Lucene search
K
OpenstackNova

7 matches found

CVE
CVE
added 2023/01/26 12:0 a.m.142 views

CVE-2022-47951

CVE-2022-47951 affects OpenStack components (Cinder, Glance, Nova): by supplying a specially crafted VMDK flat image referencing a backing file path, an authenticated user could cause the server to return the contents of that backing file, enabling unauthorized data access. Affected ranges: Cinde...

5.7CVSS5.1AI score0.01025EPSS
CVE
CVE
added 2019/11/26 3:53 a.m.108 views

CVE-2011-4076

OpenStack Nova before 2012.1 is affected: if a user possesses an EC2_ACCESS_KEY (like a username), they may derive the EC2_SECRET_KEY (password). Exposing the EC2_ACCESS_KEY over HTTP or via tools that enable MITM over HTTPS could allow an attacker to obtain the secret key; brute-forcing EC2_ACCE...

5.9CVSS5.3AI score0.01446EPSS
CVE
CVE
added 2016/04/12 2:0 p.m.90 views

CVE-2016-2140

CVE-2016-2140 concerns OpenStack Nova’s libvirt driver. When using raw storage with use_cow_images = false, crafted qcow2 headers could allow a remote authenticated user to read arbitrary files on the host via an ephemeral or root disk. The issue affects OpenStack Compute (Nova) releases prior to...

5.3CVSS5.1AI score0.02091EPSS
CVE
CVE
added 2015/10/29 8:0 p.m.88 views

CVE-2015-7713

CVE-2015-7713 affects OpenStack Nova. The vulnerability arises when security group changes are not correctly applied to already-running instances, allowing remote attackers to bypass intended network restrictions. Affected releases: OpenStack Nova before 2014.2.4 (juno) and before 2015.1.x before...

5CVSS5.4AI score0.0367EPSS
CVE
CVE
added 2015/04/01 2:0 p.m.79 views

CVE-2015-0259

CVE-2015-0259 affects OpenStack Compute (Nova) prior to specific revisions (OpenStack Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3) where the websocket origin is not validated. This enables remote attackers to hijack a user’s authenticated session for console access via ...

5.1CVSS6.8AI score0.01068EPSS
CVE
CVE
added 2016/01/15 7:0 p.m.65 views

CVE-2015-8749

CVE-2015-8749 affects OpenStack Nova (Compute) when using the Xen backend. The function volume_utils._parse_volume_info can cause the StorageError message to include the connection_info dictionary, potentially exposing sensitive password information via logs or other vectors. Affected versions: O...

5.9CVSS5.7AI score0.02221EPSS
CVE
CVE
added 2019/12/05 4:9 p.m.61 views

CVE-2013-0326

Technical details about CVE-2013-0326 are not publicly available in the provided connected documents. Monitor for updates.

5.5CVSS5.5AI score0.00358EPSS