Openstack Essex
16 CVEs affecting Openstack Essex. Latest disclosed: 2013-03-22. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2013-0261 | High | 8.8 | 2013-03-08 | A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the `/tmp` directory. This vulnerabil… |
CVE-2013-0266 | Medium | 5.5 | 2013-03-08 | A flaw was found in the `puppetlabs-cinder` module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable… |
CVE-2012-5571 | Medium | 5.4 | 2012-12-18 | A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because… |
CVE-2013-1840 | | 2013-03-22 | The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which… | |
CVE-2013-1838 | | 2013-03-22 | OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated user… | |
CVE-2013-0335 | | 2013-03-22 | OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances b… | |
CVE-2013-0208 | | 2013-02-13 | The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users'… | |
CVE-2012-5482 | | 2012-11-11 | The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an i… | |
CVE-2012-4573 | | 2012-11-11 | The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an i… | |
CVE-2012-3542 | | 2012-09-05 | OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrar… | |
CVE-2012-3426 | | 2012-07-31 | OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows… | |
CVE-2012-3361 | | 2012-07-22 | virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary file… | |
CVE-2012-3360 | | 2012-07-22 | Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors… | |
CVE-2012-3371 | | 2012-07-17 | The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authent… | |
CVE-2012-2654 | | 2012-06-21 | The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security g… | |
CVE-2012-0030 | | 2012-01-13 | Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI re… |