Lucene search
+L

31 matches found

CVE
CVE
added 2026/02/18 12:0 a.m.34 views

CVE-2026-24708

CVE-2026-24708 affects OpenStack Nova (Flat image backend), where an attacker could cause unsafe image resize by writing a malicious QCOW header to a root or ephemeral disk, triggering qemu-img without a format restriction. Affected: Nova releases before 30.2.2, 31 before 31.2.1, and 32 before 32...

8.2CVSS5.5AI score0.00341EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/02/18 12:0 a.m.11 views

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS5.3AI score0.00341EPSS
Exploits0
Cvelist
Cvelist
added 2026/02/18 12:0 a.m.27 views

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS0.00341EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/18 12:0 a.m.7 views

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS5.5AI score0.00341EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/03/15 7:59 p.m.9 views

openstack: Arbitrary file access through custom VMDK flat descriptor

A flaw was found in OpenStack-nova, Openstack-glance, and Openstack-cinder. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized...

5.7CVSS7.3AI score0.01025EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/01/31 12:0 a.m.43 views

Debian dla-3301 : cinder-api - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3301 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3301-1 [email protected] https://www.debian.org/lts/security/...

5.7CVSS6.7AI score0.01025EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/01/31 12:0 a.m.24 views

Ubuntu 20.04 LTS / 22.04 LTS : Cinder vulnerability (USN-5835-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5835-1 advisory. Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Cinder incorrectly handled VMDK image processing. An authenticated...

5.7CVSS7.2AI score0.01025EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2023/01/27 12:0 a.m.34 views

CVE-2022-47951

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, a...

5.7CVSS6.8AI score0.01025EPSS
Exploits1References8
FreeBSD
FreeBSD
added 2023/01/27 12:0 a.m.24 views

py-cinder -- unauthorized data access

Utkarsh Gupta reports: An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specif...

5.7CVSS5.4AI score0.01025EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/01/26 12:0 a.m.56 views

CVE-2022-47951

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, a...

5.5AI score0.01025EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2023/01/25 5:37 a.m.45 views

CVE-2022-47951

A flaw was found in OpenStack-nova, Openstack-glance, and Openstack-cinder. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized...

7.7CVSS2.7AI score0.01025EPSS
Exploits1References4
Rows per page
Query Builder