CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2013-4261 – OpenStack: openstack-nova-compute console-log DoS
https://notcve.org/view.php?id=CVE-2013-4261
04 Sep 2013 — OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log. En OpenStack Compute (Nova) Folsom, Grizzly, y anteriores, cuando se utiliza Apache Qpid para el backend RPC, no maneja adecuadamente los errore... • http://rhn.redhat.com/errata/RHSA-2013-1199.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-6120 – Puppet: Directory /var/log/puppet is world readable
https://notcve.org/view.php?id=CVE-2012-6120
05 Apr 2013 — Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files. Red Hat OpenStack Essex y Folsom crea el directorio /var/log/puppet con permisos de lectura para todos, lo que permite a usuarios locales obtener información sensible, como los archivos de registro de Puppet. Puppet allows provisioning, patching, and configuration of clients to be managed and automated. A flaw was found i... • http://rhn.redhat.com/errata/RHSA-2013-0710.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 1CVE-2013-1815 – packstack: answerfile creation permissions issue
https://notcve.org/view.php?id=CVE-2013-1815
21 Mar 2013 — PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file. PackStack 03/02/2012 en Red Hat OpenStack Essex y Folsom se puede crear el archivo de respuesta en los directorios inseguros como /tmp o en el directorio de trabajo actual, que permite a usuarios locales modificar los sistemas desplegados cambiando de este archivo. PackStack is a c... • http://rhn.redhat.com/errata/RHSA-2013-0671.html • CWE-255: Credentials Management Errors •