CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1851 – openstack-cinder: Host file disclosure through qcow2 backing file
https://notcve.org/view.php?id=CVE-2015-1851
19 Jun 2015 — OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command. OpenStack Cinder anterior a 2014.1.5 (icehouse), 2014.2.x anterior a 2014.2.4 (juno), y 2015.1.x anterior a 2015.1.1 (kilo) permite a usuarios remotos autenticados leer ficheros arbitrarios a través de una firma qcow2 manipulada en una imagen en el comando 'subir a ... • http://lists.openstack.org/pipermail/openstack-announce/2015-June/000367.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-0162 – openstack-glance: remote code execution in Glance Sheepdog backend
https://notcve.org/view.php?id=CVE-2014-0162
27 Apr 2014 — The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location. El backend Sheepdog en OpenStack Image Registry and Delivery Service (Glance) 2013.2 anterior a 2013.2.4 y icehouse anterior a icehouse-rc2 permite a usuarios remotos autenticados con permiso insertar o modificar un imagen para ejecutar comando... • http://rhn.redhat.com/errata/RHSA-2014-0455.html • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2014-0167 – openstack-nova: RBAC policy not properly enforced in Nova EC2 API
https://notcve.org/view.php?id=CVE-2014-0167
15 Apr 2014 — The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests. En la implementación del grupo de seguridad Nova EC2 API en OpenStack Compute (Nova) 2013.1 anterior a 2013.2.4 y icehouse anteior iceho... • http://www.openwall.com/lists/oss-security/2014/04/09/26 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 9.1EPSS: 2%CPEs: 8EXPL: 0CVE-2013-7130 – nova: Live migration can leak root disk into ephemeral storage
https://notcve.org/view.php?id=CVE-2013-7130
06 Feb 2014 — The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage. El método i_create_images_and_backing (también conocido como create_images_and_backing) en el driver libvirt en OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, cuando hace uso... • http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •