Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack essex - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-0335
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
Openstack Essex 2012.1
Openstack Grizzly 2012.2
Openstack Folsom 2012.2
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
NA
CVE-2013-0261
(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
Openstack Essex -
Openstack Folsom -
NA
CVE-2013-0266
manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.
Openstack Essex -
Openstack Folsom -
NA
CVE-2013-0212
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) prior to 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated user...
Openstack Image Registry And Delivery Service \\(glance\\) 2012.2.2
Openstack Image Registry And Delivery Service \\(glance\\) 2012.2.1
Openstack Image Registry And Delivery Service \\(glance\\) 2012.1
Openstack Image Registry And Delivery Service \\(glance\\) 2012.2
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
1 Github repository
NA
CVE-2013-0247
OpenStack Keystone Essex 2012.1.3 and previous versions, Folsom 2012.2.3 and previous versions, and Grizzly grizzly-2 and previous versions allows remote malicious users to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generat...
Openstack Keystone
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
NA
CVE-2013-0208
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.
Openstack Essex -
Openstack Folsom -
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
NA
CVE-2012-5571
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.
Openstack Folsom 2012.2
Openstack Essex 2012.1
NA
CVE-2012-5482
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.
Openstack Image Registry And Delivery Service \\(glance\\) -
Openstack Folsom 2012.2
Openstack Essex 2012.1
NA
CVE-2012-4573
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.
Openstack Folsom 2012.2
Openstack Essex 2012.1
Openstack Image Registry And Delivery Service \\(glance\\) -
NA
CVE-2012-4457
OpenStack Keystone Essex prior to 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.
Openstack Keystone
Openstack Keystone 2012.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »