Lucene search
K
OpenstackNova

5 matches found

CVE
CVE
added 2022/08/03 6:43 a.m.119 views

CVE-2022-37394

CVE-2022-37394 (OpenStack Nova) : An issue in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2 allows an authenticated user to cause a compute service denial of service. The attack sequence is: create a Neutron port with the direct vnic_type, create an instance bound to th...

3.3CVSS3.9AI score0.00297EPSS
CVE
CVE
added 2020/02/19 2:11 a.m.105 views

CVE-2015-9543

OpenStack Nova up to 18.2.4, 19.x up to 19.1.0, and 20.x up to 20.1.0 is vulnerable to leaking consoleauth tokens into log files when using novncproxy. The issue is tied to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py. A user with read access to the service logs c...

3.3CVSS3.9AI score0.00407EPSS
CVE
CVE
added 2014/01/23 9:0 p.m.78 views

CVE-2013-7048

CVE-2013-7048 affects OpenStack Nova (Grizzly 2013.1.4, Havana 2013.2.1 and earlier). The libvirt/live-snapshot path permissions were world-writable/world-readable in the temporary directory used for live snapshots, allowing a local attacker with shell access to read and modify snapshots before u...

3.3CVSS6AI score0.00475EPSS
CVE
CVE
added 2016/01/12 7:0 p.m.78 views

CVE-2015-7548

CVE-2015-7548 affects OpenStack Nova (Kilo/liberty branch) and allows a local authenticated user to read host files by overwriting an instance disk with a crafted image and requesting a snapshot. The root cause is in the instance snapshot flow when using libvirt/early Nova code paths, enabling ar...

3.5CVSS4AI score0.01803EPSS
CVE
CVE
added 2012/06/07 7:0 p.m.56 views

CVE-2012-2101

OpenStack Compute (Nova) in Folsom, 2012.1, and 2011.3, is vulnerable because it does not cap the number of security group rules. This allows remote authenticated users with certain permissions to trigger a denial of service by issuing a network request that creates a large number of iptables rul...

3.5CVSS6.1AI score0.0148EPSS