CVE-2024-40767

In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...

CVE-2024-40767

CVE-2024-40767 affects OpenStack Nova: before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, where supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or a VMDK flat image with a descriptor file path can cause the server to return the contents of the refe...

UBUNTU-CVE-2024-40767

In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...

PT-2024-29030 · Openstack +2 · Openstack Nova +2

Name of the Vulnerable Software and Affected Versions: OpenStack Nova versions prior to 29.1.1 Description: A medium severity issue affects OpenStack Nova, where crafted image paths can expose sensitive data, potentially leading to data theft risk. Recommendations: For OpenStack Nova versions pri...

DEBIAN-CVE-2024-32498

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...

Critical: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.3 (openstack-nova) security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

UBUNTU-CVE-2024-32498

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...

PT-2024-24616 · Openstack +2 · Openstack Cinder +4

Name of the Vulnerable Software and Affected Versions: OpenStack Cinder versions through 24.0.0 OpenStack Glance versions before 28.0.2 OpenStack Nova versions before 29.0.3 Description: An issue was discovered in OpenStack, allowing arbitrary file access via custom QCOW2 external data. By...

RHEL 6 : openstack-nova (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openstack-nova/glance/cinder: Malicious image may exhaust resources CVE-2015-5162 - Rejected reason: DO N...

RHEL 7 : openstack-nova (RHSA-2019:2652)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2652 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

RHEL 8 : Red Hat OpenStack Platform 16.2 (openstack-nova) (RHSA-2023:1948)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:1948 advisory. OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines,creating a redundant and...

RHEL 7 / 8 : Red Hat OpenStack Platform (openstack-nova) (RHSA-2023:1278)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1278 advisory. OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant...

RHEL 9 : Red Hat OpenStack Platform 17.0 (openstack-nova) (RHSA-2023:1015)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1015 advisory. OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines,creating a redundant and...

RHEL 7 : openstack-nova (RHSA-2018:0241)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0241 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

RHEL 7 : openstack-nova (RHSA-2018:0314)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0314 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

RHEL 7 : openstack-nova (RHSA-2018:2855)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2855 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

RHEL 7 : openstack-nova (RHSA-2018:2714)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2714 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

RHEL 7 : openstack-nova (RHSA-2019:2622)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2622 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

RHEL 7 : openstack-nova (RHSA-2019:2631)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2631 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

RHEL 7 : openstack-nova and python-novaclient (RHSA-2018:0369)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0369 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...