Lucene search
K
OpenstackNova

10 matches found

CVE
CVE
added 2022/03/02 12:0 a.m.219 views

CVE-2021-3654

The CVE-2021-3654 issue affects openstack-nova’s console proxy, noVNC, where crafting a malicious URL can trigger an open redirect to an attacker-controlled site. This could enable users to be redirected to a malicious page, potentially exposing sensitive information or enabling further actions. ...

6.1CVSS6.1AI score0.26792EPSS
CVE
CVE
added 2019/08/09 6:21 p.m.173 views

CVE-2019-14433

The CVE-2019-14433 issue affects OpenStack Nova (versions before 17.0.12, 18.x before 18.2.2, 19.x before 19.0.2). It allows authenticated API requests that fault to leak environment details in responses, potentially exposing sensitive configuration data (partial confidentiality impact). Red Hat ...

6.5CVSS6.1AI score0.01927EPSS
CVE
CVE
added 2024/07/24 12:0 a.m.119 views

CVE-2024-40767

CVE-2024-40767 affects OpenStack Nova: before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, where supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or a VMDK flat image with a descriptor file path can cause the server to return the contents of the refe...

6.5CVSS6.5AI score0.00941EPSS
CVE
CVE
added 2024/07/05 12:0 a.m.111 views

CVE-2024-32498

CVE-2024-32498 affects OpenStack components: Cinder (up to 24.0.0), Glance (up to 28.0.2), and Nova (up to 29.0.3). The issue allows arbitrary file access via a crafted QCOW2 external data reference; an authenticated user can cause the server to return contents of a sensitive file by referencing ...

6.5CVSS6.3AI score0.00835EPSS
CVE
CVE
added 2015/09/08 3:0 p.m.105 views

CVE-2015-3241

OpenStack Nova is affected by CVE-2015-3241. The issue: during instance migration, deleting an instance does not terminate the migration, enabling an authenticated remote user to cause denial of service by resizing and deleting instances, consuming disk/network/resources. Affected releases includ...

6.8CVSS7AI score0.03451EPSS
CVE
CVE
added 2017/11/14 5:0 p.m.95 views

CVE-2017-16239

CVE-2017-16239 affects OpenStack Nova: when rebuilding an instance, authenticated users may bypass the Filter Scheduler (e.g., ImagePropertiesFilter, IsolatedHostsFilter), affecting all setups using the Nova Filter Scheduler across 14.x, 15.x, and 16.x branches. Root cause is a regression that al...

6.5CVSS6.3AI score0.0141EPSS
CVE
CVE
added 2013/09/16 7:0 p.m.89 views

CVE-2013-2256

CVE-2013-2256 concerns OpenStack Compute (Nova) where, prior to 2013.1.3 (and Havana prior to havana-2), the system did not properly enforce the os-flavor-access:is_public property. This allowed remote authenticated users to obtain flavor information, boot arbitrary flavors by guessing IDs, and p...

6CVSS6AI score0.01829EPSS
CVE
CVE
added 2015/10/26 5:0 p.m.84 views

CVE-2015-3280

OpenStack Compute (Nova) vulnerability CVE-2015-3280: when an authenticated user deletes an instance that is in the resize state, the original instance may not be deleted from the compute node, enabling a denial of service (disk depletion). This affects OpenStack Nova deployments such as OpenStac...

6.8CVSS6.1AI score0.03353EPSS
CVE
CVE
added 2011/12/23 10:0 p.m.68 views

CVE-2011-4596

OpenStack Nova vulnerability CVE-2011-4596 affects OpenStack Nova before 2011.3.1 when EC2 API and the S3/RegisterImage image-registration method are enabled. It allows remote authenticated users to overwrite arbitrary files via a crafted tarball or manifest. Impact details in the reference CVSS ...

6CVSS5.5AI score0.01941EPSS
CVE
CVE
added 2014/10/15 2:0 p.m.63 views

CVE-2014-8750

CVE-2014-8750 is a race condition in the OpenStack Nova VMware driver related to VNC port allocation. An authenticated user could cause two instances to receive the same VNC port, potentially exposing unauthorized consoles across tenants. Affected setups are those using the VMware driver with the...

6.5CVSS6.3AI score0.02027EPSS