CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2013-7130 – nova: Live migration can leak root disk into ephemeral storage
https://notcve.org/view.php?id=CVE-2013-7130
06 Feb 2014 — The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage. El método i_create_images_and_backing (también conocido como create_images_and_backing) en el driver libvirt en OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, cuando hace uso... • http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4463 – Nova: Compressed disk image DoS
https://notcve.org/view.php?id=CVE-2013-4463
31 Jan 2014 — OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096. OpenStack Compute (Nova) Folsom, Grizzly y Havana no verifican debidamente el tamaño virtual de una imagen QCOW2, lo que permite a usuarios locales causar un denegación de servicio (consumo de disco del sistema de a... • http://rhn.redhat.com/errata/RHSA-2014-0112.html • CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2013-2030
https://notcve.org/view.php?id=CVE-2013-2030
27 Dec 2013 — keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora. keystone/middleware/auth_token.py en OpenStack Nova Folsom, Grizzly, y Havana, utiliza un directorio temporal inseguro para almacenar certificados de firma, lo cual permite a usuarios locales impersonar... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4497 – openstack-nova: XenAPI security groups not kept through migrate or resize
https://notcve.org/view.php?id=CVE-2013-4497
05 Nov 2013 — The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions. El backend XenAPI en OpenStack Compute (Nova) Folsom, Grizzly, y Habana anterior a 2013.2 no se aplica correctamente los grupos de seguridad (1) al cambiar el tamaño de una imagen o (2) durante la migración en tiempo real, lo que permite a atacantes remotos evita... • http://www.openwall.com/lists/oss-security/2013/11/03/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 1CVE-2013-4477 – openstack-keystone: unintentional role granting with Keystone LDAP backend
https://notcve.org/view.php?id=CVE-2013-4477
02 Nov 2013 — The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges. El backend LDAP en OpenStack Identity (Keystone) Grizzly y Habana, cuando al retirar un rol de un inquilino para un usuario que no tiene esa función, añade el role al usuario, lo que permite a usuarios locales conseguir privilegios. The openstack-keystone packages provide keystone, a Python imple... • http://rhn.redhat.com/errata/RHSA-2014-0113.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2013-4469 – Ubuntu Security Notice USN-2247-1
https://notcve.org/view.php?id=CVE-2013-4469
02 Nov 2013 — OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance. NOTE: this issue is due to an incomplete fix for CVE-2013-2096. OpenStack Compute (Nova) Folsom, Grizzly, y Habana, cuando use_cow_images se establece como False, no verif... • http://www.openwall.com/lists/oss-security/2013/10/31/3 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2013-4261 – OpenStack: openstack-nova-compute console-log DoS
https://notcve.org/view.php?id=CVE-2013-4261
04 Sep 2013 — OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log. En OpenStack Compute (Nova) Folsom, Grizzly, y anteriores, cuando se utiliza Apache Qpid para el backend RPC, no maneja adecuadamente los errore... • http://rhn.redhat.com/errata/RHSA-2013-1199.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 35EXPL: 0CVE-2013-4155 – OpenStack: Swift Denial of Service using superfluous object tombstones
https://notcve.org/view.php?id=CVE-2013-4155
12 Aug 2013 — OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected. OpenStack Swift nateior a 1.9.1 en Folsom, Grizzly, y Havana, permite a usuarios autenticados provocar una denegación de servicio (consumo superfluo de tombstone y desaceleración del clúster Swift) a través de una petición DELETE con un timestamp que es más antigu... • http://rhn.redhat.com/errata/RHSA-2013-1197.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-2096
https://notcve.org/view.php?id=CVE-2013-2096
09 Jul 2013 — OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data. Folsom, Grizzly y Havana de OpenStack Compute (Nova), no comprueba el tamaño virtual de una imagen QCOW2, lo que permite a los usuarios locales causar una denegación de servicio (consumo de disco del sistema de archivos host)... • http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-2161 – Swift: Unchecked user input in Swift XML responses
https://notcve.org/view.php?id=CVE-2013-2161
21 Jun 2013 — XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name. Vulnerabilidad de inyección XML en accounts/utils.py en OpenStack Swift Folsom, Grizzly, y Havana, permite a atacantes provocar o suplantar respuestas Swift a través de un nombre de cuenta. Sebastian Krahmer discovered that Swift used the loads function in the pickle Python module when it was configured to use memcached. A remote a... • http://lists.opensuse.org/opensuse-updates/2013-07/msg00021.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •