18 results (0.009 seconds)

CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function. OpenStack Compute (Nova) Grizzly, Folsom (versión 2012.2) y Essex (versión 2012.1) no implementan apropiadamente una cuota para direcciones IP fijas, lo que permite a los usuarios autenticados remotos causar una denegación de servicio (agotamiento de recursos y fallo para crear nuevas instancias) por medio de un gran número de llamadas a la función addFixedIp. • http://osvdb.org/91303 http://rhn.redhat.com/errata/RHSA-2013-0709.html http://secunia.com/advisories/52580 http://secunia.com/advisories/52728 http://ubuntu.com/usn/usn-1771-1 http://www.openwall.com/lists/oss-security/2013/03/14/18 http://www.securityfocus.com/bid/58492 https://bugs.launchpad.net/nova/+bug/1125468 https://bugzilla.redhat.com/show_bug.cgi?id=919648 https://exchange.xforce.ibmcloud.com/vulnerabilities/82877 https://lists.launchpad.net/openstack& • CWE-399: Resource Management Errors •

CVSS: 6.0EPSS: 0%CPEs: 6EXPL: 0

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port. OpenStack Compute (Nova) Grizzly, Folsom (v2012.2) y Essex (v2012.1) permite a usuarios remotos autenticados acceder a una máquina virtual en circunstancias oportunistas utilizando el token VNC para eliminar una máquina virtual que se dirigía al mismo puerto VNC. • http://rhn.redhat.com/errata/RHSA-2013-0709.html http://secunia.com/advisories/52337 http://secunia.com/advisories/52728 http://www.openwall.com/lists/oss-security/2013/02/26/7 http://www.osvdb.org/90657 http://www.ubuntu.com/usn/USN-1771-1 https://bugs.launchpad.net/nova/+bug/1125378 https://review.openstack.org/#/c/22086 https://review.openstack.org/#/c/22758 https://review.openstack.org/#/c/22872 https://access.redhat.com/security/cve • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0

The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image. La API v1 en OpenStack Vistazo Essex (2012.1), Folsom (2012.2) y Grizzly, al utilizar el 'single-tenant Swift' o la tienda S3, informa el campo de ubicación, lo que permite obtener las credenciales del back-end del operador a usuarios remotos autenticados a través de una solicitud de una imagen almacenada en caché. • http://osvdb.org/91304 http://rhn.redhat.com/errata/RHSA-2013-0707.html http://secunia.com/advisories/52565 http://www.openwall.com/lists/oss-security/2013/03/14/15 http://www.securityfocus.com/bid/58490 http://www.ubuntu.com/usn/USN-1764-1 https://bugs.launchpad.net/glance/+bug/1135541 https://exchange.xforce.ibmcloud.com/vulnerabilities/82878 https://review.openstack.org/#/c/24437 https://review.openstack.org/#/c/24438 https://review.openstack.org&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0

(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. (1) installer/basedefs.py y (2) modules/ospluginutils.py en PackStack permite a los usuarios locales sobreescribir ficheros de su elección mediante un ataque de enlaces simbólicos en un archivo temporal con un nombre predecible en /tmp. • http://rhn.redhat.com/errata/RHSA-2013-0595.html https://bugzilla.redhat.com/show_bug.cgi?id=908101 https://access.redhat.com/security/cve/CVE-2013-0261 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files. manifests/base.pp en el módulo puppetlabs-cinder, tal como se utiliza en PackStack le da permisos de lectura para todo el mundo a los archovs de configuración (1) cinder.conf y (2) api-paste.ini, lo que permite a usuarios locales leer contraseñas de administarción de OpenStack mediante la lectura de dichos archivos. • http://rhn.redhat.com/errata/RHSA-2013-0595.html https://bugzilla.redhat.com/show_bug.cgi?id=908581 https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc https://access.redhat.com/security/cve/CVE-2013-0266 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •