Все бюллетени/sisyphus/ALT-PU-2015-2852-1
ALT-PU-2015-2852-1

Обновление пакета openstack-nova в ветке sisyphus

Версия2015.1.0-alt0.b2.0
Задание#141666
Опубликовано2015-03-18
Макс. серьёзностьMEDIUM
Серьёзность:

Закрытые проблемы (12)

CVE-2014-3608
LOW2.7

The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573.

Опубликовано: 2014-10-06Изменено: 2025-04-12
CVSS 2.0НИЗКАЯ 2.7
CVSS:2.0/AV:A/AC:L/Au:S/C:N/I:N/A:P
Ссылки
CVE-2014-3708
MEDIUM4.0

OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.

Опубликовано: 2014-10-31Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
Ссылки
CVE-2014-7230
LOW2.1

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

Опубликовано: 2014-10-08Изменено: 2025-04-12
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N
Ссылки
CVE-2014-7231
LOW2.1

The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.

Опубликовано: 2014-10-08Изменено: 2025-04-12
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N
Ссылки
CVE-2014-8333
MEDIUM4.0

The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.

Опубликовано: 2014-10-31Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
Ссылки
CVE-2014-8750
MEDIUM6.5

Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.

Опубликовано: 2014-10-15Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 6.5
CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P
Ссылки
CVE-2015-0259
MEDIUM5.1

OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.

Опубликовано: 2015-04-01Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 5.1
CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:P
Ссылки
GHSA-43hc-pwvx-pmfg
NONE

OpenStack Compute (Nova) Denial of Service vulnerability

Опубликовано: 2022-05-14Изменено: 2023-02-08
Ссылки
GHSA-92hc-c226-32q7
NONE

OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service

Опубликовано: 2022-05-14Изменено: 2023-02-08
Ссылки
GHSA-g63p-mfcm-54c4
NONE

OpenStack Nova VMware instance leak potentially leading to compute DoS

Опубликовано: 2022-05-14Изменено: 2024-05-15
Ссылки
GHSA-v933-vx5p-j7w2
NONE

OpenStack Oslo utility sensitive information exposure via log files

Опубликовано: 2022-05-14Изменено: 2024-05-15
Ссылки
GHSA-x8xr-rm9r-7mvf
NONE

OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity

Опубликовано: 2022-05-14Изменено: 2023-02-08
Ссылки