Every CVE whose affected-product data names Openstack Folsom, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2013-0261 — CVSS 8.8 (high): A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the `/tmp`…
CVE-2013-2161 — CVSS 7.5 (high): XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or…
CVE-2013-1865 — CVSS 6.8 (medium): OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which…
CVE-2013-0208 — CVSS 6.5 (medium): The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to…
CVE-2013-4497 — CVSS 6.4 (medium): The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when…
CVE-2013-0335 — CVSS 6.0 (medium): OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in…
CVE-2013-0266 — CVSS 5.5 (medium): A flaw was found in the `puppetlabs-cinder` module, as used in PackStack. This vulnerability is due to incorrect file permissions…
CVE-2012-3360 — CVSS 5.5 (medium): Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over…
CVE-2012-5482 — CVSS 5.5 (medium): The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary…
CVE-2012-4573 — CVSS 5.5 (medium): The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary…
CVE-2012-5571 — CVSS 5.4 (medium): A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions…
CVE-2013-1664 — CVSS 5.0 (medium): The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova)…
CVE-2013-1665 — CVSS 5.0 (medium): The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other…
CVE-2012-3447 — CVSS 4.9 (medium): virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to…
CVE-2012-5625 — CVSS 4.3 (medium): OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical…
CVE-2013-1838 — CVSS 4.0 (medium): OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows…
CVE-2012-5563 — CVSS 4.0 (medium): OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated…
CVE-2013-4155 — CVSS 4.0 (medium): OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous"…
CVE-2012-3371 — CVSS 3.5 (low): The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled…
CVE-2013-4261 — CVSS 3.5 (low): OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that…
CVE-2013-2030 — CVSS 2.1 (low): keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing…
CVE-2013-4463 — CVSS 2.1 (low): OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users…
CVE-2013-2096 — CVSS 2.1 (low): OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a…
CVE-2013-4469 — CVSS 1.9 (low): OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2…