Nova Security Vulnerabilities and Issues — Nova CVE List

Lucene search

OpenstackNova

10 matches found

CVE•added 2022/03/02 11:15 p.m.•184 views

CVE-2021-3654

A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.

6.1CVSS6.1AI score0.89618EPSS

CVE•added 2019/08/09 7:15 p.m.•143 views

CVE-2019-14433

An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive...

6.5CVSS6.1AI score0.00516EPSS

CVE•added 2015/09/08 3:59 p.m.•79 views

CVE-2015-3241

OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.

6.8CVSS7AI score0.03783EPSS

CVE•added 2024/07/05 2:15 a.m.•76 views

CVE-2024-32498

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to retur...

6.5CVSS6.3AI score0.00103EPSS

CVE•added 2013/09/16 7:14 p.m.•72 views

CVE-2013-2256

OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by ...

6CVSS6AI score0.00342EPSS

CVE•added 2017/11/14 5:29 p.m.•72 views

CVE-2017-16239

In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter...

6.5CVSS6.3AI score0.00385EPSS

CVE•added 2024/07/24 5:15 a.m.•70 views

CVE-2024-40767

In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file...

6.5CVSS6.5AI score0.00482EPSS

CVE•added 2015/10/26 5:59 p.m.•63 views

CVE-2015-3280

OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.

6.8CVSS6.1AI score0.01716EPSS

CVE•added 2011/12/23 10:55 p.m.•46 views

CVE-2011-4596

Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.

6CVSS5.5AI score0.01002EPSS

CVE•added 2014/10/15 2:55 p.m.•40 views

CVE-2014-8750

Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.

6.5CVSS6.3AI score0.01342EPSS