Every CVE whose affected-product data names Openstack Essex, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2013-0261 — CVSS 8.8 (high): A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the `/tmp`…
CVE-2013-0208 — CVSS 6.5 (medium): The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to…
CVE-2013-0335 — CVSS 6.0 (medium): OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in…
CVE-2013-0266 — CVSS 5.5 (medium): A flaw was found in the `puppetlabs-cinder` module, as used in PackStack. This vulnerability is due to incorrect file permissions…
CVE-2012-4573 — CVSS 5.5 (medium): The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary…
CVE-2012-5482 — CVSS 5.5 (medium): The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary…
CVE-2012-3360 — CVSS 5.5 (medium): Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over…
CVE-2012-5571 — CVSS 5.4 (medium): A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions…
CVE-2012-0030 — CVSS 4.9 (medium): Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other…
CVE-2012-3426 — CVSS 4.9 (medium): OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token…
CVE-2012-3542 — CVSS 4.3 (medium): OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary…
CVE-2012-2654 — CVSS 4.3 (medium): The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the…
CVE-2013-1838 — CVSS 4.0 (medium): OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows…
CVE-2012-3371 — CVSS 3.5 (low): The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled…