CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2013-2096
https://notcve.org/view.php?id=CVE-2013-2096
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data. Folsom, Grizzly y Havana de OpenStack Compute (Nova), no comprueba el tamaño virtual de una imagen QCOW2, lo que permite a los usuarios locales causar una denegación de servicio (consumo de disco del sistema de archivos host) creando una imagen con un gran tamaño virtual que sí, no contiene una gran cantidad de datos. • http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html http://www.securityfocus.com/bid/59924 http://www.ubuntu.com/usn/USN-1831-1 https://review.openstack.org/#/c/28717 https://review.openstack.org/#/c/28901 https://review.openstack.org/#/c/29192 • CWE-399: Resource Management Errors •
CVSS: 6.0EPSS: 1%CPEs: 2EXPL: 1CVE-2013-2059
https://notcve.org/view.php?id=CVE-2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token. OpenStack Identity (Keystone) Folsom 2012.2.4 y anteriores, Grizzly anterior a 2013.1.1, y Havana no revocan inmediatamente el token de autenticación cuando se elimina un usuario a través de la API Keystone v2, lo que permite a usuarios autenticados remotamente mantener el acceso a través del token. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00085.html http://osvdb.org/93134 http://secunia.com/advisories/53326 http://secunia.com/advisories/53339 http://www.openwall.com/lists/oss-security/2013/05/09/3 http://www.openwall.com/lists/oss-security/2013/05/09/4 http://www.securityfocus.com/bid/59787 https:/ • CWE-287: Improper Authentication •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 1CVE-2013-2006 – keystone: DEBUG level LDAP password disclosure in log files
https://notcve.org/view.php?id=CVE-2013-2006
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file. OpenStack Identity (Keystone) Grizzly 2013.1.1 cuando el modo DEBUG para el login está activado, registra (1) admin_token and (2) LDAP password en texto plano, lo que permite a usuarios locales obtener información sensible leyendo el archivo de log. • https://github.com/LogSec/CVE-2013-2006 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html http://rhn.redhat.com/errata/RHSA-2013-0806.html http://www.openwall.com/lists/oss-security/2013/04/24/1 http://www.openwall.com/lists/oss-security/2013/04/24/2 http://www.securityfocus.com/bid/59411 https://bugs.launchpad.net/keystone/+bug/1172195 https://bugs.launchpad.net • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 0CVE-2013-0270 – Keystone: Large HTTP request DoS
https://notcve.org/view.php?id=CVE-2013-0270
OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token. OpenStack Keystone Grizzly antes de v2013.1, Folsom, y posiblemente versiones anteriores permite a atacantes remotos provocar una denegación de servicio (excesivo consumo de memoria y CPU) a través de una petición HTTP demasiado larga, tal y como lo demuestra un tenant_name demasiado largo al solicitar un token. • http://rhn.redhat.com/errata/RHSA-2013-0708.html https://bugs.launchpad.net/keystone/+bug/1099025 https://bugzilla.redhat.com/show_bug.cgi?id=909012 https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8 https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc https://launchpad.net/keystone/grizzly/2013.1 https://access.redhat.com/security/cve/CVE-2013-0270 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0CVE-2013-1838 – Nova: DoS by allocating all Fixed IPs
https://notcve.org/view.php?id=CVE-2013-1838
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function. OpenStack Compute (Nova) Grizzly, Folsom (versión 2012.2) y Essex (versión 2012.1) no implementan apropiadamente una cuota para direcciones IP fijas, lo que permite a los usuarios autenticados remotos causar una denegación de servicio (agotamiento de recursos y fallo para crear nuevas instancias) por medio de un gran número de llamadas a la función addFixedIp. • http://osvdb.org/91303 http://rhn.redhat.com/errata/RHSA-2013-0709.html http://secunia.com/advisories/52580 http://secunia.com/advisories/52728 http://ubuntu.com/usn/usn-1771-1 http://www.openwall.com/lists/oss-security/2013/03/14/18 http://www.securityfocus.com/bid/58492 https://bugs.launchpad.net/nova/+bug/1125468 https://bugzilla.redhat.com/show_bug.cgi?id=919648 https://exchange.xforce.ibmcloud.com/vulnerabilities/82877 https://lists.launchpad.net/openstack& • CWE-399: Resource Management Errors •