Lucene search
K

9 matches found

CVE
CVE
added 2014/10/31 2:0 p.m.99 views

CVE-2014-3708

CVE-2014-3708 affects OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1. The vulnerability arises from how an IP filter is processed in the list active servers API request, allowing remote authenticated users to cause a denial of service (CPU consumption). Public advisories (R...

4CVSS6.2AI score0.02783EPSS
CVE
CVE
added 2014/10/06 2:0 p.m.92 views

CVE-2014-3608

CVE-2014-3608 affects the OpenStack Nova VMware driver. The vulnerability arises when a VM is put into RESCUE, causing quota bypass and DoS via image deletion; it stems from an incomplete fix for CVE-2014-2573. Affected: OpenStack Nova VMware driver (2013.2 to 2013.2.2 and before 2014.1.3). Impac...

2.7CVSS6.2AI score0.0171EPSS
CVE
CVE
added 2014/08/07 10:0 a.m.85 views

CVE-2014-3517

OpenStack Nova metadata proxy (api/metadata/handler.py) is affected when proxying metadata requests through Neutron. The vulnerability allows timing-based brute-forcing to guess instance ID signatures. Affected ranges include OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and J...

4.3CVSS6.4AI score0.01938EPSS
CVE
CVE
added 2014/01/23 9:0 p.m.78 views

CVE-2013-7048

CVE-2013-7048 affects OpenStack Nova (Grizzly 2013.1.4, Havana 2013.2.1 and earlier). The libvirt/live-snapshot path permissions were world-writable/world-readable in the temporary directory used for live snapshots, allowing a local attacker with shell access to read and modify snapshots before u...

3.3CVSS6AI score0.00475EPSS
CVE
CVE
added 2014/03/06 3:0 p.m.76 views

CVE-2013-6437

The CVE-2013-6437 issue affects the libvirt driver in OpenStack Nova (Compute) prior to 2013.2.2 and IceHouse prior to icehouse-2. An authenticated user can trigger disk growth and denial of service by repeatedly creating and deleting instances while using unique os_type settings, causing the cre...

4CVSS6.1AI score0.0202EPSS
CVE
CVE
added 2014/10/31 2:0 p.m.72 views

CVE-2014-8333

CVE-2014-8333 affects the VMware driver in OpenStack Compute (Nova) prior to 2014.1.4. An authenticated user can trigger a denial-of-service (disk consumption) by deleting an instance that is in the resize state, causing backend resource exhaustion. Remediation reported in associated advisories: ...

4CVSS6.2AI score0.02006EPSS
CVE
CVE
added 2014/10/08 7:0 p.m.70 views

CVE-2014-7231

OpenStack Oslo utility library issue CVE-2014-7231 affects Cinder, Nova, and Trove before versions 2013.2.4 and 2014.1 before 2014.1.3. The strutils.mask_password() function did not properly mask passwords in command logs, enabling a local user with read access to logs to retrieve passwords. Reme...

2.1CVSS6.1AI score0.00528EPSS
CVE
CVE
added 2014/10/08 7:0 p.m.68 views

CVE-2014-7230

CVE-2014-7230 affects OpenStack components (oslo-incubator, Cinder, Nova, Trove). The vulnerability arises in processutils.execute where certain commands that trigger a ProcessExecutionError may write passwords to logs, allowing local attackers to read them. Mitigations involve upgrading to upstr...

2.1CVSS6.1AI score0.00469EPSS
CVE
CVE
added 2014/10/15 2:0 p.m.63 views

CVE-2014-8750

CVE-2014-8750 is a race condition in the OpenStack Nova VMware driver related to VNC port allocation. An authenticated user could cause two instances to receive the same VNC port, potentially exposing unauthorized consoles across tenants. Affected setups are those using the VMware driver with the...

6.5CVSS6.3AI score0.02027EPSS