CVE-2013-4261 – OpenStack: openstack-nova-compute console-log DoS
https://notcve.org/view.php?id=CVE-2013-4261
OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log. En OpenStack Compute (Nova) Folsom, Grizzly, y anteriores, cuando se utiliza Apache Qpid para el backend RPC, no maneja adecuadamente los errores que se producen durante la mensajería, que permite a atacantes remotos provocar una denegación de servicio (conexión consumo piscina), como lo demuestra el uso de múltiples solicitudes que envían cadenas largas a una consola de instancia y recuperar el registro de la consola. • http://rhn.redhat.com/errata/RHSA-2013-1199.html http://seclists.org/oss-sec/2013/q3/595 https://bugs.launchpad.net/nova/+bug/1215091 https://bugzilla.redhat.com/show_bug.cgi?id=999164 https://bugzilla.redhat.com/show_bug.cgi?id=999271 https://access.redhat.com/security/cve/CVE-2013-4261 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-4180 – Foreman: hosts_controller.rb power/ipmi_boot Symbol creation DoS
https://notcve.org/view.php?id=CVE-2013-4180
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol. Las acciones (1) power y (2) ipmi_boot en el HostController de Foreman anterior 1.2.2 permite a atacante remoto causar denegacion de servicio (consumo de memoria) a través de una entrda sin especificar que es convertida a un simbolo • http://projects.theforeman.org/issues/2860 http://rhn.redhat.com/errata/RHSA-2013-1196.html http://theforeman.org/manuals/1.2/index.html#Releasenotesfor1.2.2 https://access.redhat.com/security/cve/CVE-2013-4180 https://bugzilla.redhat.com/show_bug.cgi?id=989755 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVE-2013-4182 – foreman: app/controllers/api/v1/hosts_controller.rb API privilege escalation
https://notcve.org/view.php?id=CVE-2013-4182
app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request. app/controllers/api/v1/hosts_controller.rb en Foreman anteriores a v1.2.2 no restringe correctamente el acceso a hosts arbitrarios a través de una petición API. • http://projects.theforeman.org/issues/2863 http://rhn.redhat.com/errata/RHSA-2013-1196.html http://theforeman.org/manuals/1.2/index.html#Releasenotesfor1.2.2 https://bugzilla.redhat.com/show_bug.cgi?id=990374 https://access.redhat.com/security/cve/CVE-2013-4182 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVE-2013-2882 – v8: remote DoS or unspecified other impact via type confusion
https://notcve.org/view.php?id=CVE-2013-2882
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." Google V8, usado en Google Chrome anterior a 28.0.1500.95, permite a atacantes remotos provocar una denegación de servicio y causar otro tipo de impacto a través de vectores que aprovechan "la confusión de tipos". • http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html http://rhn.redhat.com/errata/RHSA-2013-1201.html http://www.debian.org/security/2013/dsa-2732 https://code.google.com/p/chromium/issues/detail?id=260106 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17329 https://access.redhat.com/security/cve/CVE-2013-2882 https://bugzilla.redhat.com/show_bug.cgi?id=991116 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2013-2167 – python-keystoneclient: middleware memcache encryption and signing bypass
https://notcve.org/view.php?id=CVE-2013-2167
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass python-keystoneclient versiones 0.2.3 hasta la versión 0.2.5, tiene una omisión de firma de memcache de middleware. • http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html http://rhn.redhat.com/errata/RHSA-2013-0992.html http://www.openwall.com/lists/oss-security/2013/06/19/5 http://www.securityfocus.com/bid/60680 https://access.redhat.com/security/cve/cve-2013-2167 https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-2167 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2167 https://exchange.xforce.ibmcloud.com/vulnerabilities/85492 https://security-tracker.de • CWE-345: Insufficient Verification of Data Authenticity CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •