CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2013-2255
https://notcve.org/view.php?id=CVE-2013-2255
01 Nov 2019 — HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. HTTPSConnections en OpenStack Keystone versión 2013, OpenStack Compute versión 2013.1 y posiblemente otros componentes de OpenStack, no pueden comprobar los certificados SSL del lado del servidor. • https://access.redhat.com/security/cve/cve-2013-2255 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2014-0167 – openstack-nova: RBAC policy not properly enforced in Nova EC2 API
https://notcve.org/view.php?id=CVE-2014-0167
15 Apr 2014 — The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests. En la implementación del grupo de seguridad Nova EC2 API en OpenStack Compute (Nova) 2013.1 anterior a 2013.2.4 y icehouse anteior iceho... • http://www.openwall.com/lists/oss-security/2014/04/09/26 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 9.1EPSS: 2%CPEs: 8EXPL: 0CVE-2013-7130 – nova: Live migration can leak root disk into ephemeral storage
https://notcve.org/view.php?id=CVE-2013-7130
06 Feb 2014 — The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage. El método i_create_images_and_backing (también conocido como create_images_and_backing) en el driver libvirt en OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, cuando hace uso... • http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2013-2030
https://notcve.org/view.php?id=CVE-2013-2030
27 Dec 2013 — keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora. keystone/middleware/auth_token.py en OpenStack Nova Folsom, Grizzly, y Havana, utiliza un directorio temporal inseguro para almacenar certificados de firma, lo cual permite a usuarios locales impersonar... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2013-4185 – OpenStack: Nova network source security groups denial of service
https://notcve.org/view.php?id=CVE-2013-4185
04 Sep 2013 — Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests. Vulnerabilidad de la complejidad algorítmica en OpenStack Compute (Nova) anteriores 03/01/2013 y Havana anterior a habana-3 no controla c... • http://rhn.redhat.com/errata/RHSA-2013-1199.html • CWE-310: Cryptographic Issues •