Openstack

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-2256 1Openstack 1Nova Apr 29, 2026 Sep 16, 2013 N/A· v4 N/A· v3 6.0 MEDIUM· v2 OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor prope...Show more OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.Show less
CVE-2013-4111 2Openstack Opensuse 2Opensuse Python Glanceclient Apr 29, 2026 Aug 28, 2013 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common N...Show more The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.Show less
CVE-2013-4155 1Openstack 4Folsom GrizzlyHavana+1 more Apr 29, 2026 Aug 20, 2013 N/A· v4 N/A· v3 4.0 MEDIUM· v2 OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp t...Show more OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected.Show less
CVE-2013-2161 2Openstack Opensuse 4Folsom GrizzlyHavana+1 more Apr 29, 2026 Aug 20, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name.
CVE-2013-2157 1Openstack 1Keystone Apr 29, 2026 Aug 20, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.
CVE-2013-2096 1Openstack 3Folsom GrizzlyHavana Apr 29, 2026 Jul 9, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with...Show more OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.Show less
CVE-2013-2059 1Openstack 1Keystone Apr 29, 2026 May 21, 2013 N/A· v4 N/A· v3 6.0 MEDIUM· v2 OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote au...Show more OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.Show less
CVE-2013-2006 1Openstack 1Keystone Apr 29, 2026 May 21, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2013-1977 1Openstack 1Devstack Apr 29, 2026 May 21, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
CVE-2013-0282 1Openstack 1Keystone Apr 29, 2026 Apr 12, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dep...Show more OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.Show less
CVE-2013-0270 1Openstack 1Keystone Apr 29, 2026 Apr 12, 2013 N/A· v4 6.5 MEDIUM· v3 5.0 MEDIUM· v2 A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denia...Show more A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.Show less
CVE-2013-1665 1Openstack 2Folsom Keystone Essex Apr 29, 2026 Apr 3, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity...Show more The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.Show less
CVE-2013-1664 1Openstack 6Cinder Folsom Compute (nova) EssexCompute (nova) Folsom+3 more Apr 29, 2026 Apr 3, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote at...Show more The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.Show less
CVE-2013-1865 2Canonical Openstack 2Folsom Ubuntu Linux Apr 29, 2026 Mar 22, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI to...Show more OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.Show less
CVE-2013-1840 1Openstack 1Glance Apr 29, 2026 Mar 22, 2013 N/A· v4 N/A· v3 3.5 LOW· v2 The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's ba...Show more The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.Show less
CVE-2013-1838 2Canonical Openstack 4Essex FolsomGrizzly+1 more Apr 29, 2026 Mar 22, 2013 N/A· v4 N/A· v3 4.0 MEDIUM· v2 OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failu...Show more OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.Show less
CVE-2013-0335 2Canonical Openstack 4Essex FolsomGrizzly+1 more Apr 29, 2026 Mar 22, 2013 N/A· v4 N/A· v3 6.0 MEDIUM· v2 OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the...Show more OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.Show less
CVE-2013-0266 1Openstack 2Essex Folsom Apr 30, 2026 Mar 8, 2013 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A flaw was found in the `puppetlabs-cinder` module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the `cinder.conf` and `api-paste.ini` configu...Show more A flaw was found in the `puppetlabs-cinder` module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the `cinder.conf` and `api-paste.ini` configuration files. A local user can exploit this by reading these files, which leads to the disclosure of OpenStack administrative passwords. This information disclosure could allow unauthorized access to sensitive OpenStack resources.Show less
CVE-2013-0261 1Openstack 2Essex Folsom Apr 30, 2026 Mar 8, 2013 N/A· v4 8.8 HIGH· v3 4.4 MEDIUM· v2 A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the `/tmp` directory. This vulnerability allows the local user to overwrite arbitrary files on the...Show more A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the `/tmp` directory. This vulnerability allows the local user to overwrite arbitrary files on the system, potentially leading to system compromise or data corruption.Show less
CVE-2013-0212 2Canonical Openstack 2Image Registry And Delivery Service (glance) Ubuntu Linux Apr 29, 2026 Feb 24, 2013 N/A· v4 N/A· v3 4.0 MEDIUM· v2 store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is miscon...Show more store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.Show less

Previous 1...10 111213 14 Next