CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3517 – openstack-nova: timing attack issue allows access to other instances' configuration information
https://notcve.org/view.php?id=CVE-2014-3517
24 Jul 2014 — api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests. api/metadata/handler.py en OpenStack Compute (Nova) anterior a 2013.2.4, 2014.x anterior a 2014.1.2 y Juno anterior a Juno-2, cuando redirige las solicitudes de metadatos a t... • http://www.openwall.com/lists/oss-security/2014/07/17/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-385: Covert Timing Channel •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6437 – openstack-nova: DoS through ephemeral disk backing files
https://notcve.org/view.php?id=CVE-2013-6437
04 Mar 2014 — The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file. El controlador libvirt en OpenStack Compute (Nova) anterior a 2013.2.2 y icehouse anterior a icehouse-2 permite a usuarios remotos autenticados causar una denegación de servicio (consumo de disco) mediante... • http://lists.openstack.org/pipermail/openstack-announce/2013-December/000179.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-2101 – Ubuntu Security Notice USN-1438-1
https://notcve.org/view.php?id=CVE-2012-2101
03 May 2012 — Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules. Openstack Compute (Nova) Folsom v2012.1 y v2011.3 no limitan el número de reglas de seguridad del grupo, lo que permite causar una denegación de servicio (excesivo consumo de CPU y de disco duro) a usuarios remot... • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079434.html • CWE-264: Permissions, Privileges, and Access Controls •