CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 2CVE-2011-4076
https://notcve.org/view.php?id=CVE-2011-4076
26 Nov 2019 — OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY. OpenStack Nova versiones anteriores a 2012.1, permite a alguien con acceso a una EC2_ACCESS_KEY (equivalente a un nombre de usuario... • https://access.redhat.com/security/cve/cve-2011-4076 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3147 – qcow format could expose host filesystem information
https://notcve.org/view.php?id=CVE-2011-3147
22 Apr 2019 — Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem. Las versiones de nova anteriores a 2012.1 podrían exponer los archivos de host de hipervisor a un sistema operativo invitado al procesar un sistema de archivos qcow construido de forma maliciosa. • http://bazaar.launchpad.net/~hudson-openstack/nova/trunk/revision/1604 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2140 – openstack-nova: Host data leak through resize/migration
https://notcve.org/view.php?id=CVE-2016-2140
08 Mar 2016 — The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. El controlador libvirt en OpenStack Compute (Nova) en versiones anteriores a 2015.1.4 (kilo) y 12.0.x en versiones anteriores a 12.0.3 (liberty), cuando usa almacenamiento en bruto y use_cow_images está establecido a false, permite ... • http://www.openwall.com/lists/oss-security/2016/03/08/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8749 – Ubuntu Security Notice USN-3449-1
https://notcve.org/view.php?id=CVE-2015-8749
15 Jan 2016 — The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors. La función volume_utils._parse_volume_info en OpenStack Compute (Nova) en versiones anteriores a 2015.1.3 (kilo) y 12.0.x en versiones anteriores a 12.0.1 (liberty) ... • http://www.openwall.com/lists/oss-security/2016/01/07/8 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7548 – openstack-nova: Unprivileged API user can access host data using instance snapshot
https://notcve.org/view.php?id=CVE-2015-7548
11 Jan 2016 — OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot. OpenStack Compute (Nova) en versiones anteriores a 2015.1.3 (kilo) y 12.0.x en versiones anteriores a 12.0.1 (liberty), cuando se utiliza libvirt para producir instancias y use_cow_images se establece en false, permit... • http://rhn.redhat.com/errata/RHSA-2016-0018.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2012-1585
https://notcve.org/view.php?id=CVE-2012-1585
17 Aug 2012 — OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name. OpenStack Compute (Nova) Essex antes de v2011.3 permite a usuarios remotos autenticados provocar una denegación de servicio (por consumo de disco al actualizar el fichero de log de Nova-API) a través de un nombre de servidor demasiado largo. • http://lwn.net/Alerts/491298 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-2101
https://notcve.org/view.php?id=CVE-2012-2101
07 Jun 2012 — Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules. Openstack Compute (Nova) Folsom v2012.1 y v2011.3 no limitan el número de reglas de seguridad del grupo, lo que permite causar una denegación de servicio (excesivo consumo de CPU y de disco duro) a usuarios remot... • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079434.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-0030
https://notcve.org/view.php?id=CVE-2012-0030
13 Jan 2012 — Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter. Nova v2011.3 y Essex, cuando usan la API OpenStack, permite a usuarios remotos autenticados eludir las restricciones de acceso mediante una solicitud con un parámetro URI project_id modificado. • http://secunia.com/advisories/47543 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2011-4596
https://notcve.org/view.php?id=CVE-2011-4596
23 Dec 2011 — Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest. Múltiples vulnerabilidades de salto de directorio en OpenStack Nova anterior a v2011.3.1, cuando el EC2 API y el método S3/RegisterImage image-registration están habilitados, cuando está habilitado register_globals, permite que usuarios remotos a... • https://bugs.launchpad.net/nova/+bug/885167 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •