Product:

Folsom

(Openstack)
Repositories https://github.com/openstack/nova
https://github.com/openstack/keystone
https://github.com/openstack/glance
https://github.com/puppetlabs/puppetlabs-cinder
#Vulnerabilities 25
Date Id Summary Products Score Patch Annotated
2012-11-11 CVE-2012-5482 The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573. Essex, Folsom, Image_registry_and_delivery_service_\(Glance\) N/A
2012-11-11 CVE-2012-4573 The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482. Essex, Folsom, Image_registry_and_delivery_service_\(Glance\) N/A
2012-07-17 CVE-2012-3371 The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section. Compute, Essex, Folsom N/A
2012-07-22 CVE-2012-3361 virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image. Diablo, Essex, Folsom N/A
2012-07-22 CVE-2012-3360 Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element. Essex, Folsom N/A