Page 45 of 255 results (0.010 seconds)

CVSS: 6.0EPSS: 0%CPEs: 6EXPL: 0

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port. OpenStack Compute (Nova) Grizzly, Folsom (v2012.2) y Essex (v2012.1) permite a usuarios remotos autenticados acceder a una máquina virtual en circunstancias oportunistas utilizando el token VNC para eliminar una máquina virtual que se dirigía al mismo puerto VNC. • http://rhn.redhat.com/errata/RHSA-2013-0709.html http://secunia.com/advisories/52337 http://secunia.com/advisories/52728 http://www.openwall.com/lists/oss-security/2013/02/26/7 http://www.osvdb.org/90657 http://www.ubuntu.com/usn/USN-1771-1 https://bugs.launchpad.net/nova/+bug/1125378 https://review.openstack.org/#/c/22086 https://review.openstack.org/#/c/22758 https://review.openstack.org/#/c/22872 https://access.redhat.com/security/cve • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0

OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token. OpenStack Keystone Folsom (2012.2) no lleva a cabo todas las comprobaciones de revocación de tokens Keystone PKI cuando se hace a través de un servidor, lo que permite a atacantes remotos evitar las restricciones de acceso destinados a través de un token de revocar PKI. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101719.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00000.html http://osvdb.org/91532 http://rhn.redhat.com/errata/RHSA-2013-0708.html http://secunia.com/advisories/52657 http://www.openwall.com/lists/oss-security/2013/03/20/13 http://www.securityfocus.com/bid/58616 http://www.ubuntu.com/usn/USN-1772-1 https://bugs.launchpad.net/keystone/+bug/1129713 https://review.openstack.org/# • CWE-285: Improper Authorization CWE-287: Improper Authentication •

CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0

The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image. La API v1 en OpenStack Vistazo Essex (2012.1), Folsom (2012.2) y Grizzly, al utilizar el 'single-tenant Swift' o la tienda S3, informa el campo de ubicación, lo que permite obtener las credenciales del back-end del operador a usuarios remotos autenticados a través de una solicitud de una imagen almacenada en caché. • http://osvdb.org/91304 http://rhn.redhat.com/errata/RHSA-2013-0707.html http://secunia.com/advisories/52565 http://www.openwall.com/lists/oss-security/2013/03/14/15 http://www.securityfocus.com/bid/58490 http://www.ubuntu.com/usn/USN-1764-1 https://bugs.launchpad.net/glance/+bug/1135541 https://exchange.xforce.ibmcloud.com/vulnerabilities/82878 https://review.openstack.org/#/c/24437 https://review.openstack.org/#/c/24438 https://review.openstack.org&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0

(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. (1) installer/basedefs.py y (2) modules/ospluginutils.py en PackStack permite a los usuarios locales sobreescribir ficheros de su elección mediante un ataque de enlaces simbólicos en un archivo temporal con un nombre predecible en /tmp. • http://rhn.redhat.com/errata/RHSA-2013-0595.html https://bugzilla.redhat.com/show_bug.cgi?id=908101 https://access.redhat.com/security/cve/CVE-2013-0261 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files. manifests/base.pp en el módulo puppetlabs-cinder, tal como se utiliza en PackStack le da permisos de lectura para todo el mundo a los archovs de configuración (1) cinder.conf y (2) api-paste.ini, lo que permite a usuarios locales leer contraseñas de administarción de OpenStack mediante la lectura de dichos archivos. • http://rhn.redhat.com/errata/RHSA-2013-0595.html https://bugzilla.redhat.com/show_bug.cgi?id=908581 https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc https://access.redhat.com/security/cve/CVE-2013-0266 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •