Vulnerabilities > Openstack
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-11-05 | CVE-2013-4497 | Permissions, Privileges, and Access Controls vulnerability in Openstack Folsom, Grizzly and Havana The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions. | 6.4 |
| 2013-11-02 | CVE-2013-4477 | Permissions, Privileges, and Access Controls vulnerability in Openstack Grizzly and Havana The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges. | 3.3 |
| 2013-10-29 | CVE-2013-4261 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log. | 3.5 |
| 2013-10-29 | CVE-2013-4185 | Cryptographic Issues vulnerability in multiple products Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests. | 4.0 |
| 2013-10-27 | CVE-2013-4428 | Permissions, Privileges, and Access Controls vulnerability in multiple products OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID. | 3.5 |
| 2013-10-01 | CVE-2013-2013 | Information Exposure vulnerability in Openstack Python-Keystoneclient 0.2.2/0.2.3 The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process. | 2.1 |
| 2013-09-16 | CVE-2013-4183 | Information Exposure vulnerability in Openstack Cinder 2013.1.1/2013.1.2 The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors. | 2.1 |
| 2013-08-20 | CVE-2013-4155 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openstack products OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected. | 4.0 |
| 2013-08-20 | CVE-2013-2161 | Code Injection vulnerability in multiple products XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name. | 7.5 |
| 2013-08-20 | CVE-2013-2157 | Improper Authentication vulnerability in Openstack Keystone OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password. | 4.3 |