Page 2 of 8 results (0.009 seconds)

CVSS: 3.5EPSS: 1%CPEs: 3EXPL: 0

Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules. Openstack Compute (Nova) Folsom v2012.1 y v2011.3 no limitan el número de reglas de seguridad del grupo, lo que permite causar una denegación de servicio (excesivo consumo de CPU y de disco duro) a usuarios remotos autenticados con determinados permisos a través de una solicitud de red que provoca una gran número de reglas de iptables. • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079434.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079551.html http://secunia.com/advisories/49034 http://secunia.com/advisories/49048 http://ubuntu.com/usn/usn-1438-1 http://www.osvdb.org/81641 https://bugs.launchpad.net/nova/+bug/969545 https://exchange.xforce.ibmcloud.com/vulnerabilities/75243 https://github.com/openstack/nova/commit/1f644d210557b1254f7c7b39424b09a45329ade7 https://github.com/opens • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0

Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter. Nova v2011.3 y Essex, cuando usan la API OpenStack, permite a usuarios remotos autenticados eludir las restricciones de acceso mediante una solicitud con un parámetro URI project_id modificado. • http://secunia.com/advisories/47543 http://www.securityfocus.com/bid/51370 http://www.ubuntu.com/usn/USN-1326-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/72296 https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0 https://lists.launchpad.net/openstack/msg06648.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0

Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest. Múltiples vulnerabilidades de salto de directorio en OpenStack Nova anterior a v2011.3.1, cuando el EC2 API y el método S3/RegisterImage image-registration están habilitados, cuando está habilitado register_globals, permite que usuarios remotos autenticados sobrescriban archivos arbitrarios a través de una (1) tarball o (2) manifest manipulado. • https://bugs.launchpad.net/nova/+bug/885167 https://bugs.launchpad.net/nova/+bug/894755 https://github.com/openstack/nova/commit/76363226bd8533256f7795bba358d7f4b8a6c9e6 https://github.com/openstack/nova/commit/ad3241929ea00569c74505ed002208ce360c667e https://lists.launchpad.net/openstack/msg06105.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •