CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2014-3608 – openstack-nova: incomplete fix for CVE-2014-2573, Nova VMware driver still leaks rescued images
https://notcve.org/view.php?id=CVE-2014-3608
06 Oct 2014 — The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573. El controlador VMWare en OpenStack Compute (Nova) anterior a 2014.1.3 permite a usuarios remotos autenticados evadir la límite de la cuota y... • http://rhn.redhat.com/errata/RHSA-2014-1781.html • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3517 – openstack-nova: timing attack issue allows access to other instances' configuration information
https://notcve.org/view.php?id=CVE-2014-3517
24 Jul 2014 — api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests. api/metadata/handler.py en OpenStack Compute (Nova) anterior a 2013.2.4, 2014.x anterior a 2014.1.2 y Juno anterior a Juno-2, cuando redirige las solicitudes de metadatos a t... • http://www.openwall.com/lists/oss-security/2014/07/17/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-385: Covert Timing Channel •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6437 – openstack-nova: DoS through ephemeral disk backing files
https://notcve.org/view.php?id=CVE-2013-6437
04 Mar 2014 — The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file. El controlador libvirt en OpenStack Compute (Nova) anterior a 2013.2.2 y icehouse anterior a icehouse-2 permite a usuarios remotos autenticados causar una denegación de servicio (consumo de disco) mediante... • http://lists.openstack.org/pipermail/openstack-announce/2013-December/000179.html • CWE-399: Resource Management Errors •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 1CVE-2013-7048 – Nova: insecure directory permissions in snapshots
https://notcve.org/view.php?id=CVE-2013-7048
23 Jan 2014 — OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots. OpenStack Compute (Nova) Grizzly 2013.1.4,, La Habana 2013.2.1, y anteriores utilizan con permiso de escritura y lectura universal para el directorio temporal usado para almacenar las instantáneas en vivo (snapshots), lo que permite a usuarios locales leer y modificar in... • http://rhn.redhat.com/errata/RHSA-2014-0231.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2013-2256 – OpenStack: Nova private flavors resource limit circumvention
https://notcve.org/view.php?id=CVE-2013-2256
04 Sep 2013 — OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id. OpenStack Compute (Nova) anterior a 2013.1.3 y Havana anterior havana-2 no fuerza apropiadamente la propiedad "os-flavor-access:is_public" lo que permite a usuarios remotos autenticados obt... • http://rhn.redhat.com/errata/RHSA-2013-1199.html • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 3%CPEs: 6EXPL: 1CVE-2013-1664 – bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1664
03 Apr 2013 — The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. OpenStack Keystone Essex, Folsom, y Grizzly; Compute (Nova) Essex y Folsom, Folsom y Cinder permite a atacantes remotos provocar una denegación de servicio (consumo de recursos y c... • http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2CVE-2012-3447
https://notcve.org/view.php?id=CVE-2012-3447
20 Aug 2012 — virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361. virt/disk/api.py en OpenStack Compute (Nova) v2012.1.x antes de v2012.1.2 y Folsom antes de Folsom-3 permite a usuarios remotos autenticados sobreescribir archivos de su elección... • http://www.openwall.com/lists/oss-security/2012/08/07/1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2012-1585
https://notcve.org/view.php?id=CVE-2012-1585
17 Aug 2012 — OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name. OpenStack Compute (Nova) Essex antes de v2011.3 permite a usuarios remotos autenticados provocar una denegación de servicio (por consumo de disco al actualizar el fichero de log de Nova-API) a través de un nombre de servidor demasiado largo. • http://lwn.net/Alerts/491298 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-2101
https://notcve.org/view.php?id=CVE-2012-2101
07 Jun 2012 — Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules. Openstack Compute (Nova) Folsom v2012.1 y v2011.3 no limitan el número de reglas de seguridad del grupo, lo que permite causar una denegación de servicio (excesivo consumo de CPU y de disco duro) a usuarios remot... • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079434.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-0030
https://notcve.org/view.php?id=CVE-2012-0030
13 Jan 2012 — Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter. Nova v2011.3 y Essex, cuando usan la API OpenStack, permite a usuarios remotos autenticados eludir las restricciones de acceso mediante una solicitud con un parámetro URI project_id modificado. • http://secunia.com/advisories/47543 • CWE-264: Permissions, Privileges, and Access Controls •