CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 2CVE-2012-3361
https://notcve.org/view.php?id=CVE-2012-3361
22 Jul 2012 — virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image. virt/disk/api.py en OpenStack Compute (Nova) Folsom (2.012,2), Essex (2.012,1) y Diablo (2.011,3) permite a usuarios remotos autenticados sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico un archivo en una imagen. • http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 2CVE-2012-2654
https://notcve.org/view.php?id=CVE-2012-2654
21 Jun 2012 — The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions. Las APIs (1) EC2 y (2) OS en OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1) y Diablo (2011.3) no comprueban correctamente el protocolo cuando se crean grupos de seguridad y el protocolo de r... • http://secunia.com/advisories/46808 • CWE-20: Improper Input Validation •