CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2140 – openstack-nova: Host data leak through resize/migration
https://notcve.org/view.php?id=CVE-2016-2140
08 Mar 2016 — The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. El controlador libvirt en OpenStack Compute (Nova) en versiones anteriores a 2015.1.4 (kilo) y 12.0.x en versiones anteriores a 12.0.3 (liberty), cuando usa almacenamiento en bruto y use_cow_images está establecido a false, permite ... • http://www.openwall.com/lists/oss-security/2016/03/08/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8749 – Ubuntu Security Notice USN-3449-1
https://notcve.org/view.php?id=CVE-2015-8749
15 Jan 2016 — The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors. La función volume_utils._parse_volume_info en OpenStack Compute (Nova) en versiones anteriores a 2015.1.3 (kilo) y 12.0.x en versiones anteriores a 12.0.1 (liberty) ... • http://www.openwall.com/lists/oss-security/2016/01/07/8 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7548 – openstack-nova: Unprivileged API user can access host data using instance snapshot
https://notcve.org/view.php?id=CVE-2015-7548
11 Jan 2016 — OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot. OpenStack Compute (Nova) en versiones anteriores a 2015.1.3 (kilo) y 12.0.x en versiones anteriores a 12.0.1 (liberty), cuando se utiliza libvirt para producir instancias y use_cow_images se establece en false, permit... • http://rhn.redhat.com/errata/RHSA-2016-0018.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2CVE-2012-3447
https://notcve.org/view.php?id=CVE-2012-3447
20 Aug 2012 — virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361. virt/disk/api.py en OpenStack Compute (Nova) v2012.1.x antes de v2012.1.2 y Folsom antes de Folsom-3 permite a usuarios remotos autenticados sobreescribir archivos de su elección... • http://www.openwall.com/lists/oss-security/2012/08/07/1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-2101
https://notcve.org/view.php?id=CVE-2012-2101
07 Jun 2012 — Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules. Openstack Compute (Nova) Folsom v2012.1 y v2011.3 no limitan el número de reglas de seguridad del grupo, lo que permite causar una denegación de servicio (excesivo consumo de CPU y de disco duro) a usuarios remot... • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079434.html • CWE-264: Permissions, Privileges, and Access Controls •