CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2140 – openstack-nova: Host data leak through resize/migration
https://notcve.org/view.php?id=CVE-2016-2140
08 Mar 2016 — The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. El controlador libvirt en OpenStack Compute (Nova) en versiones anteriores a 2015.1.4 (kilo) y 12.0.x en versiones anteriores a 12.0.3 (liberty), cuando usa almacenamiento en bruto y use_cow_images está establecido a false, permite ... • http://www.openwall.com/lists/oss-security/2016/03/08/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8749 – Ubuntu Security Notice USN-3449-1
https://notcve.org/view.php?id=CVE-2015-8749
15 Jan 2016 — The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors. La función volume_utils._parse_volume_info en OpenStack Compute (Nova) en versiones anteriores a 2015.1.3 (kilo) y 12.0.x en versiones anteriores a 12.0.1 (liberty) ... • http://www.openwall.com/lists/oss-security/2016/01/07/8 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7548 – openstack-nova: Unprivileged API user can access host data using instance snapshot
https://notcve.org/view.php?id=CVE-2015-7548
11 Jan 2016 — OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot. OpenStack Compute (Nova) en versiones anteriores a 2015.1.3 (kilo) y 12.0.x en versiones anteriores a 12.0.1 (liberty), cuando se utiliza libvirt para producir instancias y use_cow_images se establece en false, permit... • http://rhn.redhat.com/errata/RHSA-2016-0018.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7713 – openstack-nova: network security group changes are not applied to running instances
https://notcve.org/view.php?id=CVE-2015-7713
29 Oct 2015 — OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made. OpenStack Compute (Nova) en versiones anteriores a 2014.2.4 (juno) y 2015.1.x en versiones anteriores a 2015.1.2 (kilo) no aplica correctamente los cambios de grupos de seguridad, lo que permite a atacantes remotos eludir las restricciones previstas me... • http://rhn.redhat.com/errata/RHSA-2015-2684.html • CWE-254: 7PK - Security Features CWE-285: Improper Authorization •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-3280 – openstack-nova: Deleting instances in resize state fails
https://notcve.org/view.php?id=CVE-2015-3280
16 Oct 2015 — OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. OpenStack Compute (nova) en versiones anteriores a 2014.2.4 (juno) y 2015.1.x en versiones anteriores a 2015.1.2 (kilo) no elimina adecuadamente casos desde los nodos de cómputo, lo que permite a usuarios remotos autenticados provocar u... • http://rhn.redhat.com/errata/RHSA-2015-1898.html • CWE-399: Resource Management Errors CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.8EPSS: 2%CPEs: 2EXPL: 0CVE-2015-3241 – openstack-nova: Nova instance migration process does not stop when instance is deleted
https://notcve.org/view.php?id=CVE-2015-3241
04 Sep 2015 — OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance. Vulnerabilidad en OpenStack Compute (nova) 2015.1 hasta la versión 2015.1.1, 2014.2.3 y anteriores, no detiene el proceso de migración cuando se borra la instancia, lo que permite a usuarios remotos autenticados ca... • http://rhn.redhat.com/errata/RHSA-2015-1723.html • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-0259 – openstack-nova: console Cross-Site WebSocket hijacking
https://notcve.org/view.php?id=CVE-2015-0259
01 Apr 2015 — OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage. OpenStack Compute (Nova) anterior a 2014.1.4, 2014.2.x anterior a 2014.2.3, y kilo anterior a kilo-3 no valida el origen de las solicitudes websocket, lo que permite a atacantes remotos secuestrar la autenticación de usuarios para el acceso a consolas a t... • http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2014-3708 – openstack-nova: Nova network denial of service through API filtering
https://notcve.org/view.php?id=CVE-2014-3708
31 Oct 2014 — OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request. OpenStack Compute (Nova) anterior a 2014.1.4 y 2014.2.x anterior a 2014.2.1 permite a usuarios remotos autenticados causar una denegación de servicio (consumo de CPU) a través de un filtro IP en una solicitud API para listar servidores activos. A denial of service flaw was found in the way OpenStack Compu... • http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3517 – openstack-nova: timing attack issue allows access to other instances' configuration information
https://notcve.org/view.php?id=CVE-2014-3517
24 Jul 2014 — api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests. api/metadata/handler.py en OpenStack Compute (Nova) anterior a 2013.2.4, 2014.x anterior a 2014.1.2 y Juno anterior a Juno-2, cuando redirige las solicitudes de metadatos a t... • http://www.openwall.com/lists/oss-security/2014/07/17/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-385: Covert Timing Channel •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-2101
https://notcve.org/view.php?id=CVE-2012-2101
07 Jun 2012 — Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules. Openstack Compute (Nova) Folsom v2012.1 y v2011.3 no limitan el número de reglas de seguridad del grupo, lo que permite causar una denegación de servicio (excesivo consumo de CPU y de disco duro) a usuarios remot... • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079434.html • CWE-264: Permissions, Privileges, and Access Controls •