CVE-2013-4261

OpenStack Compute Nova Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service connection pool consumption, as demonstrated using multiple requests that send...

Fedora Update for openstack-nova FEDORA-2013-13244

Check for the Version of openstack-nova OpenVAS Vulnerability Test Fedora Update for openstack-nova FEDORA-2013-13244 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

OpenStack Nova安全绕过漏洞

BUGTRAQ ID: 61637 CVECAN ID: CVE-2013-2256 OpenStack Compute Nova是用Python编写的云计算构造控制器，属于laaS系统的一部分。 Nova 存在安全措施绕过漏洞，攻击者可利用此漏洞绕过某些安全限制，然后执行未授权操作。 0 openstack Nova 厂商补丁： openstack --------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://lists.openstack.org/pipermail/openstack-announce/...

CVE-2013-4179

The security group extension in OpenStack Compute Nova Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664...

CVE-2013-4185

Algorithmic complexity vulnerability in OpenStack Compute Nova before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service nova-network consumption via a large number of...

CVE-2013-2256

OpenStack Compute Nova before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to obtain sensitive information flavor properties, boot arbitrary flavors, and possibly have other unspecified impacts by...

[SECURITY] Fedora 19 Update: openstack-nova-2013.1.2-4.fc19

OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...

OpenStack多个产品SSL证书校验漏洞(CVE-2013-2255)

CVE ID:CVE-2013-2255 OpenStack Computer提供给一个组织云的工具,其中的功能包括运行虚拟机实例, 管理网络以及通过用户和项目来控制对云的访问OpenStack keystone是openstack中用于身份验证的项目，任何服务请求需要经过它的验证获得服务的endpoint OpenStack Computer/keystone在连接服务器时没有校验所提供的SSL证书的合法性，允许远程攻击者利用漏洞伪造合法服务器，进行中间人等攻击 0 OpenStack Compute Nova 2013.x OpenStack Keystone 2013.x 厂商解决...

CVE-2013-2096

OpenStack Compute Nova Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service host file system disk consumption by creating an image with a large virtual size that does not contain a large amount of data...

CVE-2013-2096

OpenStack Compute (Nova) variants Folsom/Grizzly/Havana fail to verify the QCOW2 image virtual size, enabling local users to trigger host filesystem disk consumption (DoS) by using large virtual sizes with little data. Root cause: incomplete/incorrect validation of QCOW2 virtual size, as noted ac...

CVE-2013-2096

OpenStack Compute Nova Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service host file system disk consumption by creating an image with a large virtual size that does not contain a large amount of data...

USN-1831-1: OpenStack Nova vulnerability

Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk...

CVE-2013-2096

OpenStack Compute Nova Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service host file system disk consumption by creating an image with a large virtual size that does not contain a large amount of data...

Moderate: Red Hat Security Advisory: openstack-nova security and bug fix update

Updated openstack-nova packages that fix two security issues and various bugs are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

[USN-1771-1] OpenStack Nova vulnerabilities

========================================================================== Ubuntu Security Notice USN-1771-1 March 20, 2013 nova vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

DEBIAN-CVE-2013-1838

OpenStack Compute Nova Grizzly, Folsom 2012.2, and Essex 2012.1 does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service resource exhaustion and failure to spawn new instances via a large number of calls to the addFixedIp function...

CVE-2013-1838

OpenStack Compute Nova Grizzly, Folsom 2012.2, and Essex 2012.1 does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service resource exhaustion and failure to spawn new instances via a large number of calls to the addFixedIp function...

Design/Logic Flaw

OpenStack Compute Nova Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port...

PYSEC-2013-44

OpenStack Compute Nova Grizzly, Folsom 2012.2, and Essex 2012.1 does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service resource exhaustion and failure to spawn new instances via a large number of calls to the addFixedIp function...

Design/Logic Flaw

OpenStack Compute Nova Grizzly, Folsom 2012.2, and Essex 2012.1 does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service resource exhaustion and failure to spawn new instances via a large number of calls to the addFixedIp function...