CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2017-16239 – openstack-nova: Nova Filter Scheduler bypass through rebuild action
https://notcve.org/view.php?id=CVE-2017-16239
14 Nov 2017 — In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3. En OpenStack ... • http://www.securityfocus.com/bid/101950 • CWE-841: Improper Enforcement of Behavioral Workflow •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2017-7214 – openstack-nova: Sensitive information included in legacy notification exception contexts
https://notcve.org/view.php?id=CVE-2017-7214
21 Mar 2017 — An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens. Un problema ha sido descubierto en exception_wrapper.py en OpenStack Nova 13.x en versiones hasta 13.1.3, 14.x en versiones hasta 14.0.4 y 15.x en versiones hasta 15.0.1. Los contextos de legado excepción de notificación que... • http://www.securityfocus.com/bid/96998 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 5%CPEs: 8EXPL: 1CVE-2015-5162 – openstack-nova/glance/cinder: Malicious image may exhaust resources
https://notcve.org/view.php?id=CVE-2015-5162
07 Oct 2016 — The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image. El analizador de imagen en OpenStack Cinder 7.0.2 y 8.0.0 hasta la versión 8.1.1; Glance en versiones anteriores a 11.0.1 y 12.0.0; y Nova en versiones anteriores a 12.0.4 y 13.0.0 no limita adecuadamente las llamadas a qemu... • http://rhn.redhat.com/errata/RHSA-2016-2923.html • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2140 – openstack-nova: Host data leak through resize/migration
https://notcve.org/view.php?id=CVE-2016-2140
08 Mar 2016 — The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. El controlador libvirt en OpenStack Compute (Nova) en versiones anteriores a 2015.1.4 (kilo) y 12.0.x en versiones anteriores a 12.0.3 (liberty), cuando usa almacenamiento en bruto y use_cow_images está establecido a false, permite ... • http://www.openwall.com/lists/oss-security/2016/03/08/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8749 – Ubuntu Security Notice USN-3449-1
https://notcve.org/view.php?id=CVE-2015-8749
15 Jan 2016 — The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors. La función volume_utils._parse_volume_info en OpenStack Compute (Nova) en versiones anteriores a 2015.1.3 (kilo) y 12.0.x en versiones anteriores a 12.0.1 (liberty) ... • http://www.openwall.com/lists/oss-security/2016/01/07/8 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7548 – openstack-nova: Unprivileged API user can access host data using instance snapshot
https://notcve.org/view.php?id=CVE-2015-7548
11 Jan 2016 — OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot. OpenStack Compute (Nova) en versiones anteriores a 2015.1.3 (kilo) y 12.0.x en versiones anteriores a 12.0.1 (liberty), cuando se utiliza libvirt para producir instancias y use_cow_images se establece en false, permit... • http://rhn.redhat.com/errata/RHSA-2016-0018.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •