AZL-78282 CVE-2026-27211 affecting package cloud-hypervisor 48.0.246-1

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration constrained by process privileges when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted...

CVE-2026-24708

A flaw in OpenStack Nova’s interaction with the qemu-img utility allows an authenticated user to overwrite arbitrary files on the compute host. This occurs because Nova invokes qemu-img without strictly constraining the disk image format, enabling a malicious user to craft a QCOW2 header on a raw...

EUVD-2022-2346

Malicious code in bioql PyPI...

FreeBSD : py-cinder -- data leak (f4a94232-7864-4afb-bbf9-ff2dc8e288d1)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f4a94232-7864-4afb-bbf9-ff2dc8e288d1 advisory. - The 1 GlusterFS and 2 Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote...

SUSE CVE-2014-3641

The 1 GlusterFS and 2 Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header...

SUSE CVE-2016-2140

The libvirt driver in OpenStack Compute Nova before 2015.1.4 kilo and 12.0.x before 12.0.3 liberty, when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk...

OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability

The 1 GlusterFS and 2 Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header...

Arbitrary File Read

openstack-nova is vulnerable to arbitrary file read attacks. The vulnerability exists as the libvirt driver in OpenStack Compute Nova before 2015.1.4 kilo and 12.0.x before 12.0.3 liberty, when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary...

DEBIAN-CVE-2016-2140

The libvirt driver in OpenStack Compute Nova before 2015.1.4 kilo and 12.0.x before 12.0.3 liberty, when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk...

CVE-2016-2140

The libvirt driver in OpenStack Compute Nova before 2015.1.4 kilo and 12.0.x before 12.0.3 liberty, when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk...

Code injection

The libvirt driver in OpenStack Compute Nova before 2015.1.4 kilo and 12.0.x before 12.0.3 liberty, when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk...

CVE-2016-2140

The libvirt driver in OpenStack Compute Nova before 2015.1.4 kilo and 12.0.x before 12.0.3 liberty, when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk...

PT-2016-5023 · Openstack +1 · Openstack Compute +1

Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions prior to 2015.1.4 kilo OpenStack Compute Nova versions 12.0.x prior to 12.0.3 liberty Description: The issue allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral ...

UBUNTU-CVE-2016-2140

The libvirt driver in OpenStack Compute Nova before 2015.1.4 kilo and 12.0.x before 12.0.3 liberty, when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk...

openstack-glance: Glance v2 API host file disclosure through qcow2 backing file

A flaw was found in the OpenStack Image Service glance import task action. When processing a malicious qcow2 header, glance could be tricked into reading an arbitrary file from the glance host. Only setups using the glance V2 API are affected by this flaw...

openstack-cinder: Cinder-volume host data leak to virtual machine instance

The 1 GlusterFS and 2 Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header...

DEBIAN-CVE-2014-3641

The 1 GlusterFS and 2 Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header...

PT-2014-5432 · Linux Foundation +3 · Smbfs +4

Name of the Vulnerable Software and Affected Versions: OpenStack Cinder versions prior to 2014.1.3 Description: The issue allows remote authenticated users to obtain file data from the Cinder-volume host. This is achieved by cloning and attaching a volume with a crafted qcow2 header, exploiting t...

UBUNTU-CVE-2014-3641

The 1 GlusterFS and 2 Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header...