CVE-2013-4183

The clearvolume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors...

CVE-2013-2256

OpenStack Compute Nova before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to obtain sensitive information flavor properties, boot arbitrary flavors, and possibly have other unspecified impacts by...

CVE-2013-4179

The security group extension in OpenStack Compute Nova Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664...

CVE-2013-2256

CVE-2013-2256 concerns OpenStack Compute (Nova) where, prior to 2013.1.3 (and Havana prior to havana-2), the system did not properly enforce the os-flavor-access:is_public property. This allowed remote authenticated users to obtain flavor information, boot arbitrary flavors by guessing IDs, and p...

CVE-2013-4202

OpenStack Cinder (Grizzly, 2013.1.3 and earlier) backs up (api/contrib/backups.py) and volume_transfer (contrib/volume_transfer.py) APIs are vulnerable to XML Entity Expansion (XEE) leading to remote DoS (resource consumption and crash). Root cause is an incomplete fix for CVE-2013-1664 in the XM...

CVE-2013-4202

The 1 backup api/contrib/backups.py and 2 volume transfer contrib/volumetransfer.py APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an...

CVE-2013-4278

The "create an instance" API in OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for...

CVE-2013-4278

The "create an instance" API in OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for...

PT-2013-3626 · Openstack · Openstack Compute

Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions before 2013.1.3 OpenStack Compute Nova Havana versions before havana-2 Description: The issue allows remote authenticated users to obtain sensitive information, such as flavor properties, boot arbitrary flavors...

CVE-2013-4278

The "create an instance" API in OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for...

PT-2013-4893 · Openstack · Openstack Cinder

Name of the Vulnerable Software and Affected Versions: OpenStack Cinder versions 2013.1.3 and earlier Description: The issue affects the backup API api/contrib/backups.py and volume transfer API contrib/volume transfer.py in OpenStack Cinder, allowing remote attackers to cause a denial of service...

PT-2013-4933 · Openstack · Openstack Compute

Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions Folsom through Havana Description: The issue is related to the "create an instance" API, which does not properly enforce the os-flavor-access:is public property. This allows remote authenticated users to boot...

PT-2013-4887 · Openstack · Openstack Compute +1

Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions 2013.1.3 and earlier, Havana versions before havana-3 Description: The issue allows remote attackers to cause a denial of service, resulting in resource consumption and crash, via an XML Entity Expansion XEE...

OpenStack Nova拒绝服务漏洞(CVE-2013-4261)

BUGTRAQ ID: 62200 CVECAN ID: CVE-2013-4261 OpenStack Compute Nova是用Python编写的云计算构造控制器，属于laaS系统的一部分 OpenStack Nova在频繁运行console-log后，会导致nova计算机崩溃 0 openstack Nova 厂商补丁： openstack --------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://lists.openstack.org/pipermail/openstack-announce/...

Fedora Update for openstack-nova FEDORA-2013-15373

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for openstack-nova FEDORA-2013-15373

Check for the Version of openstack-nova OpenVAS Vulnerability Test Fedora Update for openstack-nova FEDORA-2013-15373 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

[SECURITY] Fedora 19 Update: openstack-nova-2013.1.3-2.fc19

OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...

Fedora 19 : openstack-nova-2013.1.3-2.fc19 (2013-15373)

Fixes 2 CVEs that were missed with the 2013.1.3 stable update Update to latest stable/grizzly 2013.1.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Low: Red Hat Security Advisory: ruby193-v8 security update

Updated ruby193-v8 packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...