3786 matches found
Ubuntu 12.04 LTS / 12.10 / 13.04 : nova vulnerabilities (USN-2000-1)
It was discovered that Nova did not properly enforce the ispublic property when determining flavor access. An authenticated attacker could exploit this to obtain sensitive information in private flavors. This issue only affected Ubuntu 12.10 and 13.10. CVE-2013-2256, CVE-2013-4278 Grant Murphy...
CVE-2013-4278
The "create an instance" API in OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for...
DEBIAN-CVE-2013-4278
The "create an instance" API in OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for...
CVE-2013-4179
The security group extension in OpenStack Compute Nova Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664...
DEBIAN-CVE-2013-4179
The security group extension in OpenStack Compute Nova Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664...
CVE-2013-2256
OpenStack Compute Nova before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to obtain sensitive information flavor properties, boot arbitrary flavors, and possibly have other unspecified impacts by...
CVE-2013-2256
OpenStack Compute Nova before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to obtain sensitive information flavor properties, boot arbitrary flavors, and possibly have other unspecified impacts by...
Design/Logic Flaw
The "create an instance" API in OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for...
Design/Logic Flaw
OpenStack Compute Nova before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to obtain sensitive information flavor properties, boot arbitrary flavors, and possibly have other unspecified impacts by...
CVE-2013-4179
The security group extension in OpenStack Compute Nova Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664...
CVE-2013-4278
The "create an instance" API in OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for...
CVE-2013-4278
The "create an instance" API in OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for...
CVE-2013-4278
The "create an instance" API in OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for...
Fedora Update for openstack-nova FEDORA-2013-15373
Check for the Version of openstack-nova OpenVAS Vulnerability Test Fedora Update for openstack-nova FEDORA-2013-15373 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...
[SECURITY] Fedora 19 Update: openstack-nova-2013.1.3-2.fc19
OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...
Moderate: Red Hat Security Advisory: openstack-nova security and bug fix update
Updated openstack-nova packages that fix multiple security issues and various bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
CVE-2013-4039
IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via unspecified vectors...
Information disclosure
IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via unspecified vectors...
CVE-2013-4039
IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via unspecified vectors...
CVE-2013-4039
CVE-2013-4039 affects IBM WebSphere Extended Deployment Compute Grid 8.0, prior to 8.0.0.3. A remote authenticated attacker could obtain sensitive information and bypass job access restrictions via unspecified vectors. IBM/Security bulletins indicate remediation by applying Fix Pack 3 (8.0.0.3) o...