Openstack
by Red Hat
Source repositories
CVEs (107)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-4261 | 0.00 | — | 0.02 | Oct 29, 2013 | OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using… | |||
| CVE-2013-4185 | 0.00 | — | 0.02 | Oct 29, 2013 | Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via… | |||
| CVE-2013-4222 | 0.00 | — | 0.02 | Sep 30, 2013 | OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token. | |||
| CVE-2013-4182 | 0.00 | — | 0.02 | Sep 16, 2013 | app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request. | |||
| CVE-2013-4180 | 0.00 | — | 0.02 | Sep 16, 2013 | The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol. | |||
| CVE-2013-2882 | 0.00 | — | 0.02 | Jul 31, 2013 | Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | |||
| CVE-2012-6120 | 0.00 | — | 0.00 | Apr 10, 2013 | Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files. |
- CVE-2013-4261Oct 29, 2013risk 0.00cvss —epss 0.02
OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using…
- CVE-2013-4185Oct 29, 2013risk 0.00cvss —epss 0.02
Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via…
- CVE-2013-4222Sep 30, 2013risk 0.00cvss —epss 0.02
OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.
- CVE-2013-4182Sep 16, 2013risk 0.00cvss —epss 0.02
app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.
- CVE-2013-4180Sep 16, 2013risk 0.00cvss —epss 0.02
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.
- CVE-2013-2882Jul 31, 2013risk 0.00cvss —epss 0.02
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
- CVE-2012-6120Apr 10, 2013risk 0.00cvss —epss 0.00
Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files.
Page 6 of 6