Page 3 of 14 results (0.006 seconds)

CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0

CVE-2013-1838 – Nova: DoS by allocating all Fixed IPs

https://notcve.org/view.php?id=CVE-2013-1838

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function. OpenStack Compute (Nova) Grizzly, Folsom (versión 2012.2) y Essex (versión 2012.1) no implementan apropiadamente una cuota para direcciones IP fijas, lo que permite a los usuarios autenticados remotos causar una denegación de servicio (agotamiento de recursos y fallo para crear nuevas instancias) por medio de un gran número de llamadas a la función addFixedIp. • http://osvdb.org/91303 http://rhn.redhat.com/errata/RHSA-2013-0709.html http://secunia.com/advisories/52580 http://secunia.com/advisories/52728 http://ubuntu.com/usn/usn-1771-1 http://www.openwall.com/lists/oss-security/2013/03/14/18 http://www.securityfocus.com/bid/58492 https://bugs.launchpad.net/nova/+bug/1125468 https://bugzilla.redhat.com/show_bug.cgi?id=919648 https://exchange.xforce.ibmcloud.com/vulnerabilities/82877 https://lists.launchpad.net/openstack& • CWE-399: Resource Management Errors •

CVSS: 6.0EPSS: 0%CPEs: 6EXPL: 0

CVE-2013-0335 – nova: VNC proxy can connect to the wrong VM

https://notcve.org/view.php?id=CVE-2013-0335

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port. OpenStack Compute (Nova) Grizzly, Folsom (v2012.2) y Essex (v2012.1) permite a usuarios remotos autenticados acceder a una máquina virtual en circunstancias oportunistas utilizando el token VNC para eliminar una máquina virtual que se dirigía al mismo puerto VNC. • http://rhn.redhat.com/errata/RHSA-2013-0709.html http://secunia.com/advisories/52337 http://secunia.com/advisories/52728 http://www.openwall.com/lists/oss-security/2013/02/26/7 http://www.osvdb.org/90657 http://www.ubuntu.com/usn/USN-1771-1 https://bugs.launchpad.net/nova/+bug/1125378 https://review.openstack.org/#/c/22086 https://review.openstack.org/#/c/22758 https://review.openstack.org/#/c/22872 https://access.redhat.com/security/cve • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 9%CPEs: 6EXPL: 1

CVE-2013-1664 – bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities

https://notcve.org/view.php?id=CVE-2013-1664

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. OpenStack Keystone Essex, Folsom, y Grizzly; Compute (Nova) Essex y Folsom, Folsom y Cinder permite a atacantes remotos provocar una denegación de servicio (consumo de recursos y caída) mediante un ataque de Entidad de expansión XML(XEE). • http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html http://bugs.python.org/issue17239 http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html http://rhn.redhat.com/errata/RHSA-2013-0657.html http://rhn.redhat.com/errata/RHSA-2013-0658.html http://rhn.redhat.com/errata/RHSA-2013-0670.html http://ubuntu.com/usn/usn-1757-1 http://www.openwall.com/lists/oss-security/2013/02/19/2 http://www.openwall.com/lists/oss-security • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2012-5625 – Nova: Information leak in libvirt LVM-backed instances

https://notcve.org/view.php?id=CVE-2012-5625

OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV). OpenStack Compute (Nova) Folsom antes de 2012.2.2 y Grizzly, cuando utiliza instancias con respaldo libvirt y LVM, no limpia adecuadamente el contenido del volumen físico (PV) cuando se reasignan las instancias, lo que permite a los atacantes obtener información sensible mediante la lectura de la memoria de la anterior volumen lógico (LV). • http://osvdb.org/88419 http://rhn.redhat.com/errata/RHSA-2013-0208.html http://www.openwall.com/lists/oss-security/2012/12/11/5 http://www.securityfocus.com/bid/56904 http://www.ubuntu.com/usn/USN-1663-1 https://bugs.launchpad.net/nova/+bug/1070539 https://bugzilla.redhat.com/show_bug.cgi?id=884293 https://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5f https://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354 https://launchpad.net/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •