10 matches found
CVE-2021-3654
The CVE-2021-3654 issue affects openstack-nova’s console proxy, noVNC, where crafting a malicious URL can trigger an open redirect to an attacker-controlled site. This could enable users to be redirected to a malicious page, potentially exposing sensitive information or enabling further actions. ...
CVE-2019-14433
The CVE-2019-14433 issue affects OpenStack Nova (versions before 17.0.12, 18.x before 18.2.2, 19.x before 19.0.2). It allows authenticated API requests that fault to leak environment details in responses, potentially exposing sensitive configuration data (partial confidentiality impact). Red Hat ...
CVE-2024-40767
CVE-2024-40767 affects OpenStack Nova: before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, where supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or a VMDK flat image with a descriptor file path can cause the server to return the contents of the refe...
CVE-2024-32498
CVE-2024-32498 affects OpenStack components: Cinder (up to 24.0.0), Glance (up to 28.0.2), and Nova (up to 29.0.3). The issue allows arbitrary file access via a crafted QCOW2 external data reference; an authenticated user can cause the server to return contents of a sensitive file by referencing ...
CVE-2015-3241
OpenStack Nova is affected by CVE-2015-3241. The issue: during instance migration, deleting an instance does not terminate the migration, enabling an authenticated remote user to cause denial of service by resizing and deleting instances, consuming disk/network/resources. Affected releases includ...
CVE-2017-16239
CVE-2017-16239 affects OpenStack Nova: when rebuilding an instance, authenticated users may bypass the Filter Scheduler (e.g., ImagePropertiesFilter, IsolatedHostsFilter), affecting all setups using the Nova Filter Scheduler across 14.x, 15.x, and 16.x branches. Root cause is a regression that al...
CVE-2013-2256
CVE-2013-2256 concerns OpenStack Compute (Nova) where, prior to 2013.1.3 (and Havana prior to havana-2), the system did not properly enforce the os-flavor-access:is_public property. This allowed remote authenticated users to obtain flavor information, boot arbitrary flavors by guessing IDs, and p...
CVE-2015-3280
OpenStack Compute (Nova) vulnerability CVE-2015-3280: when an authenticated user deletes an instance that is in the resize state, the original instance may not be deleted from the compute node, enabling a denial of service (disk depletion). This affects OpenStack Nova deployments such as OpenStac...
CVE-2011-4596
OpenStack Nova vulnerability CVE-2011-4596 affects OpenStack Nova before 2011.3.1 when EC2 API and the S3/RegisterImage image-registration method are enabled. It allows remote authenticated users to overwrite arbitrary files via a crafted tarball or manifest. Impact details in the reference CVSS ...
CVE-2014-8750
CVE-2014-8750 is a race condition in the OpenStack Nova VMware driver related to VNC port allocation. An authenticated user could cause two instances to receive the same VNC port, potentially exposing unauthorized consoles across tenants. Affected setups are those using the VMware driver with the...