Lucene search
K

512 matches found

OSV
OSV
added 2024/07/24 6:31 a.m.18 views

GHSA-RM86-H44C-2R2M OpenStack Nova vulnerable to unauthorized access to potentially sensitive data

In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...

6.5CVSS6.3AI score0.00941EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2024/07/24 6:31 a.m.24 views

OpenStack Nova vulnerable to unauthorized access to potentially sensitive data

In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...

6.5CVSS6.4AI score0.00941EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2024/07/24 5:15 a.m.32 views

CVE-2024-40767

In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...

6.5CVSS0.00941EPSS
Exploits1References5
CVE
CVE
added 2024/07/24 12:0 a.m.119 views

CVE-2024-40767

CVE-2024-40767 affects OpenStack Nova: before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, where supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or a VMDK flat image with a descriptor file path can cause the server to return the contents of the refe...

6.5CVSS6.5AI score0.00941EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/07/23 3:0 p.m.5 views

UBUNTU-CVE-2024-40767

In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...

6.5CVSS6AI score0.00941EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/07/23 12:0 a.m.5 views

PT-2024-29030

Name of the Vulnerable Software and Affected Versions OpenStack Nova versions prior to 29.1.1 Description A medium severity issue affects OpenStack Nova, where crafted image paths can expose sensitive data, potentially leading to data theft risk. Recommendations For OpenStack Nova versions prior ...

6.5CVSS6.1AI score0.00941EPSS
Exploits1References25
OSV
OSV
added 2024/07/05 2:15 a.m.3 views

DEBIAN-CVE-2024-32498

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...

6.5CVSS6.4AI score0.00835EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/07/02 4:47 p.m.22 views

Critical: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.3 (openstack-nova) security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

6.5CVSS6.7AI score0.00835EPSS
Exploits0References2
OSV
OSV
added 2024/07/02 3:0 p.m.6 views

UBUNTU-CVE-2024-32498

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...

6.5CVSS6AI score0.00835EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/07/02 12:0 a.m.3 views

PT-2024-24616

Name of the Vulnerable Software and Affected Versions OpenStack Cinder versions through 24.0.0 OpenStack Glance versions before 28.0.2 OpenStack Nova versions before 29.0.3 Description An issue was discovered in OpenStack, allowing arbitrary file access via custom QCOW2 external data. By supplyin...

7.1CVSS6.8AI score0.00835EPSS
Exploits0References65
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.17 views

RHEL 6 : openstack-nova (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openstack-nova/glance/cinder: Malicious image may exhaust resources CVE-2015-5162 - Rejected reason: DO N...

7.5CVSS7.3AI score0.03062EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.15 views

RHEL 9 : Red Hat OpenStack Platform 17.0 (openstack-nova) (RHSA-2023:1015)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1015 advisory. OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines,creating a redundant and...

5.7CVSS6.8AI score0.01025EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.32 views

RHEL 7 / 8 : Red Hat OpenStack Platform (openstack-nova) (RHSA-2023:1278)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1278 advisory. OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant...

5.7CVSS6.8AI score0.01025EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.31 views

RHEL 8 : Red Hat OpenStack Platform 16.2 (openstack-nova) (RHSA-2023:1948)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:1948 advisory. OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines,creating a redundant and...

3.3CVSS6.5AI score0.00297EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.22 views

RHEL 7 : openstack-nova (RHSA-2019:2652)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2652 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

6.5CVSS6.5AI score0.01927EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.21 views

RHEL 7 : openstack-nova (RHSA-2018:0241)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0241 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

6.5CVSS6.1AI score0.0141EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.16 views

RHEL 7 : openstack-nova (RHSA-2018:2855)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2855 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

7.8CVSS7AI score0.03755EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.19 views

RHEL 7 : openstack-nova (RHSA-2019:2631)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2631 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

6.5CVSS6.5AI score0.01927EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.17 views

RHEL 7 : openstack-nova and python-novaclient (RHSA-2018:0369)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0369 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

6.5CVSS6.2AI score0.0141EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.17 views

RHEL 7 : openstack-nova (RHSA-2018:0314)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0314 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

6.5CVSS6.1AI score0.0141EPSS
Exploits0References11
Rows per page
Query Builder