Openstack

Compute

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2013-2255

  • EPSS 0.41%
  • Veröffentlicht 01.11.2019 19:15:10
  • Zuletzt bearbeitet 21.11.2024 01:51:20

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.

4.7

CVE-2015-2687

  • EPSS 0.05%
  • Veröffentlicht 09.08.2017 18:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.

3.5

CVE-2014-0134

  • EPSS 0.2%
  • Veröffentlicht 08.05.2014 14:29:13
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by ove...

6

CVE-2014-0167

  • EPSS 0.38%
  • Veröffentlicht 15.04.2014 14:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compu...

2.3

CVE-2014-2573

  • EPSS 0.11%
  • Veröffentlicht 25.03.2014 16:55:28
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting t...

7.1

CVE-2013-7130

  • EPSS 2.54%
  • Veröffentlicht 06.02.2014 17:00:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attacke...

2.1

CVE-2013-2030

  • EPSS 0.04%
  • Veröffentlicht 27.12.2013 01:55:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, ...

4

CVE-2013-4185

Exploit
  • EPSS 0.37%
  • Veröffentlicht 29.10.2013 22:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (n...

3.5

CVE-2013-4278

  • EPSS 0.2%
  • Veröffentlicht 16.09.2013 19:14:39
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE...

4.3

CVE-2013-4179

Exploit
  • EPSS 0.67%
  • Veröffentlicht 16.09.2013 19:14:38
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this...