CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-1572
https://notcve.org/view.php?id=CVE-2012-1572
12 Nov 2019 — OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space OpenStack Keystone: las contraseñas extremadamente largas pueden bloquear a Keystone mediante el agotamiento del espacio de la pila. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1572 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2013-2255
https://notcve.org/view.php?id=CVE-2013-2255
01 Nov 2019 — HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. HTTPSConnections en OpenStack Keystone versión 2013, OpenStack Compute versión 2013.1 y posiblemente otros componentes de OpenStack, no pueden comprobar los certificados SSL del lado del servidor. • https://access.redhat.com/security/cve/cve-2013-2255 • CWE-295: Improper Certificate Validation •
CVSS: 9.1EPSS: 1%CPEs: 2EXPL: 0CVE-2019-15753
https://notcve.org/view.php?id=CVE-2019-15753
28 Aug 2019 — In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py. En OpenStack os-vif ve... • http://www.openwall.com/lists/oss-security/2019/08/29/2 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2019-14433 – openstack-nova: Nova server resource faults leak external exception details
https://notcve.org/view.php?id=CVE-2019-14433
09 Aug 2019 — An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data. Se detectó un problema en OpenStack Nova en versiones anteriores a 17.0.12, versiones 18.x anteriores a 18.2.2, y versiones 19.x anteriores a 19.0.2. Si una petición de la API de un u... • http://www.openwall.com/lists/oss-security/2019/08/06/6 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2019-10141 – openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data
https://notcve.org/view.php?id=CVE-2019-10141
02 Jul 2019 — A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how... • https://access.redhat.com/errata/RHSA-2019:2505 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2016-7404
https://notcve.org/view.php?id=CVE-2016-7404
21 Jun 2019 — OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform. OpenStack Magnum pasa las credenciales de OpenStack a las plantillas Heat creando sus instancias. Si bien esto solo debe ser usado para recuperar los certificados SSL de las instancias, permiten el acceso total a la API, y ... • https://bugs.launchpad.net/magnum/+bug/1620536 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3895 – openstack-tripleo-common: Allows running new amphorae based on arbitrary images
https://notcve.org/view.php?id=CVE-2019-3895
03 Jun 2019 — An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image. Se descubrió un fallo de control de acceso en el servicio de Octavia cuando la plataforma en la nube se implementó con el Director de la plataf... • https://access.redhat.com/errata/RHSA-2019:1683 • CWE-284: Improper Access Control •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3147 – qcow format could expose host filesystem information
https://notcve.org/view.php?id=CVE-2011-3147
22 Apr 2019 — Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem. Las versiones de nova anteriores a 2012.1 podrían exponer los archivos de host de hipervisor a un sistema operativo invitado al procesar un sistema de archivos qcow construido de forma maliciosa. • http://bazaar.launchpad.net/~hudson-openstack/nova/trunk/revision/1604 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-10876 – openstack-neutron: DOS via broken port range merging in security group
https://notcve.org/view.php?id=CVE-2019-10876
05 Apr 2019 — An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected. Se ha descubierto un problema en OpenStack Neutron, en las versi... • http://www.openwall.com/lists/oss-security/2019/04/09/2 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-3830 – openstack-ceilometer: ceilometer-agent prints sensitive data from config files through log files
https://notcve.org/view.php?id=CVE-2019-3830
14 Mar 2019 — A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated. Se ha detectado una vulnerabilidad en ceilometer, en versiones anteriores a la 12.0.0.0rc1. Una exposición de información en ceilometer-agent imprime los datos sensibles de configuración en archivos de registro sin que esté activado el registro de DEBUG. A vulnerability was found in ceilometer where administrat... • https://access.redhat.com/errata/RHSA-2019:0919 • CWE-532: Insertion of Sensitive Information into Log File •