4 matches found
CVE-2013-4179
OpenStack Nova (Grizzly 2013.1.3, Havana before havana-3, and earlier) is affected by CVE-2013-4179, a denial-of-service due to XML Entity Expansion (XEE) in the security group extension. The issue stems from an incomplete fix for CVE-2013-1664 and can allow remote attackers to cause resource con...
CVE-2013-4278
CVE-2013-4278 refers to a vulnerability in OpenStack Compute (Nova) where the flavor access control check (os-flavor-access:is_public) is not properly enforced. This allows remote authenticated users to boot arbitrary flavors by guessing flavor IDs, stemming from an incomplete fix for CVE-2013-22...
CVE-2013-4185
CVE-2013-4185 describes an algorithmic complexity vulnerability in OpenStack Compute (Nova) where the code path for updating network source security group policies is mishandled. This allows an authenticated remote user to trigger a denial of service by issuing many server-creation operations, ca...
CVE-2013-2030
CVE-2013-2030 affects OpenStack Nova (keystone/middleware/auth_token.py) in Folsom, Grizzly, and Havana. It uses an insecure temporary directory to store signing certificates, enabling local users to spoof servers by pre-creating the directory (e.g., /tmp/keystone-signing-nova on Fedora). Several...