Lucene search
+L

6 matches found

Vulnrichment
Vulnrichment
added 2026/02/21 5:36 a.m.3 views

CVE-2026-27211 Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration constrained by process privileges when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted...

9.1CVSS5.5AI score0.005EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2024/08/08 7:27 a.m.24 views

openstack-nova: Regression VMDK/qcow arbitrary file access

An arbitrary file access flaw was found in Nova. By supplying a RAW format image, a specially crafted QCOW2 image with a backing file path, or a VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file’s contents from the...

6.5CVSS5.8AI score0.00941EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/08/07 1:21 p.m.18 views

openstack-nova: Regression VMDK/qcow arbitrary file access

An arbitrary file access flaw was found in Nova. By supplying a RAW format image, a specially crafted QCOW2 image with a backing file path, or a VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file’s contents from the...

6.5CVSS5.8AI score0.00941EPSS
Exploits1References5
OSV
OSV
added 2015/08/19 3:59 p.m.3 views

DEBIAN-CVE-2015-5163

The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...

3.5CVSS6.7AI score0.01499EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2015/08/19 12:0 a.m.2 views

PT-2015-6790 · Openstack · Openstack Image Service

Name of the Vulnerable Software and Affected Versions: OpenStack Image Service Glance versions 2015.1.x before 2015.1.2 kilo Description: The issue allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image when using the V2 API. Recommendations: For...

7.1CVSS6.1AI score0.01499EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2015/07/02 9:30 p.m.11 views

openstack-cinder: Host file disclosure through qcow2 backing file

A flaw was found in the OpenStack Block Storage cinder upload-to-image functionality. When processing a malicious qcow2 header, cinder could be tricked into reading an arbitrary file from the cinder host...

6.8CVSS5.8AI score0.02618EPSS
Exploits0References4
Rows per page
Query Builder