Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack folsom 2012.2 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2012-4456
The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex prior to 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote malicious users to read the roles for an arbitrary user or get, create, or delete arbitrary services.
Openstack Keystone 2012.2
Openstack Keystone
4
CVSSv2
CVE-2012-4457
OpenStack Keystone Essex prior to 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.
Openstack Keystone
Openstack Keystone 2012.2
5.5
CVSSv2
CVE-2012-3360
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of...
Openstack Folsom 2012.2
Openstack Essex 2012.1
5.5
CVSSv2
CVE-2012-3361
virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.
Openstack Essex 2012.1
Openstack Folsom 2012.2
Openstack Diablo 2011.3
3.5
CVSSv2
CVE-2012-3371
The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repea...
Openstack Compute 2012.2
Openstack Essex 2012.1
Openstack Folsom 2012.2
4.3
CVSSv2
CVE-2012-2654
The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote malicious users to...
Openstack Diablo 2011.3
Openstack Compute 2012.2
Openstack Essex 2012.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2