Lucene search
K

1833 matches found

Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.12 views

PT-2026-37175

Name of the Vulnerable Software and Affected Versions nova-toggle-5 versions prior to 1.3.0 Description The toggle endpoint "POST /nova-vendor/nova-toggle/toggle/resource/resourceId" was protected only by web and auth: middleware. This allowed any user authenticated on the configured guard to fli...

6.5CVSS6AI score0.00201EPSS
Exploits0References7
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/24 12:0 a.m.24 views

nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields

In versions middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes on any Nova resource — including users who do not have access to Nova itself for example, frontend customers sharing the web guard with the Nova admin area. The endpoint also...

6.5CVSS6AI score0.00201EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/24 12:0 a.m.10 views

nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields

In versions middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes on any Nova resource — including users who do not have access to Nova itself for example, frontend customers sharing the web guard with the Nova admin area. The endpoint also...

5.6AI score
Exploits0References5Affected Software1
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.7 views

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: temporal, aws-privateca-issuer, aws-load-balancer-controller, polaris, grafana-rollout-operator, nova, secrets-store-csi-driver-provider-aws, flux-notification-controller, gh, clickhouse-operator, go, mariadb-operator, sftpgo-plugin-eventsearch,...

5.8AI score
Exploits0
OpenVAS
OpenVAS
added 2026/02/23 12:0 a.m.5 views

Debian: Security Advisory (DLA-4486-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS5.4AI score0.00341EPSS
Exploits0References2
Debian
Debian
added 2026/02/21 2:42 a.m.7 views

[SECURITY] [DLA 4486-1] nova security update

Debian LTS Advisory DLA-4486-1 [email protected] https://www.debian.org/lts/security/ Carlos Henrique Lima Melara February 20, 2026 https://wiki.debian.org/LTS Package : nova Version : 2:22.4.0-1deb11u7 CVE ID : CVE-2026-24708 Debian Bug : 1128294 Dan Smith discovered that nova, a cloud...

8.2CVSS5.8AI score0.00341EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/21 12:0 a.m.4 views

Debian dla-4486 : nova-api - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4486 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4486-1 [email protected] https://www.debian.org/lts/security/...

8.2CVSS5.6AI score0.00341EPSS
Exploits0References4
OSV
OSV
added 2026/02/20 12:0 a.m.6 views

DLA-4486-1 nova - security update

Bulletin has no description...

8.2CVSS4.9AI score0.00341EPSS
Exploits0
OpenVAS
OpenVAS
added 2026/02/20 12:0 a.m.4 views

Debian: Security Advisory (DSA-6145-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS5.5AI score0.00341EPSS
Exploits0References2
Debian
Debian
added 2026/02/19 8:53 p.m.6 views

[SECURITY] [DSA 6145-1] nova security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6145-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 19, 2026 https://www.debian.org/security/faq -...

8.2CVSS5.5AI score0.00341EPSS
Exploits0
OSV
OSV
added 2026/02/19 12:0 a.m.4 views

DSA-6145-1 nova - security update

Bulletin has no description...

8.2CVSS5.1AI score0.00341EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.6 views

Debian dsa-6145 : nova-api - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6145 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6145-1 [email protected] https://www.debian.org/security/...

8.2CVSS5.5AI score0.00341EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2026/02/19 12:0 a.m.5 views

Ubuntu: Security Advisory (USN-8049-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS5.5AI score0.00341EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/18 6:30 p.m.10 views

OpenStack Nova calls qemu-img without format restrictions for resize

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS5.5AI score0.00341EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/02/18 6:30 p.m.5 views

GHSA-M4F3-QP2W-GWH6 OpenStack Nova calls qemu-img without format restrictions for resize

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS5.9AI score0.00341EPSS
Exploits0References6
NVD
NVD
added 2026/02/18 6:24 p.m.6 views

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS0.00341EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/02/18 5:44 a.m.8 views

CVE-2026-24708

A flaw in OpenStack Nova’s interaction with the qemu-img utility allows an authenticated user to overwrite arbitrary files on the compute host. This occurs because Nova invokes qemu-img without strictly constraining the disk image format, enabling a malicious user to craft a QCOW2 header on a raw...

8.2CVSS5.4AI score0.00341EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/18 12:0 a.m.6 views

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS5.5AI score0.00341EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.7 views

OpenStack Nova 安全漏洞

OpenStack Nova is a core computing service component of the OpenStack open-source framework. Versions of OpenStack Nova prior to 30.2.2, 31.2.1, and 32.1.1 have security vulnerabilities. These vulnerabilities stem from the Flat image backend’s failure to apply format restrictions when processing...

8.2CVSS5.8AI score0.00341EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/18 12:0 a.m.7 views

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS5.5AI score0.00341EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder