4 matches found
CVE-2015-5162
CVE-2015-5162 affects OpenStack components OpenStack Cinder, Glance, and Nova where the image parser does not properly limit qemu-img calls. This can allow an unprivileged user to trigger a denial of service through crafted disk images, consuming RAM and disk space on the compute host. Affected v...
CVE-2016-2140
CVE-2016-2140 concerns OpenStack Nova’s libvirt driver. When using raw storage with use_cow_images = false, crafted qcow2 headers could allow a remote authenticated user to read arbitrary files on the host via an ephemeral or root disk. The issue affects OpenStack Compute (Nova) releases prior to...
CVE-2015-7548
CVE-2015-7548 affects OpenStack Nova (Kilo/liberty branch) and allows a local authenticated user to read host files by overwriting an instance disk with a crafted image and requesting a snapshot. The root cause is in the instance snapshot flow when using libvirt/early Nova code paths, enabling ar...
CVE-2015-8749
CVE-2015-8749 affects OpenStack Nova (Compute) when using the Xen backend. The function volume_utils._parse_volume_info can cause the StorageError message to include the connection_info dictionary, potentially exposing sensitive password information via logs or other vectors. Affected versions: O...