The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.