Page 2 of 18 results (0.012 seconds)

CVSS: 5.0EPSS: 9%CPEs: 6EXPL: 1

CVE-2013-1664 – bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities

https://notcve.org/view.php?id=CVE-2013-1664

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. OpenStack Keystone Essex, Folsom, y Grizzly; Compute (Nova) Essex y Folsom, Folsom y Cinder permite a atacantes remotos provocar una denegación de servicio (consumo de recursos y caída) mediante un ataque de Entidad de expansión XML(XEE). • http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html http://bugs.python.org/issue17239 http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html http://rhn.redhat.com/errata/RHSA-2013-0657.html http://rhn.redhat.com/errata/RHSA-2013-0658.html http://rhn.redhat.com/errata/RHSA-2013-0670.html http://ubuntu.com/usn/usn-1757-1 http://www.openwall.com/lists/oss-security/2013/02/19/2 http://www.openwall.com/lists/oss-security • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2013-1665 – bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities

https://notcve.org/view.php?id=CVE-2013-1665

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack. OpenStack Keystone Essex y Folsom permite a atacantes remotos leer ficheros arbitrarios a través de la declaración de una entidad externa XML junto con una referencia entidad, también conocido como un ataque XML External Entity (XXE). • http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html http://bugs.python.org/issue17239 http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html http://rhn.redhat.com/errata/RHSA-2013-0657.html http://rhn.redhat.com/errata/RHSA-2013-0658.html http://rhn.redhat.com/errata/RHSA-2013-0670.html http://ubuntu.com/usn/usn-1757-1 http://www.debian.org/security/2013/dsa-2634 http://www.openwall.com/lists/oss-security/2013/02/19 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2013-0208 – openstack-nova: Boot from volume allows access to random volumes

https://notcve.org/view.php?id=CVE-2013-0208

The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter. La función de arranque de volumen en OpenStack Compute (Nova) Folsom y Essex, al utilizar NOVA-volúmenes, permite a usuarios remotos autenticados para arrancar desde volúmenes de otros usuarios a través de un identificador de volumen en el parámetro block_device_mapping. • http://osvdb.org/89661 http://rhn.redhat.com/errata/RHSA-2013-0208.html http://secunia.com/advisories/51963 http://secunia.com/advisories/51992 http://www.openwall.com/lists/oss-security/2013/01/29/9 http://www.securityfocus.com/bid/57613 http://www.ubuntu.com/usn/USN-1709-1 https://bugs.launchpad.net/nova/+bug/1069904 https://bugzilla.redhat.com/show_bug.cgi?id=902629 https://exchange.xforce.ibmcloud.com/vulnerabilities/81697 https://github.com/openstack/n • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2012-5571 – OpenStack: Keystone EC2-style credentials invalidation issue

https://notcve.org/view.php?id=CVE-2012-5571

OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role. OpenStack Keystone Essex (2012.1) and Folsom (2012.2) no controlan correctamente los token EC2 cuando la función de usuario se ha eliminado de un inquilino, lo que permite a usuarios autenticados remotamente eludir las restricciones previstas al aprovechar un token para la función de usuario eliminado. • http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html http://rhn.redhat.com/errata/RHSA-2012-1556.html http://rhn.redhat.com/errata/RHSA-2012-1557.html http://secunia.com/advisories/51423 http://secunia.com/advisories/51436 http://www.openwall.com/lists/oss-security/2012/11/28/5 http://www.openwall.com/lists/oss-security/2012/11/28/6 http://www.securityfocus.com/bid/56726 http://www.ubuntu.com/usn/USN-1641-1 https://bugs.launchpad • CWE-255: Credentials Management Errors •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2012-5482

https://notcve.org/view.php?id=CVE-2012-5482

The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573. v2 API en OpenStack Glance Grizzly, Folsom (2012.2)y Essex (2012.1), permite a usuarios remotos autenticados, borrar imágenes no protegidas de su elección a través de una petición de borrado de imagen. NOTA: Esta vulnerabilidad existe por una solución incompleta para CVE-2012-4573. • http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html http://osvdb.org/87248 http://secunia.com/advisories/51174 http://www.openwall.com/lists/oss-security/2012/11/07/6 http://www.openwall.com/lists/oss-security/2012/11/08/2 http://www.openwall.com/lists/oss-security/2012/11/09/1 http://www.openwall.com/lists/oss-security/2012/11/09/5 http://www.securityfocus&# • CWE-264: Permissions, Privileges, and Access Controls •