CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 0CVE-2012-4573 – OpenStack: Glance Authentication bypass for image deletion
https://notcve.org/view.php?id=CVE-2012-4573
11 Nov 2012 — The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482. La API v1 en OpenStack Vistazo Grizzly, Folsom (2.012,2) y Essex (2012.1) permite a usuarios autenticados remotamente borrar imágenes de su elección no protegidas a través de una solicitud de eliminación de imágenes, una vulnerabilidad diferente a CVE-2012-5482. • http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 0CVE-2012-5482
https://notcve.org/view.php?id=CVE-2012-5482
11 Nov 2012 — The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573. v2 API en OpenStack Glance Grizzly, Folsom (2012.2)y Essex (2012.1), permite a usuarios remotos autenticados, borrar imágenes no protegidas de su elección a través de una petición de borrado de imagen. NOTA: Esta vulnerabilidad existe por una solució... • http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2CVE-2012-3447
https://notcve.org/view.php?id=CVE-2012-3447
20 Aug 2012 — virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361. virt/disk/api.py en OpenStack Compute (Nova) v2012.1.x antes de v2012.1.2 y Folsom antes de Folsom-3 permite a usuarios remotos autenticados sobreescribir archivos de su elección... • http://www.openwall.com/lists/oss-security/2012/08/07/1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 2%CPEs: 2EXPL: 1CVE-2012-3360
https://notcve.org/view.php?id=CVE-2012-3360
22 Jul 2012 — Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element. Vulnerabilidad de salto de directorio en virt/disk/api.py en OpenStack Compute (Nova) Folsom (2.012,2) y Essex (2.012,1), cuando se utiliza durante libvirt basados ??en hipervisores, permite a usuarios remotos auten... • http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 2CVE-2012-3361
https://notcve.org/view.php?id=CVE-2012-3361
22 Jul 2012 — virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image. virt/disk/api.py en OpenStack Compute (Nova) Folsom (2.012,2), Essex (2.012,1) y Diablo (2.011,3) permite a usuarios remotos autenticados sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico un archivo en una imagen. • http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 2CVE-2012-3371
https://notcve.org/view.php?id=CVE-2012-3371
17 Jul 2012 — The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section. El planificador Nova en OpenStack Compute (Nova) Folsom (2012.2) y Essex (2012.1), cuando DifferentHostFilter o SameHostFilter están activados, permite a usuarios remotos autenticados provo... • http://www.openwall.com/lists/oss-security/2012/07/11/13 • CWE-20: Improper Input Validation •