CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7716 matches found

Fedora•added 2013/12/14 3:44 a.m.•31 views

[SECURITY] Fedora 20 Update: openstack-nova-2013.2-4.fc20

OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...

2.1CVSS6.4AI score0.00155EPSS

Exploits1

Tenable Nessus•added 2013/12/14 12:0 a.m.•35 views

Fedora 20 : openstack-nova-2013.2-4.fc20 (2013-22667)

Ensure we don't boot oversized images CVE-2013-4463 and CVE-2013-2096 - Require ipmitool for baremetal driver 1022243 - Remove cert and scheduler hard dependency on cinderclient 1031679 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

2.1CVSS5.3AI score0.00155EPSS

Exploits1References6

seebug.org•added 2013/12/13 12:0 a.m.•40 views

OpenStack Compute (Nova) 不安全目录权限漏洞

BUGTRAQ ID: 64266 CVECAN ID: CVE-2013-7048 OpenStack Compute Nova是用Python编写的云计算构造控制器，属于laaS系统的一部分。 OpenStack Compute Nova Havana、Grizzly在实现上存在不安全目录权限导致的安全漏洞，攻击者可利用此漏洞在受影响目录内执行未授权操作。 0 openstack Nova 厂商补丁： openstack --------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

3.3CVSS6.4AI score0.00132EPSS

Exploits2

Fedora•added 2013/12/12 2:57 a.m.•29 views

[SECURITY] Fedora 19 Update: openstack-nova-2013.1.4-3.fc19

3.5CVSS2.4AI score0.00596EPSS

Exploits4

Tenable Nessus•added 2013/12/12 12:0 a.m.•32 views

Fedora 19 : openstack-nova-2013.1.4-3.fc19 (2013-22693)

Fix CVE-2013-4469 and CVE-2013-4463 Fix CVE-2013-4469 and CVE-2013-4463 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

2.1CVSS5.3AI score0.00155EPSS

Exploits1References6

UbuntuCve•added 2013/12/11 3:0 p.m.•21 views

CVE-2013-6419

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

5CVSS5.9AI score0.00563EPSS

Exploits1References2

UbuntuCve•added 2013/12/11 3:0 p.m.•23 views

CVE-2013-6391

The ec2tokens API in OpenStack Identity Keystone before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2toke...

5.8CVSS5.9AI score0.00498EPSS

Exploits2References3

OSV•added 2013/12/11 3:0 p.m.•2 views

UBUNTU-CVE-2013-6428

The ReST API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenantid in the request path...

4CVSS5.8AI score0.0017EPSS

Exploits2References3

OSV•added 2013/12/11 3:0 p.m.•2 views

UBUNTU-CVE-2013-6426

The cloudformation-compatible API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and 1 create a stack via the CreateStack method or 2 upda...

4CVSS5.8AI score0.0033EPSS

Exploits2References4

UbuntuCve•added 2013/12/11 3:0 p.m.•15 views

CVE-2013-6428

4CVSS5.9AI score0.0017EPSS

Exploits2References2

UbuntuCve•added 2013/12/11 3:0 p.m.•30 views

CVE-2013-6426

4CVSS5.9AI score0.0033EPSS

Exploits2References3

securityvulns•added 2013/11/26 12:0 a.m.•93 views

[USN-2034-1] OpenStack Keystone vulnerability

========================================================================== Ubuntu Security Notice USN-2034-1 November 25, 2013 keystone vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

3.3CVSS0.3AI score0.00151EPSS

Exploits1

securityvulns•added 2013/11/26 12:0 a.m.•50 views

CVE-2013-6795 Vulnerability in the Rackspace Windows Agent and Updater

A vulnerability in the Rackspace Windows Agent and Updater was discovered that allows for modified Agent binaries to be remotely uploaded without authentication to Rackspace Cloud Server guest instances. Modified Agent binaries are processed as an update for the Agent and arbitrary code can then ...

9.3CVSS2.5AI score0.0492EPSS

Exploits1

Ubuntu•added 2013/11/25 8:57 p.m.•59 views

USN-2034-1: OpenStack Keystone vulnerability

Brant Knudson discovered a logic error in the LDAP backend in Keystone where removing a role on a tenant for a user who does not have that role would instead add the role to the user. An authenticated user could use this to gain privileges. Ubuntu is not configured to use the LDAP Keystone backen...

3.3CVSS5.4AI score0.00151EPSS

Exploits1

OSV•added 2013/11/23 6:55 p.m.•3 views

CVE-2013-6384

1 impldb2.py and 2 implmongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information the DB2 or MongoDB password by reading the log file...

5.7AI score

Exploits0References7

OSV•added 2013/11/23 6:55 p.m.•2 views

DEBIAN-CVE-2013-6384

1.9CVSS6.2AI score0.00057EPSS

Exploits1References1