CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 1CVE-2013-2256 – OpenStack: Nova private flavors resource limit circumvention
https://notcve.org/view.php?id=CVE-2013-2256
OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id. OpenStack Compute (Nova) anterior a 2013.1.3 y Havana anterior havana-2 no fuerza apropiadamente la propiedad "os-flavor-access:is_public" lo que permite a usuarios remotos autenticados obtener información sensible sobre (propiedades flavor) , opciones de arranque y posiblemente otros impactos adivinando el "flavor id" • http://rhn.redhat.com/errata/RHSA-2013-1199.html http://seclists.org/oss-sec/2013/q3/281 https://bugs.launchpad.net/nova/+bug/1194093 https://access.redhat.com/security/cve/CVE-2013-2256 https://bugzilla.redhat.com/show_bug.cgi?id=993340 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 3.5EPSS: 1%CPEs: 3EXPL: 0CVE-2012-2101
https://notcve.org/view.php?id=CVE-2012-2101
Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules. Openstack Compute (Nova) Folsom v2012.1 y v2011.3 no limitan el número de reglas de seguridad del grupo, lo que permite causar una denegación de servicio (excesivo consumo de CPU y de disco duro) a usuarios remotos autenticados con determinados permisos a través de una solicitud de red que provoca una gran número de reglas de iptables. • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079434.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079551.html http://secunia.com/advisories/49034 http://secunia.com/advisories/49048 http://ubuntu.com/usn/usn-1438-1 http://www.osvdb.org/81641 https://bugs.launchpad.net/nova/+bug/969545 https://exchange.xforce.ibmcloud.com/vulnerabilities/75243 https://github.com/openstack/nova/commit/1f644d210557b1254f7c7b39424b09a45329ade7 https://github.com/opens • CWE-264: Permissions, Privileges, and Access Controls •