VIR Vulnerability Intelligence Relay

Package impact

python PyPI / nova

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2017-7214 critical 9.8 9.8 9y ago OpenStack Nova logs sensitive context from notification exceptions susedebianpython
CVE-2017-17051 high 8.6 8.6 9y ago OpenStack Nova DoS by rebuilding the same instance with a new image multiple times debianpython
CVE-2015-5162 high 7.5 7.5 10y ago OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption susedebianpython
CVE-2013-7130 high 7.1 13y ago The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not prope… debianpython
CVE-2015-3241 medium 6.8 4y ago OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of … debianpython
CVE-2015-3280 medium 6.8 11y ago OpenStack Compute (nova) allows remote authenticated users to cause a denial of service debianpython
CVE-2017-16239 medium 6.5 6.5 9y ago OpenStack Nova Filter Scheduler Bypass susedebianpython
CVE-2013-4497 medium 6.4 4y ago The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows … debianpython
CVE-2013-2256 medium 6.0 4y ago OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive info… debianpython
CVE-2014-0167 medium 6.0 12y ago OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests debianpython
CVE-2013-0335 medium 6.0 13y ago OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM t… ubuntudebianpython
CVE-2011-4596 medium 6.0 15y ago OpenStack Nova Multiple directory traversal vulnerabilities debianpython
CVE-2015-8749 medium 5.9 5.9 11y ago OpenStack Nova Potential Xen connection password leak via StorageError susedebianpython
CVE-2012-3361 medium 5.5 14y ago OpenStack Nova Arbitrary file injection/corruption through directory traversal issues debianpython
CVE-2012-3360 medium 5.5 14y ago OpenStack Nova Directory traversal vulnerability debianpython
CVE-2016-2140 medium 5.3 5.3 4y ago The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users … susedebianpython
CVE-2015-0259 medium 5.1 11y ago OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity debianpython
CVE-2013-6419 medium 5.0 4y ago Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive… debianpython
CVE-2015-7713 medium 5.0 4y ago OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by lever… debianpython
CVE-2012-3447 medium 4.9 14y ago virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an im… debianpython
CVE-2015-2687 medium 4.7 4.7 9y ago OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for. debianpython
CVE-2012-2654 medium 4.3 4y ago The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protoc… debianpython
CVE-2014-3517 medium 4.3 12y ago OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability debianpython
CVE-2013-4179 medium 4.3 13y ago OpenStack Compute (Nova) vulnerable to denial of service via XML Entity Expansion attack debianpython
CVE-2012-5625 medium 4.3 14y ago OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which a… debianpython
CVE-2013-1838 medium 4.0 4y ago OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource… ubuntudebianpython
CVE-2014-3708 medium 4.0 4y ago OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API re… susedebianpython
CVE-2014-8333 medium 4.0 12y ago OpenStack Nova VMware instance leak potentially leading to compute DoS debianredhatpython
CVE-2013-6437 medium 4.0 12y ago OpenStack Nova DoS through ephemeral disk backing files debianpython
CVE-2013-4185 medium 4.0 13y ago OpenStack Nova Denial of Service in network source security groups debianpython
CVE-2012-1585 medium 4.0 14y ago OpenStack Nova Long server names grow nova-api log files significantly debianpython
CVE-2013-4278 low 3.5 4y ago The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot… debianpython
CVE-2014-0134 low 3.5 12y ago The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authentica… debianpython
CVE-2012-3371 low 3.5 14y ago OpenStack Nova Scheduler denial of service through scheduler_hints debianpython
CVE-2012-2101 low 3.5 14y ago Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules debianpython
CVE-2013-7048 low 3.3 13y ago OpenStack Nova live snapshots use an insecure local directory debianpython
CVE-2014-3608 low 2.7 12y ago OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service debianpython
CVE-2014-2573 low 2.3 12y ago The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denia… debianpython
CVE-2013-4463 low 2.1 4y ago OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumpti… debianpython
CVE-2013-2096 low 2.1 13y ago OpenStack Compute (Nova) does not verify the virtual size of a QCOW2 image susedebianpython
CVE-2013-4469 low 1.9 4y ago OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (ho… debianpython
CVE-2026-24708 unknown 3mo ago OpenStack Nova calls qemu-img without format restrictions for resize debianpython
CVE-2024-40767 unknown 2y ago OpenStack Nova vulnerable to unauthorized access to potentially sensitive data debianpython
CVE-2024-32498 unknown 2y ago OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access debianpython
CVE-2022-47951 unknown 3y ago An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0… debiansusepython
CVE-2022-37394 unknown 4y ago OpenStack Nova Changing vnic_type breaks compute service restart susedebianpython
CVE-2020-17376 unknown 4y ago An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously under… susedebianpython
CVE-2015-9543 unknown 4y ago An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs … susedebianpython
CVE-2019-14433 unknown 4y ago An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external excepti… susedebianpython
CVE-2017-18191 unknown 4y ago OpenStack Nova Denial of service attack on the compute host susedebianpython
CVE-2011-4076 unknown 4y ago OpenStack Nova Exposure of Sensitive Information to an Unauthorized Actor debianpython
CVE-2011-3147 unknown 4y ago Openstack nova qcow format could expose host filesystem information debianpython
CVE-2021-3654 unknown 4y ago Open Redirect in CPython that affects users of OpenStack Nova susedebianpython