet, Redhat 4 Ubuntu Linux, Puppet, Puppet Enterprise and 1 more 2024-11-21 N/A
The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.
CVE-2013-0914 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more 2024-11-21 N/A
The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call.
CVE-2013-0335 3 Canonical, Openstack, Redhat 5 Ubuntu Linux, Essex, Folsom and 2 more 2024-11-21 N/A
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
CVE-2013-0306 3 Canonical, Djangoproject, Redhat 3 Ubuntu Linux, Django, Openstack 2024-11-21 N/A
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.
CVE-2013-0305 3 Canonical, Djangoproject, Redhat 3 Ubuntu Linux, Django, Openstack 2024-11-21 N/A
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.
CVE-2013-0282 2 Openstack, Redhat 2 Keystone, Openstack 2024-11-21 N/A
OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.
CVE-2013-0270 2 Openstack, Redhat 2 Keystone, Openstack 2024-11-21 N/A
OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token.
CVE-2013-0266 2 Openstack, Redhat 3 Essex, Folsom, Openstack 2024-11-21 N/A
manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.
CVE-2013-0261 2 Openstack, Redhat 3 Essex, Folsom, Openstack 2024-11-21 N/A
(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
CVE-2013-0247 3 Canonical, Openstack, Redhat 3 Ubuntu Linux, Keystone, Openstack 2024-11-21 N/A
OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries.
CVE-2013-0212 3 Canonical, Openstack, Redhat 3 Ubuntu Linux, Image Registry And Delivery Service \(glance\), Openstack 2024-11-21 N/A
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.
CVE-2013-0208 3 Canonical, Openstack, Redhat 4 Ubuntu Linux, Essex, Folsom and 1 more 2024-11-21 N/A
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.
CVE-2012-6685 2 Nokogiri, Redhat 9 Nokogiri, Cloudforms Management Engine, Cloudforms Managementengine and 6 more 2024-11-21 7.5 High
Nokogiri before 1.5.4 is vulnerable to XXE attacks
CVE-2012-6619 2 Mongodb, Redhat 5 Mongodb, Enterprise Mrg, Openstack and 2 more 2024-11-21 N/A
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.
CVE-2012-6548 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Openstack 2024-11-21 N/A
The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.
CVE-2012-6544 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Openstack 2024-11-21 N/A
The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.
CVE-2012-6120 1 Redhat 3 Openstack, Openstack Essex, Openstack Folsom 2024-11-21 N/A
Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files.
CVE-2012-6075 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2024-11-21 N/A
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.
CVE-2012-5625 2 Openstack, Redhat 3 Folsom, Grizzly, Openstack 2024-11-21 N/A
OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).