OpenStack Nova 2011.3

CPE Details

OpenStack Nova 2011.3
openstack
nova
2011.3
2018-11-14
17h23 +00:00
2018-11-14
17h23 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:openstack:nova:2011.3:*:*:*:*:*:*:*

Informations

Vendor

openstack

Product

nova

Version

2011.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2011-4076 2019-11-26 02h53 +00:00 OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY.
5.9
Medium
CVE-2011-3147 2019-04-22 15h35 +00:00 Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.
8.6
High
CVE-2012-2101 2012-06-07 17h00 +00:00 Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules.
3.5
CVE-2012-0030 2012-01-13 17h00 +00:00 Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.
4.9
CVE-2011-4596 2011-12-23 22h00 +00:00 Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.
6