CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2014-7230 – Trove: potential leak of passwords into log files
https://notcve.org/view.php?id=CVE-2014-7230
08 Oct 2014 — The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log. La función processutils.execute en OpenStack oslo-incubator, Cinder, Nova, y Trove anterior a 2013.2.4 y 2014.1 anterior a 2014.1.3 permite a usuarios locales obtener contraseñas de comandos que causan un error de ejecución de proceso (ProcessExecutionError) mediante la lec... • http://rhn.redhat.com/errata/RHSA-2014-1939.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2014-7231 – Trove: potential leak of passwords into log files
https://notcve.org/view.php?id=CVE-2014-7231
08 Oct 2014 — The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log. La función strutils.mask_password en la libraría de utilidades de OpenStack Oslo, Cinder, Nova, y Trove anterior a 2013.2.4 y 2014.1 anterior a 2014.1.3 no enmasca debidamente contraseñas cuando registra comandos, lo que permite a usuarios locales o... • http://rhn.redhat.com/errata/RHSA-2014-1939.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2014-3615 – Qemu: information leakage when guest sets high resolution
https://notcve.org/view.php?id=CVE-2014-3615
06 Oct 2014 — The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. El emulador VGA en QEMU permite a usuarios locales invitados leer la memoria del anfitrión mediante la configuración de la pantalla a una resolución alta. An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display t... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ab9509cceabef28071e41bdfa073083859c949a7 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2014-3621 – openstack-keystone: configuration data information leak through Keystone catalog
https://notcve.org/view.php?id=CVE-2014-3621
02 Oct 2014 — The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field. El reemplazo de la URL catalog en OpenStack Identity (Keystone) anterior a versión 2013.2.3 y versiones 2014.1 anteriores a 2014.1.2.1, permite a los usuarios autenticados remotos leer opciones de configuración confidenciales por medio de ... • http://rhn.redhat.com/errata/RHSA-2014-1688.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •