CVSS: 5.8EPSS: 0%CPEs: 34EXPL: 0CVE-2013-6396
https://notcve.org/view.php?id=CVE-2013-6396
18 Feb 2014 — The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La librería del cliente Python de OpenStack para Swift (python-swiftclient) 1.0 hasta 1.9.0 no verifica los certificados X.509 provenientes de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sens... • http://www.openwall.com/lists/oss-security/2014/02/17/7 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2014-0006 – Swift: TempURL timing attack
https://notcve.org/view.php?id=CVE-2014-0006
23 Jan 2014 — The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack. El middleware TempURL de OpenStack Object Storage (Swift) 1.4.6 hasta la versión 1.8.0, 1.9.0 hasta 1.10.0 y 1.11.0 permite a atacantes remotos obtener URLs secretas mediante el aprovechamiento de un nombre de objeto y un ataque de canal lateral basado en análisis de tiempo. OpenStack Obje... • http://rhn.redhat.com/errata/RHSA-2014-0232.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 35EXPL: 0CVE-2013-4155 – OpenStack: Swift Denial of Service using superfluous object tombstones
https://notcve.org/view.php?id=CVE-2013-4155
12 Aug 2013 — OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected. OpenStack Swift nateior a 1.9.1 en Folsom, Grizzly, y Havana, permite a usuarios autenticados provocar una denegación de servicio (consumo superfluo de tombstone y desaceleración del clúster Swift) a través de una petición DELETE con un timestamp que es más antigu... • http://rhn.redhat.com/errata/RHSA-2013-1197.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1840 – Glance: Backend credentials leak in Glance v1 API
https://notcve.org/view.php?id=CVE-2013-1840
22 Mar 2013 — The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image. La API v1 en OpenStack Vistazo Essex (2012.1), Folsom (2012.2) y Grizzly, al utilizar el 'single-tenant Swift' o la tienda S3, informa el campo de ubicación, lo que permite obtener las credenciales del back-end del operador a usuarios remot... • http://osvdb.org/91304 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 7%CPEs: 8EXPL: 0CVE-2012-4406 – Openstack-Swift: insecure use of python pickle()
https://notcve.org/view.php?id=CVE-2012-4406
22 Oct 2012 — OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object. OpenStack Object Storage (swift) antes de v1.7.0 utiliza la función loads en el módulo pickle de Python de forma no segura al almacenar y cargar los metadatos en memcached, lo que permite a atacantes remotos ejecutar código arbitrario a través de un objeto pickle modifica... • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html • CWE-502: Deserialization of Untrusted Data •