CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2012-3360
https://notcve.org/view.php?id=CVE-2012-3360
22 Jul 2012 — Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element. Vulnerabilidad de salto de directorio en virt/disk/api.py en OpenStack Compute (Nova) Folsom (2.012,2) y Essex (2.012,1), cuando se utiliza durante libvirt basados ??en hipervisores, permite a usuarios remotos auten... • http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 2CVE-2012-3371
https://notcve.org/view.php?id=CVE-2012-3371
17 Jul 2012 — The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section. El planificador Nova en OpenStack Compute (Nova) Folsom (2012.2) y Essex (2012.1), cuando DifferentHostFilter o SameHostFilter están activados, permite a usuarios remotos autenticados provo... • http://www.openwall.com/lists/oss-security/2012/07/11/13 • CWE-20: Improper Input Validation •