PT-2013-3626 · Openstack · Openstack Compute

Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions before 2013.1.3 OpenStack Compute Nova Havana versions before havana-2 Description: The issue allows remote authenticated users to obtain sensitive information, such as flavor properties, boot arbitrary flavors...

CVE-2013-4278

The "create an instance" API in OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for...

PT-2013-4893 · Openstack · Openstack Cinder

Name of the Vulnerable Software and Affected Versions: OpenStack Cinder versions 2013.1.3 and earlier Description: The issue affects the backup API api/contrib/backups.py and volume transfer API contrib/volume transfer.py in OpenStack Cinder, allowing remote attackers to cause a denial of service...

PT-2013-4933 · Openstack · Openstack Compute

Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions Folsom through Havana Description: The issue is related to the "create an instance" API, which does not properly enforce the os-flavor-access:is public property. This allows remote authenticated users to boot...

PT-2013-4887 · Openstack · Openstack Compute +1

Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions 2013.1.3 and earlier, Havana versions before havana-3 Description: The issue allows remote attackers to cause a denial of service, resulting in resource consumption and crash, via an XML Entity Expansion XEE...

OpenStack Nova拒绝服务漏洞(CVE-2013-4261)

BUGTRAQ ID: 62200 CVECAN ID: CVE-2013-4261 OpenStack Compute Nova是用Python编写的云计算构造控制器，属于laaS系统的一部分 OpenStack Nova在频繁运行console-log后，会导致nova计算机崩溃 0 openstack Nova 厂商补丁： openstack --------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://lists.openstack.org/pipermail/openstack-announce/...

Fedora Update for openstack-nova FEDORA-2013-15373

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for openstack-nova FEDORA-2013-15373

Check for the Version of openstack-nova OpenVAS Vulnerability Test Fedora Update for openstack-nova FEDORA-2013-15373 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

[SECURITY] Fedora 19 Update: openstack-nova-2013.1.3-2.fc19

OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...

Fedora 19 : openstack-nova-2013.1.3-2.fc19 (2013-15373)

Fixes 2 CVEs that were missed with the 2013.1.3 stable update Update to latest stable/grizzly 2013.1.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Low: Red Hat Security Advisory: ruby193-v8 security update

Updated ruby193-v8 packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

OpenStack: python-glanceclient failing SSL certificate check

The Python client library for Glance python-glanceclient before 0.10.0 does not properly check the preverifyok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate and allows...

OpenStack: openstack-nova-compute console-log DoS

OpenStack Compute Nova Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service connection pool consumption, as demonstrated using multiple requests that send...

OpenStack: Nova network source security groups denial of service

Algorithmic complexity vulnerability in OpenStack Compute Nova before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service nova-network consumption via a large number of...

Moderate: Red Hat Security Advisory: python-glanceclient security update

An updated python-glanceclient package that fixes one security issue is now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

OpenStack: Nova XML entities DoS

The security group extension in OpenStack Compute Nova Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664...

OpenStack: Nova private flavors resource limit circumvention

OpenStack Compute Nova before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to obtain sensitive information flavor properties, boot arbitrary flavors, and possibly have other unspecified impacts by...

Moderate: Red Hat Security Advisory: openstack-nova security and bug fix update

Updated openstack-nova packages that fix multiple security issues and various bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

OpenStack: Cinder Denial of Service using XML entities

The 1 backup api/contrib/backups.py and 2 volume transfer contrib/volumetransfer.py APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an...