Pádraig Brady

Researcher fromRed Hat
#12366of 53,633
22Total CVSS
Vulnerabilities · 4
Low
1
Medium
1
High
2
PT-2020-7843
7.5
2015-07-05
Gnu · Gnu Coreutils · CVE-2015-4042
Name of the Vulnerable Software and Affected Versions: GNU Coreutils versions through 8.23 Description: The issue is related to an integer overflow in the keycompare mb function in sort.c, which might allow attackers to cause a denial of service, such as an application crash, or possibly have other unspecified impacts via long strings. Recommendations: For GNU Coreutils versions through 8.23, update to a version later than 8.23 to resolve the issue.
PT-2013-5030
1.9
2013-11-02
Openstack · Openstack Compute · CVE-2013-4469
**Name of the Vulnerable Software and Affected Versions** OpenStack Compute (Nova) versions Folsom through Havana **Description** The issue allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance, when `use cow images` is set to `False`. This occurs because the virtual size of a QCOW2 image is not verified. **Recommendations** For OpenStack Compute (Nova) versions Folsom through Havana, as a temporary workaround, consider setting `use cow images` to `True` to mitigate the risk of exploitation. Restrict access to transferring images from Glance to minimize the risk of host file system disk consumption.
PT-2012-4720
7.1
2012-08-20
Openstack · Openstack Compute · CVE-2012-3447
**Name of the Vulnerable Software and Affected Versions** OpenStack Compute (Nova) versions 2012.1.x through 2012.1.1 OpenStack Compute (Nova) versions Folsom through Folsom-2 **Description** The issue allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. This problem exists due to an incomplete fix. **Recommendations** For OpenStack Compute (Nova) versions 2012.1.x through 2012.1.1, update to version 2012.1.2 or later. For OpenStack Compute (Nova) versions Folsom through Folsom-2, update to Folsom-3 or later. As a temporary workaround, consider restricting access to the `virt/disk/api.py` module to minimize the risk of exploitation.
PT-2012-4663
5.5
2012-07-22
Openstack · Openstack Compute · CVE-2012-3361
**Name of the Vulnerable Software and Affected Versions** OpenStack Compute (Nova) versions 2011.3 through 2012.2 **Description** The issue allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image. This is possible due to a flaw in the `virt/disk/api.py` module. **Recommendations** For OpenStack Compute (Nova) versions 2011.3 through 2012.2, consider restricting access to the `virt/disk/api.py` module to minimize the risk of exploitation. As a temporary workaround, avoid using the `virt/disk/api.py` module until a patch is available.