Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack essex vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2012-3361
virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.
Openstack Essex 2012.1
Openstack Folsom 2012.2
Openstack Diablo 2011.3
4.3
CVSSv2
CVE-2012-3542
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote malicious users to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier wa...
Openstack Essex 2012.1
Openstack Horizon Folsom-3
5
CVSSv2
CVE-2013-1793
openstack-utils openstack-db has insecure password creation
Redhat Openstack 4.0
Redhat Openstack 3.0
Redhat Openstack Essex -
Redhat Openstack 2.1
4.9
CVSSv2
CVE-2012-3426
OpenStack Keystone prior to 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chai...
Openstack Essex
Openstack Keystone 2012.1
Openstack Horizon Folsom-1
Openstack Keystone 2012.1.1
4.4
CVSSv2
CVE-2013-1815
PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file.
Redhat Packstack 2012.2.3
Redhat Openstack Folsom -
Redhat Openstack Essex -
5.5
CVSSv2
CVE-2012-4573
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.
Openstack Image Registry And Delivery Service (glance) -
Openstack Essex 2012.1
Openstack Folsom 2012.2
5.5
CVSSv2
CVE-2012-5482
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.
Openstack Image Registry And Delivery Service (glance) -
Openstack Essex 2012.1
Openstack Folsom 2012.2
6.5
CVSSv2
CVE-2013-0208
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.
Openstack Essex -
Openstack Folsom -
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
6
CVSSv2
CVE-2013-0335
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
Openstack Essex 2012.1
Openstack Folsom 2012.2
Openstack Grizzly 2012.2
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
4
CVSSv2
CVE-2013-1838
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to th...
Openstack Essex 2012.1
Openstack Folsom 2012.2
Openstack Grizzly 2012.2
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »