7 matches found
CVE-2014-3708
CVE-2014-3708 affects OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1. The vulnerability arises from how an IP filter is processed in the list active servers API request, allowing remote authenticated users to cause a denial of service (CPU consumption). Public advisories (R...
CVE-2012-1585
CVE-2012-1585 affects OpenStack Compute (Nova) Essex before 2011.3. The vulnerability allows remote authenticated users to cause a denial of service by submitting a long server name, which triggers excessive growth of the nova-api log file and disk consumption. The connected documents confirm the...
CVE-2014-3517
OpenStack Nova metadata proxy (api/metadata/handler.py) is affected when proxying metadata requests through Neutron. The vulnerability allows timing-based brute-forcing to guess instance ID signatures. Affected ranges include OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and J...
CVE-2012-3447
OpenStack Compute (Nova) vulnerability affecting the 2012.1.x branch prior to 2012.1.2 and Folsom prior to Folsom-3. A remote authenticated user can overwrite arbitrary files via a symlink attack on a file inside an image that uses a symlink readable only by root. The issue stems from an incomple...
CVE-2013-6437
The CVE-2013-6437 issue affects the libvirt driver in OpenStack Nova (Compute) prior to 2013.2.2 and IceHouse prior to icehouse-2. An authenticated user can trigger disk growth and denial of service by repeatedly creating and deleting instances while using unique os_type settings, causing the cre...
CVE-2014-8333
CVE-2014-8333 affects the VMware driver in OpenStack Compute (Nova) prior to 2014.1.4. An authenticated user can trigger a denial-of-service (disk consumption) by deleting an instance that is in the resize state, causing backend resource exhaustion. Remediation reported in associated advisories: ...
CVE-2012-0030
CVE-2012-0030 affects Nova 2011.3 and Essex when using the OpenStack API, allowing remote authenticated users to bypass tenant access restrictions via a modified project_id in an OSAPI request. Root cause: insufficient validation of project_id in OSAPI calls. A fix is available in OpenStack Nova ...