Vulnerabilities > Openstack > Folsom > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-12-27 | CVE-2013-2030 | Permissions, Privileges, and Access Controls vulnerability in Openstack products keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora. | 2.1 |
| 2013-10-29 | CVE-2013-4261 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log. | 3.5 |
| 2013-07-09 | CVE-2013-2096 | Resource Management Errors vulnerability in Openstack Folsom, Grizzly and Havana OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data. | 2.1 |
| 2013-03-22 | CVE-2013-1840 | Information Exposure vulnerability in Openstack Glance V1 The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image. | 3.5 |
| 2013-03-08 | CVE-2013-0266 | Race Condition vulnerability in Openstack Essex and Folsom manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files. | 2.1 |
| 2012-12-18 | CVE-2012-5571 | Credentials Management vulnerability in Openstack Essex and Folsom OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role. | 3.5 |
| 2012-07-17 | CVE-2012-3371 | Improper Input Validation vulnerability in Openstack Compute, Essex and Folsom The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section. | 3.5 |