7742 matches found
CVE-2014-3608
The VMWare driver in OpenStack Compute Nova before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service resource consumption by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: thi...
DEBIAN-CVE-2014-3608
The VMWare driver in OpenStack Compute Nova before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service resource consumption by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: thi...
Design/Logic Flaw
The VMWare driver in OpenStack Compute Nova before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service resource consumption by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: thi...
CVE-2014-3608
CVE-2014-3608 affects the OpenStack Nova VMware driver. The vulnerability arises when a VM is put into RESCUE, causing quota bypass and DoS via image deletion; it stems from an incomplete fix for CVE-2014-2573. Affected: OpenStack Nova VMware driver (2013.2 to 2013.2.2 and before 2014.1.3). Impac...
CVE-2014-3608
The VMWare driver in OpenStack Compute Nova before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service resource consumption by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: thi...
CVE-2014-3608
The VMWare driver in OpenStack Compute Nova before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service resource consumption by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: thi...
CVE-2014-3608
The VMWare driver in OpenStack Compute Nova before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service resource consumption by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: thi...
UBUNTU-CVE-2014-3608
The VMWare driver in OpenStack Compute Nova before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service resource consumption by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: thi...
PT-2014-5416 · Openstack +1 · Openstack Compute +1
Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions prior to 2014.1.3 Description: The issue allows remote authenticated users to bypass the quota limit and cause a denial of service by consuming resources. This is achieved by putting a virtual machine into the...
DEBIAN-CVE-2014-6414
OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors...
CVE-2014-7144
OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...
CVE-2014-6414
OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors...
CVE-2014-6414
OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors...
CVE-2014-7144
OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...
CVE-2014-3621
The catalog url replacement in OpenStack Identity Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$admintoken" in the publicurl endpoint field...
DEBIAN-CVE-2014-3621
The catalog url replacement in OpenStack Identity Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$admintoken" in the publicurl endpoint field...
CVE-2014-3621
The catalog url replacement in OpenStack Identity Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$admintoken" in the publicurl endpoint field...
Design/Logic Flaw
OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors...
Code injection
OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...
Code injection
The catalog url replacement in OpenStack Identity Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$admintoken" in the publicurl endpoint field...