Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:USN-5866-1
HistoryFeb 13, 2023 - 10:41 a.m.

nova vulnerabilities

2023-02-1310:41:19
Google
osv.dev
6
nova
ubuntu
sensitive information
denial of service
cve-2015-9543
cve-2017-18191
cve-2020-17376
cve-2021-3654
cve-2022-37394

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

6.6 Medium

AI Score

Confidence

High

0.926 High

EPSS

Percentile

99.0%

JSON

It was discovered that Nova did not properly manage data logged into the
log file. An attacker with read access to the service’s logs could exploit
this issue and may obtain sensitive information. This issue only affected
Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2015-9543)

It was discovered that Nova did not properly handle attaching and
reattaching the encrypted volume. An attacker could possibly use this issue
to perform a denial of service attack. This issue only affected Ubuntu
16.04 ESM. (CVE-2017-18191)

It was discovered that Nova did not properly handle the updation of domain
XML after live migration. An attacker could possibly use this issue to
corrupt the volume or perform a denial of service attack. This issue only
affected Ubuntu 18.04 LTS. (CVE-2020-17376)

It was discovered that Nova was not properly validating the URL passed to
noVNC. An attacker could possibly use this issue by providing malicious URL
to the noVNC proxy to redirect to any desired URL. This issue only affected
Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2021-3654)

It was discovered that Nova did not properly handle changes in the neutron
port of vnic_type type. An authenticated user could possibly use this issue
to perform a denial of service attack. This issue only affected Ubuntu
20.04 LTS. (CVE-2022-37394)

Related

nessus 12
openvas 1
ubuntu 1
cve 5
redhat 11
ubuntucve 5
prion 5
cvelist 5
veracode 5
ibm 2
redhatcve 4
debiancve 5
osv 7
nvd 5
github 5
nuclei 1
gentoo 1
nessus
nessus
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Nova vulnerabilities (USN-5866-1)
2023-02-13 00:00:00
RHEL 7 : openstack-nova (RHSA-2018:2855)
2024-04-27 00:00:00
RHEL 8 : openstack-nova (RHSA-2020:3702)
2020-09-10 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5866-1)
2023-02-14 00:00:00
ubuntu
ubuntu
Nova vulnerabilities
2023-02-13 00:00:00
cve
cve
CVE-2015-9543
2020-02-19 03:15:10
CVE-2017-18191
2018-02-19 17:29:00
CVE-2020-17376
2020-08-26 19:15:14
redhat
redhat
(RHSA-2018:2855) Moderate: openstack-nova security and bug fix update
2018-10-02 18:36:09
(RHSA-2018:2714) Moderate: openstack-nova security and bug fix update
2018-09-17 16:35:53
(RHSA-2018:2332) Moderate: openstack-nova security, bug fix, and enhancement update
2018-08-20 12:40:14
ubuntucve
ubuntucve
CVE-2017-18191
2018-02-19 00:00:00
CVE-2015-9543
2020-02-19 00:00:00
CVE-2020-17376
2020-08-26 00:00:00
prion
prion
Design/Logic Flaw
2018-02-19 17:29:00
Design/Logic Flaw
2022-08-03 07:15:00
Design/Logic Flaw
2020-08-26 19:15:00
cvelist
cvelist
CVE-2017-18191
2018-02-19 17:00:00
CVE-2015-9543
2020-02-19 02:11:06
CVE-2022-37394
2022-08-03 06:43:44
veracode
veracode
Information Disclosure
2020-02-28 05:13:49
Denial Of Service (DoS)
2019-01-15 09:24:25
Authorization Bypass
2020-08-27 03:57:23
ibm
ibm
Security Bulletin: PowerVC is impacted by an Openstack Nova vulnerability which could leak consoleauth tokens into log files (CVE-2015-9543)
2020-06-22 05:03:44
Security Bulletin: Openstack Compute (Nova) noVNC proxy
2021-10-26 20:39:48
redhatcve
redhatcve
CVE-2017-18191
2019-10-09 03:48:49
CVE-2020-17376
2020-08-25 15:34:10
CVE-2022-37394
2022-08-10 16:39:59
debiancve
debiancve
CVE-2017-18191
2018-02-19 17:29:00
CVE-2020-17376
2020-08-26 19:15:14
CVE-2022-37394
2022-08-03 07:15:07
osv
osv
CVE-2017-18191
2018-02-19 17:29:00
PYSEC-2020-243
2020-08-26 19:15:00
CVE-2020-17376
2020-08-26 19:15:14
nvd
nvd
CVE-2017-18191
2018-02-19 17:29:00
CVE-2015-9543
2020-02-19 03:15:10
CVE-2020-17376
2020-08-26 19:15:14
github
github
OpenStack Nova Live migration fails to update persistent domain XML
2022-05-24 17:26:41
OpenStack Nova Denial of service attack on the compute host
2022-05-13 01:44:36
OpenStack Nova Changing vnic_type breaks compute service restart
2022-08-04 00:00:26
nuclei
nuclei
Nova noVNC - Open Redirect
2021-09-28 01:53:50
gentoo
gentoo
Python, PyPy3: Multiple Vulnerabilities
2023-05-03 00:00:00

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

6.6 Medium

AI Score

Confidence

High

0.926 High

EPSS

Percentile

99.0%

JSON
Related for OSV:USN-5866-1
nessus12openvas1ubuntu1cve5redhat11ubuntucve5prion5cvelist5veracode5ibm2redhatcve4debiancve5osv7nvd5github5nuclei1gentoo1