7799 matches found
PYSEC-2013-35
The clearvolume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors...
CVE-2013-4183
The clearvolume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors...
CVE-2013-4278
The "create an instance" API in OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for...
CVE-2013-4179
The security group extension in OpenStack Compute Nova Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664...
CVE-2013-2256
OpenStack Compute Nova before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to obtain sensitive information flavor properties, boot arbitrary flavors, and possibly have other unspecified impacts by...
CVE-2013-4202
The 1 backup api/contrib/backups.py and 2 volume transfer contrib/volumetransfer.py APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an...
CVE-2013-4278
CVE-2013-4278 refers to a vulnerability in OpenStack Compute (Nova) where the flavor access control check (os-flavor-access:is_public) is not properly enforced. This allows remote authenticated users to boot arbitrary flavors by guessing flavor IDs, stemming from an incomplete fix for CVE-2013-22...
CVE-2013-4179
OpenStack Nova (Grizzly 2013.1.3, Havana before havana-3, and earlier) is affected by CVE-2013-4179, a denial-of-service due to XML Entity Expansion (XEE) in the security group extension. The issue stems from an incomplete fix for CVE-2013-1664 and can allow remote attackers to cause resource con...
CVE-2013-4202
OpenStack Cinder (Grizzly, 2013.1.3 and earlier) backs up (api/contrib/backups.py) and volume_transfer (contrib/volume_transfer.py) APIs are vulnerable to XML Entity Expansion (XEE) leading to remote DoS (resource consumption and crash). Root cause is an incomplete fix for CVE-2013-1664 in the XM...
CVE-2013-4183
CVE-2013-4183 concerns OpenStack Cinder (LVMVolumeDriver) where the clear_volume routine used when deleting a snapshot does not properly clear data, potentially allowing local users to access sensitive information. The vulnerability affects OpenStack Cinder releases 2013.1.1 through 2013.1.2. Con...
CVE-2013-4202
The 1 backup api/contrib/backups.py and 2 volume transfer contrib/volumetransfer.py APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an...
CVE-2013-4183
The clearvolume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors...
CVE-2013-2256
OpenStack Compute Nova before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to obtain sensitive information flavor properties, boot arbitrary flavors, and possibly have other unspecified impacts by...
CVE-2013-4278
The "create an instance" API in OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for...
CVE-2013-4179
The security group extension in OpenStack Compute Nova Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664...
CVE-2013-2256
CVE-2013-2256 concerns OpenStack Compute (Nova) where, prior to 2013.1.3 (and Havana prior to havana-2), the system did not properly enforce the os-flavor-access:is_public property. This allowed remote authenticated users to obtain flavor information, boot arbitrary flavors by guessing IDs, and p...
PT-2013-4933 · Openstack · Openstack Compute
Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions Folsom through Havana Description: The issue is related to the "create an instance" API, which does not properly enforce the os-flavor-access:is public property. This allows remote authenticated users to boot...
PT-2013-4887 · Openstack · Openstack Compute +1
Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions 2013.1.3 and earlier, Havana versions before havana-3 Description: The issue allows remote attackers to cause a denial of service, resulting in resource consumption and crash, via an XML Entity Expansion XEE...
PT-2013-3626 · Openstack · Openstack Compute
Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions before 2013.1.3 OpenStack Compute Nova Havana versions before havana-2 Description: The issue allows remote authenticated users to obtain sensitive information, such as flavor properties, boot arbitrary flavors...
PT-2013-4893 · Openstack · Openstack Cinder
Name of the Vulnerable Software and Affected Versions: OpenStack Cinder versions 2013.1.3 and earlier Description: The issue affects the backup API api/contrib/backups.py and volume transfer API contrib/volume transfer.py in OpenStack Cinder, allowing remote attackers to cause a denial of service...