Lucene search
K

21 matches found

OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-868 OpenStack Cinder, glance, and Nova vulnerable to Path Traversal

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, a...

5.7CVSS7.1AI score0.01025EPSS
Exploits1References11
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Qemu

A flaw was discovered in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition DoS...

5.1CVSS7.1AI score0.00114EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2026/02/25 9:3 a.m.8 views

Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse

...

10CVSS5.9AI score0.005EPSS
Exploits1
OSV
OSV
added 2026/02/19 6:25 p.m.7 views

UBUNTU-CVE-2026-2243

A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition DoS...

5.1CVSS5.7AI score0.00114EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-29054

Malicious code in bioql PyPI...

3.8CVSS7.7AI score0.00209EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-47951

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before...

5.7CVSS6.7AI score0.01025EPSS
Exploits1References2
OSV
OSV
added 2025/07/08 5:15 p.m.5 views

CVE-2025-47971

Buffer over-read in Virtual Hard Disk VHDX allows an unauthorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.0046EPSS
Exploits0References1
NVD
NVD
added 2025/02/14 9:15 p.m.9 views

CVE-2024-31144

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...

3.8CVSS0.00209EPSS
Exploits0References3
OSV
OSV
added 2025/02/14 9:15 p.m.4 views

UBUNTU-CVE-2024-31144

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...

3.8CVSS5.8AI score0.00209EPSS
Exploits0References3
CVE
CVE
added 2025/02/14 8:16 p.m.120 views

CVE-2024-31144

CVE-2024-31144 affects Xen/Xapi backup/restore of VM/SR metadata via a VDI metadata store. The vulnerability arises because the host searches VDI images to locate the metadata VDI and restore metadata; a malicious guest can manipulate its disk to appear as a metadata backup, potentially causing m...

3.8CVSS6AI score0.00209EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/14 8:16 p.m.9 views

CVE-2024-31144 Xapi: Metadata injection attack against backup/restore functionality

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...

6.3AI score0.00209EPSS
Exploits0References1
Citrix
Citrix
added 2024/07/14 12:0 a.m.6 views

Xenserver Storage: Comprehensive Guide

Introduction This article will assist you in resolving issues with unavailable VDI Virtual Disk Image. Overview of the Issue In different situations, XenServer experiences issues with starting VM’s , taking a snapshot or scan of SR’s and failing with error “VDI is not available ”. This article wi...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2024/07/09 12:14 p.m.4 views

OpenStack: malicious qcow2/vmdk images

An input validation flaw was discovered in how multiple OpenStack services validate images with backing file references. An authenticated attacker could provide a malicious image via upload, or by creating and modifying an image from an existing volume. Validation of images can be triggered durin...

6.5CVSS6AI score0.00835EPSS
Exploits0References6
Citrix
Citrix
added 2023/08/16 12:0 a.m.13 views

Add New VMs to MCS catalog Failed with Error "CreateClone Failed: No Virtual Disk Image Exists"

Received an Inner Error when adding new VMs to an existing MCS catalog: CreateClone failed: no virtual disk image exists with ID 'xxxx'...

7.1AI score
Exploits0
OSV
OSV
added 2023/02/09 2:44 p.m.7 views

USN-5835-5 nova vulnerability

USN-5835-3 fixed vulnerabilities in Nova. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory details: Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Nova incorrectly handled VMDK image processing. An authenticated attacker cou...

5.7CVSS7AI score0.01025EPSS
Exploits1References2
OSV
OSV
added 2023/02/09 12:26 p.m.5 views

USN-5835-4 cinder vulnerability

USN-5835-1 fixed vulnerabilities in Cinder. This update provides the corresponding updates for Ubuntu 18.04 LTS. In addition, a regression was fixed for Ubuntu 20.04 LTS. Original advisory details: Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Cinder incorrectl...

5.7CVSS7AI score0.01025EPSS
Exploits1References2
OSV
OSV
added 2023/01/31 1:15 p.m.6 views

USN-5835-3 nova vulnerability

Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Nova incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information...

5.7CVSS7AI score0.01025EPSS
Exploits1References2
OSV
OSV
added 2023/01/31 1:11 p.m.4 views

USN-5835-1 cinder vulnerability

Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Cinder incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information...

5.7CVSS7AI score0.01025EPSS
Exploits1References2
OSV
OSV
added 2023/01/31 1:7 p.m.3 views

USN-5835-2 glance vulnerability

Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that OpenStack Glance incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive...

5.7CVSS7AI score0.01025EPSS
Exploits1References2
OSV
OSV
added 2023/01/27 12:0 a.m.5 views

UBUNTU-CVE-2022-47951

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, a...

5.7CVSS6.8AI score0.01025EPSS
Exploits1References9
Rows per page
Query Builder