3 matches found
CVE-2013-4278
CVE-2013-4278 refers to a vulnerability in OpenStack Compute (Nova) where the flavor access control check (os-flavor-access:is_public) is not properly enforced. This allows remote authenticated users to boot arbitrary flavors by guessing flavor IDs, stemming from an incomplete fix for CVE-2013-22...
CVE-2012-3371
The CVE refers to OpenStack Nova (Compute) scheduler vulnerability in Folsom (2012.2) and Essex (2012.1). When scheduler filters DifferentHostFilter or SameHostFilter are enabled, remote authenticated users can trigger a denial of service by sending requests with many repeated IDs in the os:sched...
CVE-2014-0134
OpenStack Nova shows a vulnerability in 2013.2 (before 2013.2.3) and Icehouse (before 2014.1) when using libvirt to spawn images with use_cow_images=false: remote authenticated users could read certain compute host files by overwriting an instance disk with a crafted image. The affected component...