GCVE - cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*

part: a version: - update: *

Vendor	Openstack (`7b0cf974-b2b5-592e-bdf4-6953805ef02a`)
Product	Folsom (`8ecdbe88-cdbc-5247-8b01-a6bebce8f3cf`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/jedipunkz/openstack_folsom_deploy`	purl2cpe	2026-06-01 10:17:03.246239

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-4497`	vulnerable	2026-06-03 14:33:17.320255	Details available The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions. Published: 2013-11-05T20:00:00.000Z Updated: 2024-08-06T16:45:14.926Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2013/11/03/2 https://bugs.launchpad.net/nova/+bug/1202266 http://www.openwall.com/lists/oss-security/2013/11/03/3 https://bugs.launchpad.net/nova/+bug/1073306	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4469`	vulnerable	2026-06-03 14:33:16.887084	Details available OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance. NOTE: this issue is due to an incomplete fix for CVE-2013-2096. Published: 2013-11-02T18:00:00.000Z Updated: 2024-08-06T16:45:14.301Z Open on db.gcve.eu Reference links https://bugs.launchpad.net/nova/+bug/1206081 http://www.openwall.com/lists/oss-security/2013/10/31/3 http://www.ubuntu.com/usn/USN-2247-1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4463`	vulnerable	2026-06-03 14:33:16.843264	Details available OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096. Published: 2014-02-06T02:00:00.000Z Updated: 2024-08-06T16:45:14.837Z Open on db.gcve.eu Reference links https://bugs.launchpad.net/nova/+bug/1206081 http://www.openwall.com/lists/oss-security/2013/10/31/3 http://www.ubuntu.com/usn/USN-2247-1 http://rhn.redhat.com/errata/RHSA-2014-0112.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4155`	vulnerable	2026-06-03 14:33:09.938684	Details available OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected. Published: 2013-08-20T22:00:00.000Z Updated: 2024-08-06T16:30:50.054Z Open on db.gcve.eu Reference links https://bugs.launchpad.net/swift/+bug/1196932 http://www.debian.org/security/2012/dsa-2737 https://review.openstack.org/#/c/40646/ http://www.openwall.com/lists/oss-security/2013/08/07/6 http://www.ubuntu.com/usn/USN-2001-1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-2161`	vulnerable	2026-06-03 14:32:54.050215	Details available XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name. Published: 2013-08-20T22:00:00.000Z Updated: 2024-08-06T15:27:40.947Z Open on db.gcve.eu Reference links http://www.debian.org/security/2012/dsa-2737 http://lists.opensuse.org/opensuse-updates/2013-07/msg00021.html https://bugs.launchpad.net/swift/+bug/1183884 http://rhn.redhat.com/errata/RHSA-2013-0993.html http://www.openwall.com/lists/oss-security/2013/06/13/4	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-2096`	vulnerable	2026-06-03 14:32:53.650501	Details available OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data. Published: 2013-07-09T17:00:00.000Z Updated: 2024-08-06T15:27:40.933Z Open on db.gcve.eu Reference links https://review.openstack.org/#/c/28717/ https://review.openstack.org/#/c/28901/ http://www.ubuntu.com/usn/USN-1831-1 http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html https://review.openstack.org/#/c/29192/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-2030`	vulnerable	2026-06-03 14:32:53.275038	Details available keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora. Published: 2013-12-27T01:00:00.000Z Updated: 2024-08-06T15:20:37.504Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2013/05/09/2 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html https://bugs.launchpad.net/nova/+bug/1174608 https://bugzilla.redhat.com/show_bug.cgi?id=958285	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-1665`	vulnerable	2026-06-03 14:32:50.738677	Details available The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack. Published: 2013-04-03T00:00:00.000Z Updated: 2024-08-06T15:13:31.595Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2013/02/19/4 http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html http://rhn.redhat.com/errata/RHSA-2013-0658.html http://www.openwall.com/lists/oss-security/2013/02/19/2 http://ubuntu.com/usn/usn-1757-1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-1664`	vulnerable	2026-06-03 14:32:50.736794	Details available The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. Published: 2013-04-03T00:00:00.000Z Updated: 2024-08-06T15:13:32.247Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2013/02/19/4 http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html http://rhn.redhat.com/errata/RHSA-2013-0658.html http://www.openwall.com/lists/oss-security/2013/02/19/2 http://ubuntu.com/usn/usn-1757-1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-0266`	vulnerable	2026-06-03 14:32:42.472445	Puppetlabs-cinder: packstack: openstack: puppetlabs-cinder: information disclosure of openstack administrative passwords due to world-readable configuration files. MEDIUM (5.5) A flaw was found in the `puppetlabs-cinder` module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the `cinder.conf` and `api-paste.ini` configuration files. A local user can exploit this by reading these files, which leads to the disclosure of OpenStack administrative passwords. This information disclosure could allow unauthorized access to sensitive OpenStack resources. Published: 2013-03-08T21:00:00.000Z Updated: 2026-04-30T16:33:21.662Z Open on db.gcve.eu Reference links http://rhn.redhat.com/errata/RHSA-2013-0595.html https://access.redhat.com/security/cve/CVE-2013-0266 https://bugzilla.redhat.com/show_bug.cgi?id=908581 https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-0261`	vulnerable	2026-06-03 14:32:42.460330	Packstack: packstack: arbitrary file overwrite via symlink attack HIGH (8.8) A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the `/tmp` directory. This vulnerability allows the local user to overwrite arbitrary files on the system, potentially leading to system compromise or data corruption. Published: 2013-03-08T21:00:00.000Z Updated: 2026-04-30T16:33:18.902Z Open on db.gcve.eu Reference links http://rhn.redhat.com/errata/RHSA-2013-0595.html https://access.redhat.com/security/cve/CVE-2013-0261 https://bugzilla.redhat.com/show_bug.cgi?id=908101	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-0208`	vulnerable	2026-06-03 14:32:41.795457	Details available The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter. Published: 2013-02-13T16:00:00.000Z Updated: 2024-08-06T14:18:09.192Z Open on db.gcve.eu Reference links https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad http://rhn.redhat.com/errata/RHSA-2013-0208.html http://secunia.com/advisories/51992 http://secunia.com/advisories/51963 https://bugs.launchpad.net/nova/+bug/1069904	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.