Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-2000-1
HistoryOct 23, 2013 - 12:00 a.m.

Nova vulnerabilities

2013-10-2300:00:00
ubuntu.com
42

6.3 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.3%

JSON

Releases

  • Ubuntu 13.04
  • Ubuntu 12.10
  • Ubuntu 12.04

Packages

  • nova - OpenStack Compute cloud infrastructure

Details

It was discovered that Nova did not properly enforce the is_public property
when determining flavor access. An authenticated attacker could exploit
this to obtain sensitive information in private flavors. This issue only
affected Ubuntu 12.10 and 13.10. (CVE-2013-2256, CVE-2013-4278)

Grant Murphy discovered that Nova would allow XML entity processing. A
remote unauthenticated attacker could exploit this using the Nova API to
cause a denial of service via resource exhaustion. This issue only
affected Ubuntu 13.10. (CVE-2013-4179)

Vishvananda Ishaya discovered that Nova inefficiently handled network
security group updates when Nova was configured to use nova-network. An
authenticated attacker could exploit this to cause a denial of service.
(CVE-2013-4185)

Jaroslav Henner discovered that Nova did not properly handle certain inputs
to the instance console when Nova was configured to use Apache Qpid. An
authenticated attacker could exploit this to cause a denial of service on
the compute node running the instance. By default, Ubuntu uses RabbitMQ
instead of Qpid. (CVE-2013-4261)

OSVersionArchitecturePackageVersionFilename
Ubuntu13.04noarchpython-nova< 1:2013.1.3-0ubuntu1.1UNKNOWN
Ubuntu13.04noarchnova-ajax-console-proxy< 1:2013.1.3-0ubuntu1.1UNKNOWN
Ubuntu13.04noarchnova-api< 1:2013.1.3-0ubuntu1.1UNKNOWN
Ubuntu13.04noarchnova-api-ec2< 1:2013.1.3-0ubuntu1.1UNKNOWN
Ubuntu13.04noarchnova-api-metadata< 1:2013.1.3-0ubuntu1.1UNKNOWN
Ubuntu13.04noarchnova-api-os-compute< 1:2013.1.3-0ubuntu1.1UNKNOWN
Ubuntu13.04noarchnova-api-os-volume< 1:2013.1.3-0ubuntu1.1UNKNOWN
Ubuntu13.04noarchnova-baremetal< 1:2013.1.3-0ubuntu1.1UNKNOWN
Ubuntu13.04noarchnova-cells< 1:2013.1.3-0ubuntu1.1UNKNOWN
Ubuntu13.04noarchnova-cert< 1:2013.1.3-0ubuntu1.1UNKNOWN
Rows per page:
1-10 of 841

Related

securityvulns 3
openvas 10
nessus 3
fedora 4
veracode 4
redhat 1
ubuntucve 5
debiancve 5
prion 5
github 4
cve 5
seebug 2
osv 2
ubuntu 1
securityvulns
securityvulns
[USN-2000-1] Nova vulnerabilities
2013-10-28 00:00:00
OpenStack multiple security vulnerabilities
2013-12-23 00:00:00
[USN-2005-1] Cinder vulnerabilities
2013-10-28 00:00:00
openvas
openvas
Ubuntu Update for nova USN-2000-1
2013-10-29 00:00:00
Ubuntu: Security Advisory (USN-2000-1)
2013-10-29 00:00:00
Fedora Update for openstack-nova FEDORA-2013-15373
2013-09-06 00:00:00
nessus
nessus
Ubuntu 12.04 LTS / 12.10 / 13.04 : nova vulnerabilities (USN-2000-1)
2013-10-24 00:00:00
Fedora 19 : openstack-nova-2013.1.3-2.fc19 (2013-15373)
2013-09-05 00:00:00
Ubuntu 13.04 : cinder vulnerabilities (USN-2005-1)
2013-10-24 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: openstack-nova-2013.1.3-2.fc19
2013-09-05 01:37:33
[SECURITY] Fedora 19 Update: openstack-nova-2013.1.4-6.fc19
2014-02-05 03:35:20
[SECURITY] Fedora 19 Update: openstack-nova-2013.1.4-3.fc19
2013-12-12 02:57:25
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:48:40
Denial Of Service (DoS)
2019-05-02 04:48:39
Denial Of Service (DoS)
2019-05-02 04:48:40
redhat
redhat
(RHSA-2013:1199) Moderate: openstack-nova security and bug fix update
2013-09-03 00:00:00
ubuntucve
ubuntucve
CVE-2013-2256
2013-08-06 00:00:00
CVE-2013-4278
2013-09-16 00:00:00
CVE-2013-4261
2013-08-22 00:00:00
debiancve
debiancve
CVE-2013-4278
2013-09-16 19:14:00
CVE-2013-2256
2013-09-16 19:14:00
CVE-2013-4261
2013-10-29 22:55:00
prion
prion
Design/Logic Flaw
2013-09-16 19:14:00
Design/Logic Flaw
2013-09-16 19:14:00
Design/Logic Flaw
2013-10-29 22:55:00
github
github
OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors
2022-05-17 05:04:20
OpenStack Compute (Nova) allows remote authenticated users to obtain sensitive information
2022-05-14 01:58:46
OpenStack Nova Denial of Service in network source security groups
2022-05-14 01:59:13
cve
cve
CVE-2013-4278
2013-09-16 19:14:00
CVE-2013-2256
2013-09-16 19:14:00
CVE-2013-4261
2013-10-29 22:55:00
seebug
seebug
OpenStack Nova安全绕过漏洞
2013-08-11 00:00:00
OpenStack Nova拒绝服务漏洞(CVE-2013-4261)
2013-09-13 00:00:00
osv
osv
OpenStack Compute (Nova) allows remote authenticated users to obtain sensitive information
2022-05-14 01:58:46
OpenStack Compute (Nova) vulnerable to denial of service via XML Entity Expansion attack
2022-05-17 04:58:58
ubuntu
ubuntu
Cinder vulnerabilities
2013-10-23 00:00:00

6.3 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.3%

JSON
Related for USN-2000-1
securityvulns3openvas10nessus3fedora4veracode4redhat1ubuntucve5debiancve5prion5github4cve5seebug2osv2ubuntu1