Filtered by vendor Redhat
Subscriptions
Filtered by product Openstack
Subscriptions
Total
725 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4527 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2024-11-21 | N/A |
| Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers. | ||||
| CVE-2013-4497 | 2 Openstack, Redhat | 4 Folsom, Grizzly, Havana and 1 more | 2024-11-21 | N/A |
| The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions. | ||||
| CVE-2013-4491 | 3 Redhat, Rhel Sam, Rubyonrails | 5 Openstack, Rhel Software Collections, 1.4 and 2 more | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem. | ||||
| CVE-2013-4477 | 2 Openstack, Redhat | 3 Grizzly, Havana, Openstack | 2024-11-21 | N/A |
| The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges. | ||||
| CVE-2013-4463 | 2 Openstack, Redhat | 4 Folsom, Grizzly, Havana and 1 more | 2024-11-21 | N/A |
| OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096. | ||||
| CVE-2013-4428 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Glance, Openstack | 2024-11-21 | N/A |
| OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID. | ||||
| CVE-2013-4386 | 2 Redhat, Theforeman | 3 Openstack, Satellite, Foreman | 2024-11-21 | N/A |
| Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter. | ||||
| CVE-2013-4315 | 2 Djangoproject, Redhat | 2 Django, Openstack | 2024-11-21 | N/A |
| Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_ROOTS setting followed by a .. (dot dot) in a ssi template tag. | ||||
| CVE-2013-4299 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux, Enterprise Mrg and 2 more | 2024-11-21 | N/A |
| Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. | ||||
| CVE-2013-4294 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2024-11-21 | N/A |
| The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token. | ||||
| CVE-2013-4287 | 3 Redhat, Ruby-lang, Rubygems | 7 Enterprise Linux, Enterprise Mrg, Openshift and 4 more | 2024-11-21 | N/A |
| Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. | ||||
| CVE-2013-4261 | 2 Openstack, Redhat | 3 Folsom, Grizzly, Openstack | 2024-11-21 | N/A |
| OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log. | ||||
| CVE-2013-4222 | 4 Canonical, Fedoraproject, Openstack and 1 more | 4 Ubuntu Linux, Fedora, Keystone and 1 more | 2024-11-21 | N/A |
| OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token. | ||||
| CVE-2013-4214 | 2 Nagios, Redhat | 2 Nagios, Openstack | 2024-11-21 | N/A |
| rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache. | ||||
| CVE-2013-4202 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Cinder, Openstack | 2024-11-21 | N/A |
| The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664. | ||||
| CVE-2013-4185 | 2 Openstack, Redhat | 2 Compute, Openstack | 2024-11-21 | N/A |
| Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests. | ||||
| CVE-2013-4183 | 2 Openstack, Redhat | 2 Cinder, Openstack | 2024-11-21 | N/A |
| The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2013-4182 | 2 Redhat, Theforeman | 3 Openstack, Satellite, Foreman | 2024-11-21 | N/A |
| app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request. | ||||
| CVE-2013-4180 | 2 Redhat, Theforeman | 3 Openstack, Satellite, Foreman | 2024-11-21 | N/A |
| The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol. | ||||
| CVE-2013-4179 | 2 Openstack, Redhat | 3 Compute, Havana, Openstack | 2024-11-21 | N/A |
| The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664. | ||||