CVE-2013-2030

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

CVE-2013-2030

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

Fedora Update for openstack-nova FEDORA-2013-22693

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 20 : openstack-nova-2013.2-4.fc20 (2013-22667)

Ensure we don't boot oversized images CVE-2013-4463 and CVE-2013-2096 - Require ipmitool for baremetal driver 1022243 - Remove cert and scheduler hard dependency on cinderclient 1031679 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

Fedora 19 : openstack-nova-2013.1.4-3.fc19 (2013-22693)

Fix CVE-2013-4469 and CVE-2013-4463 Fix CVE-2013-4469 and CVE-2013-4463 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

CVE-2013-6419

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

CVE-2013-6795 Vulnerability in the Rackspace Windows Agent and Updater

A vulnerability in the Rackspace Windows Agent and Updater was discovered that allows for modified Agent binaries to be remotely uploaded without authentication to Rackspace Cloud Server guest instances. Modified Agent binaries are processed as an update for the Agent and arbitrary code can then ...

UBUNTU-CVE-2013-4469

OpenStack Compute Nova Folsom, Grizzly, and Havana, when usecowimages is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service host file system disk consumption by transferring an image with a large virtual size that does not contai...

DEBIAN-CVE-2013-4185

Algorithmic complexity vulnerability in OpenStack Compute Nova before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service nova-network consumption via a large number of...

DEBIAN-CVE-2013-4261

OpenStack Compute Nova Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service connection pool consumption, as demonstrated using multiple requests that send...

CVE-2013-4261

OpenStack Compute Nova Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service connection pool consumption, as demonstrated using multiple requests that send...

PT-2013-3626 · Openstack · Openstack Compute

Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions before 2013.1.3 OpenStack Compute Nova Havana versions before havana-2 Description: The issue allows remote authenticated users to obtain sensitive information, such as flavor properties, boot arbitrary flavors...

PT-2013-4933 · Openstack · Openstack Compute

Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions Folsom through Havana Description: The issue is related to the "create an instance" API, which does not properly enforce the os-flavor-access:is public property. This allows remote authenticated users to boot...

OpenStack Nova拒绝服务漏洞(CVE-2013-4261)

BUGTRAQ ID: 62200 CVECAN ID: CVE-2013-4261 OpenStack Compute Nova是用Python编写的云计算构造控制器，属于laaS系统的一部分 OpenStack Nova在频繁运行console-log后，会导致nova计算机崩溃 0 openstack Nova 厂商补丁： openstack --------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://lists.openstack.org/pipermail/openstack-announce/...

Fedora Update for openstack-nova FEDORA-2013-15373

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for openstack-nova FEDORA-2013-15373

Check for the Version of openstack-nova OpenVAS Vulnerability Test Fedora Update for openstack-nova FEDORA-2013-15373 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

Fedora 19 : openstack-nova-2013.1.3-2.fc19 (2013-15373)

Fixes 2 CVEs that were missed with the 2013.1.3 stable update Update to latest stable/grizzly 2013.1.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

OpenStack: openstack-nova-compute console-log DoS

OpenStack Compute Nova Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service connection pool consumption, as demonstrated using multiple requests that send...

OpenStack: Nova network source security groups denial of service

Algorithmic complexity vulnerability in OpenStack Compute Nova before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service nova-network consumption via a large number of...

OpenStack: Nova XML entities DoS

The security group extension in OpenStack Compute Nova Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664...