Debian dla-4486 : nova-api - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4486 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4486-1 [email protected] https://www.debian.org/lts/security/...

[SECURITY] [DSA 6145-1] nova security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6145-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 19, 2026 https://www.debian.org/security/faq -...

Debian dsa-6145 : nova-api - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6145 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6145-1 [email protected] https://www.debian.org/security/...

GHSA-M4F3-QP2W-GWH6 OpenStack Nova calls qemu-img without format restrictions for resize

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

CVE-2026-24708

CVE-2026-24708 affects OpenStack Nova (Flat image backend), where an attacker could cause unsafe image resize by writing a malicious QCOW header to a root or ephemeral disk, triggering qemu-img without a format restriction. Affected: Nova releases before 30.2.2, 31 before 31.2.1, and 32 before 32...

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

OpenStack Nova 安全漏洞

OpenStack Nova is a core computing service component of the OpenStack open-source framework. Versions of OpenStack Nova prior to 30.2.2, 31.2.1, and 32.1.1 have security vulnerabilities. These vulnerabilities stem from the Flat image backend’s failure to apply format restrictions when processing...

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

CVE-2023-38495

Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered...

CVE-2023-38495

Crossplane versions prior to 1.11.5, 1.12.3, and 1.13.0 have a flaw in the image backend where the byte contents of packages are not validated, allowing tampering to go undetected. The vulnerability is fixed in 1.11.5, 1.12.3, and 1.13.0. Workarounds include using images from trusted sources and ...

CVE-2022-31561

The varijkapil13/SphereImageBackend repository through 2019-10-03 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

Sphere_ImageBackend 路径遍历漏洞

SphereImageBackend is an image processing repository by the individual developer Varij Kapil in Germany. A security vulnerability exists in SphereImageBackend version 2019-10-03 and earlier, which stems from an incorrect call to Flask's sendfile function leading to absolute path traversal...

evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail()

The tiffdocumentrender and tiffdocumentgetthumbnail functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented, leading to uninitialized memory use when processing certain TIFF image files...