CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4183 – OpenStack: Cinder LVM volume driver does not support secure deletion
https://notcve.org/view.php?id=CVE-2013-4183
The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors. La función clear_volume en el driver LVMVolumeDriver en OpenStack Cinder 2013.1.1 a 2013.1.2 no limpia correctamente datos al borrar una captura, lo cual permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2013-1198.html http://www.ubuntu.com/usn/USN-2005-1 https://bugs.launchpad.net/cinder/+bug/1198185 https://access.redhat.com/security/cve/CVE-2013-4183 https://bugzilla.redhat.com/show_bug.cgi?id=994355 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4202 – OpenStack: Cinder Denial of Service using XML entities
https://notcve.org/view.php?id=CVE-2013-4202
The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664. El (1) backup (api/contrib/backups.py) y (2) el APIs de transferencia de almacenamiento (contrib/volume_transfer.py) en OpenStack Cinder Grizzly 2013.1.3 y anteriores permite a atacantes remotos provocar una denegación de servicio (consumo de recursos y caída) a través de un ataque XML Entity Expansion (XEE). NOTA: esta cuestión es debido a una solución incompleta del CVE-2013-1664. • http://rhn.redhat.com/errata/RHSA-2013-1198.html http://www.ubuntu.com/usn/USN-2005-1 https://bugs.launchpad.net/ossa/+bug/1190229 https://access.redhat.com/security/cve/CVE-2013-4202 https://bugzilla.redhat.com/show_bug.cgi?id=991630 • CWE-399: Resource Management Errors •
CVSS: 5.8EPSS: 0%CPEs: 10EXPL: 0CVE-2013-4111 – OpenStack: python-glanceclient failing SSL certificate check
https://notcve.org/view.php?id=CVE-2013-4111
The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. La biblioteca cliente Python para Glance (python-glanceclient) anterior a v0.10.0 no comprueba correctamente el valor preverify_ok, lo que impide que el nombre del servidor sea verificado con un nombre de dominio en el nombre común del sujeto (CN) o el campo subjectAltName de un certificado X.509, permitiendo a los atacantes de hombre-en-medio (man-in-the-middle) falsificar servidores SSL mediante un certificado valido de su elección. • http://lists.opensuse.org/opensuse-updates/2013-08/msg00019.html http://rhn.redhat.com/errata/RHSA-2013-1200.html http://secunia.com/advisories/54313 http://secunia.com/advisories/54525 http://www.ubuntu.com/usn/USN-2004-1 https://bugs.launchpad.net/ossa/+bug/1192229 https://github.com/openstack/python-glanceclient/blob/master/doc/source/index.rst https://access.redhat.com/security/cve/CVE-2013-4111 https://bugzilla.redhat.com/show_bug.cgi?id=989738 • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •
CVSS: 4.0EPSS: 0%CPEs: 35EXPL: 0CVE-2013-4155 – OpenStack: Swift Denial of Service using superfluous object tombstones
https://notcve.org/view.php?id=CVE-2013-4155
OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected. OpenStack Swift nateior a 1.9.1 en Folsom, Grizzly, y Havana, permite a usuarios autenticados provocar una denegación de servicio (consumo superfluo de tombstone y desaceleración del clúster Swift) a través de una petición DELETE con un timestamp que es más antiguo que el esperado. • http://rhn.redhat.com/errata/RHSA-2013-1197.html http://www.debian.org/security/2012/dsa-2737 http://www.openwall.com/lists/oss-security/2013/08/07/6 http://www.ubuntu.com/usn/USN-2001-1 https://bugs.launchpad.net/swift/+bug/1196932 https://review.openstack.org/#/c/40643 https://review.openstack.org/#/c/40645 https://review.openstack.org/#/c/40646 https://access.redhat.com/security/cve/CVE-2013-4155 https://bugzilla.redhat.com/show_bug. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2013-2167 – python-keystoneclient: middleware memcache encryption and signing bypass
https://notcve.org/view.php?id=CVE-2013-2167
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass python-keystoneclient versiones 0.2.3 hasta la versión 0.2.5, tiene una omisión de firma de memcache de middleware. • http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html http://rhn.redhat.com/errata/RHSA-2013-0992.html http://www.openwall.com/lists/oss-security/2013/06/19/5 http://www.securityfocus.com/bid/60680 https://access.redhat.com/security/cve/cve-2013-2167 https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-2167 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2167 https://exchange.xforce.ibmcloud.com/vulnerabilities/85492 https://security-tracker.de • CWE-345: Insufficient Verification of Data Authenticity CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •