Debian dla-4486 : nova-api - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4486 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4486-1 [email protected] https://www.debian.org/lts/security/...

USN-8049-1 nova vulnerability

Dan Smith discovered that Nova incorrectly called qemu-img without a format restriction when resizing disks. An attacker could possibly use this issue to destroy data on the host system...

USN-8049-1: Nova vulnerability

Dan Smith discovered that Nova incorrectly called qemu-img without a format restriction when resizing disks. An attacker could possibly use this issue to destroy data on the host system...

EUVD-2004-2444

Malware in sbrugna...

EUVD-2022-1881

Malicious code in bioql PyPI...

EUVD-2022-3763

Malicious code in bioql PyPI...

USN-6911-1 nova vulnerability

Arnaud Morin discovered that Nova incorrectly handled certain raw format images. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information...

UBUNTU-CVE-2024-40767

In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Nova vulnerability (USN-6911-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6911-1 advisory. Arnaud Morin discovered that Nova incorrectly handled certain raw format images. An authenticated user could use this issue to access...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Nova vulnerability (USN-6884-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6884-1 advisory. Martin Kaesberger discovered that Nova incorrectly handled QCOW2 image processing. An authenticated user could use this issue to...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Nova vulnerability (USN-6073-3)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6073-3 advisory. Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly handled deleted volume attachments. An authenticated user or attacker could...

USN-5835-5 nova vulnerability

USN-5835-3 fixed vulnerabilities in Nova. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory details: Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Nova incorrectly handled VMDK image processing. An authenticated attacker cou...

USN-5835-3 nova vulnerability

Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Nova incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information...

Ubuntu 20.04 LTS / 22.04 LTS : Nova vulnerability (USN-5835-3)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5835-3 advisory. Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Nova incorrectly handled VMDK image processing. An authenticated...

Debian dla-3109 : nova-api - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3109 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3109-1 [email protected] https://www.debian.org/lts/security/...

DEBIAN-CVE-2022-37394

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnictype, creating an instance bound to that port, and then changing the vnictype of the bound port to macvtap, an authenticated user may cause the compu...

OpenStack 安全漏洞

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA of the U.S. OpenStack Nova is one of the cloud computing construct controllers written in Python and is part of the IaaS system. A security vulnerability exists in OpenStack Nova versions...

GHSA-PH2H-HH49-VH27 OpenStack Nova Denial of Service in network source security groups

Algorithmic complexity vulnerability in OpenStack Compute Nova before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service nova-network consumption via a large number of...

GHSA-FFMH-R67W-M88F OpenStack Nova Denial of service attack on the compute host

An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. The same code error...

CVE-2011-4076

OpenStack Nova before 2012.1 allows someone with access to an EC2ACCESSKEY equivalent to a username to obtain the EC2SECRETKEY equivalent to a password. Exposing the EC2ACCESSKEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2SECRETKEY. A...