3785 matches found
CVE-2013-0335
OpenStack Compute Nova Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port...
CVE-2013-1838
OpenStack Compute Nova Grizzly, Folsom 2012.2, and Essex 2012.1 does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service resource exhaustion and failure to spawn new instances via a large number of calls to the addFixedIp function...
CVE-2013-1838
CVE-2013-1838 affects OpenStack Nova (Compute) in Grizzly, Folsom (2012.2), and Essex (2012.1). The issue is that quotas for fixed IPs were not properly enforced, enabling remote authenticated users to exhaust resources and potentially block new instance spawns via many addFixedIp calls (DoS). Su...
CVE-2013-1838
OpenStack Compute Nova Grizzly, Folsom 2012.2, and Essex 2012.1 does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service resource exhaustion and failure to spawn new instances via a large number of calls to the addFixedIp function...
Moderate: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update
Updated openstack-nova packages that fix two security issues, several bugs, and add an enhancement are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, whi...
CVE-2013-1838
OpenStack Compute Nova Grizzly, Folsom 2012.2, and Essex 2012.1 does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service resource exhaustion and failure to spawn new instances via a large number of calls to the addFixedIp function...
Keystone: EC2-style authentication accepts disabled user/tenants
OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...
CVE-2013-0335
OpenStack Compute Nova Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port...
[USN-1734-1] OpenStack Nova vulnerability
========================================================================== Ubuntu Security Notice USN-1734-1 February 21, 2013 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
CVE-2013-0208
The boot-from-volume feature in OpenStack Compute Nova Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the blockdevicemapping parameter...
CVE-2013-0208
The boot-from-volume feature in OpenStack Compute Nova Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the blockdevicemapping parameter...
Security feature bypass
The boot-from-volume feature in OpenStack Compute Nova Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the blockdevicemapping parameter...
CVE-2013-0208
The boot-from-volume feature in OpenStack Compute Nova Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the blockdevicemapping parameter...
CVE-2013-0208
The boot-from-volume feature in OpenStack Compute Nova Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the blockdevicemapping parameter...
[USN-1709-1] OpenStack Nova vulnerability
========================================================================== Ubuntu Security Notice USN-1709-1 January 29, 2013 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
Important: Red Hat Security Advisory: openstack-nova security and bug fix update
Updated openstack-nova packages that fix two security issues and multiple bugs are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
USN-1709-1: OpenStack Nova vulnerability
Phil Day discovered that nova-volume did not validate access to volumes. An authenticated attacker could exploit this to bypass intended access controls and boot from arbitrary volumes...
CVE-2013-0208
The boot-from-volume feature in OpenStack Compute Nova Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the blockdevicemapping parameter...
[SECURITY] Fedora 18 Update: openstack-nova-2012.2.2-1.fc18
OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...
Design/Logic Flaw
tools/sampledata.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud Amazon EC2 is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this...