← Back

Diablo

diablo

Vendor: Openstack • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2012-3361
1Openstack
3Diablo
EssexFolsom
Apr 29, 2026
Jul 22, 2012
N/A· v4
N/A· v3
5.5 MEDIUM· v2
virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.
CVE-2012-2654
1Openstack
3Compute
DiabloEssex
Apr 29, 2026
Jun 21, 2012
N/A· v4
N/A· v3
4.3 MEDIUM· v2
The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified e...Show more
The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.Show less