GHSA-F5C8-M5VW-RMGQ nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields

Impact In versions middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes on any Nova resource — including users who do not have access to Nova itself for example, frontend customers sharing the web guard with the Nova admin area. The endpoi...

Virtuozzo Hybrid Infrastructure 6.1 Update 1 Hotfix 8 (6.1.1-61)

This update provides stability fixes. Vulnerability id: VSTOR-90793 Volume resize fails when the Nova API is not upgraded. Vulnerability id: VSTOR-94387 A stability fix for the S3 service. Vulnerability id: VSTOR-94519 When a VM is shelved by a host evacuation task, its attached PCI devices are n...

Virtuozzo Hybrid Infrastructure 6.3 (6.3.0-170)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover the compute service and our ecosystem of backup and disaster recovery solutions. Additionally, this release delivers stability and security improvements, and addresses issues found in previous releases...

Debian dla-3873 : nova-api - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3873 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3873-1 [email protected]...

Debian dsa-5756 : nova-api - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5756 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5756-1 [email protected] https://www.debian.org/security/ Moritz...

Virtuozzo Hybrid Infrastructure 5.4 Update 4 (5.4.4-112)

This update delivers a new feature for the compute service, performance optimization for the object storage, as well as stability, security, and performance improvements. Vulnerability id: VSTOR-74916 VMs with Windows Server 2019, Windows Server 2022, and Windows 10 fail to boot after installatio...

XML External Entity (XXE)

The openstack-nova packages provide OpenStack Compute code name Nova, which provides services for provisioning, managing, and using virtual machine instances. A denial of service flaw was found in the Extensible Markup Language XML parser used by Nova. A remote attacker could use this flaw to sen...

Moderate: Red Hat Security Advisory: openstack-nova and python-novaclient security, bug fix, and enhancement update

An update for openstack-nova and python-novaclient is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

openstack-nova: RBAC policy not properly enforced in Nova EC2 API

It was found that RBAC policies were not enforced in certain methods of the OpenStack Compute EC2 Amazon Elastic Compute Cloud API. A remote attacker could use this flaw to escalate their privileges beyond the user group they were originally restricted to. Note that only certain setups using...

CVE-2012-1585

OpenStack Compute Nova Essex before 2011.3 allows remote authenticated users to cause a denial of service Nova-API log file and disk consumption via a long server name...