Page 4 of 18 results (0.004 seconds)

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2

virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image. virt/disk/api.py en OpenStack Compute (Nova) Folsom (2.012,2), Essex (2.012,1) y Diablo (2.011,3) permite a usuarios remotos autenticados sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico un archivo en una imagen. • http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html http://secunia.com/advisories/49763 http://secunia.com/advisories/49802 http://www.securityfocus.com/bid/54278 http://www.ubuntu.com/usn/USN-1497-1 https://bugs.launchpad.net/nova/+bug/1015531 https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7 https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 2

The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions. Las APIs (1) EC2 y (2) OS en OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1) y Diablo (2011.3) no comprueban correctamente el protocolo cuando se crean grupos de seguridad y el protocolo de red no se ha especificado por completo en minúsculas, lo que permite a atacantes remotos eludir restricciones de acceso. • http://secunia.com/advisories/46808 http://secunia.com/advisories/49439 http://www.ubuntu.com/usn/USN-1466-1 https://bugs.launchpad.net/nova/+bug/985184 https://exchange.xforce.ibmcloud.com/vulnerabilities/76110 https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978 https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654 https://lists.launchpad.net/openstack/msg12883.html https://review.openstack.org/#/c/8239 • CWE-20: Improper Input Validation •

CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0

Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter. Nova v2011.3 y Essex, cuando usan la API OpenStack, permite a usuarios remotos autenticados eludir las restricciones de acceso mediante una solicitud con un parámetro URI project_id modificado. • http://secunia.com/advisories/47543 http://www.securityfocus.com/bid/51370 http://www.ubuntu.com/usn/USN-1326-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/72296 https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0 https://lists.launchpad.net/openstack/msg06648.html • CWE-264: Permissions, Privileges, and Access Controls •