CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2013-4179 – OpenStack: Nova XML entities DoS
https://notcve.org/view.php?id=CVE-2013-4179
04 Sep 2013 — The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664. La extensión de grupos de seguridad en OpenStack Compute (Nova) Grizzly 2013.1.3, Havana anteriores a havana-3, y anteriores, permite a atacantes remotos causar una denegación de servicio (consumo de recursos ... • http://rhn.redhat.com/errata/RHSA-2013-1199.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 5.3EPSS: 3%CPEs: 6EXPL: 1CVE-2013-1664 – bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1664
03 Apr 2013 — The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. OpenStack Keystone Essex, Folsom, y Grizzly; Compute (Nova) Essex y Folsom, Folsom y Cinder permite a atacantes remotos provocar una denegación de servicio (consumo de recursos y c... • http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 2CVE-2012-3371
https://notcve.org/view.php?id=CVE-2012-3371
17 Jul 2012 — The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section. El planificador Nova en OpenStack Compute (Nova) Folsom (2012.2) y Essex (2012.1), cuando DifferentHostFilter o SameHostFilter están activados, permite a usuarios remotos autenticados provo... • http://www.openwall.com/lists/oss-security/2012/07/11/13 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 2CVE-2012-2654
https://notcve.org/view.php?id=CVE-2012-2654
21 Jun 2012 — The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions. Las APIs (1) EC2 y (2) OS en OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1) y Diablo (2011.3) no comprueban correctamente el protocolo cuando se crean grupos de seguridad y el protocolo de r... • http://secunia.com/advisories/46808 • CWE-20: Improper Input Validation •