VIR Vulnerability Intelligence Relay

Package impact

python PyPI / nova

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2017-7214 critical 9.8 9.8 9y ago OpenStack Nova logs sensitive context from notification exceptions susedebianpython
CVE-2017-17051 high 8.6 8.6 9y ago OpenStack Nova DoS by rebuilding the same instance with a new image multiple times debianpython
CVE-2015-5162 high 7.5 7.5 10y ago OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption susedebianpython
CVE-2013-7130 high 7.1 13y ago The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not prope… debianpython
CVE-2015-3241 medium 6.8 4y ago OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of … debianpython
CVE-2015-3280 medium 6.8 11y ago OpenStack Compute (nova) allows remote authenticated users to cause a denial of service debianpython
CVE-2017-16239 medium 6.5 6.5 9y ago OpenStack Nova Filter Scheduler Bypass susedebianpython
CVE-2013-4497 medium 6.4 4y ago The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows … debianpython
CVE-2013-2256 medium 6.0 4y ago OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive info… debianpython
CVE-2014-0167 medium 6.0 12y ago OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests debianpython
CVE-2013-0335 medium 6.0 13y ago OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM t… ubuntudebianpython
CVE-2011-4596 medium 6.0 15y ago OpenStack Nova Multiple directory traversal vulnerabilities debianpython
CVE-2015-8749 medium 5.9 5.9 11y ago OpenStack Nova Potential Xen connection password leak via StorageError susedebianpython
CVE-2012-3361 medium 5.5 14y ago OpenStack Nova Arbitrary file injection/corruption through directory traversal issues debianpython
CVE-2012-3360 medium 5.5 14y ago OpenStack Nova Directory traversal vulnerability debianpython
CVE-2016-2140 medium 5.3 5.3 4y ago The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users … susedebianpython
CVE-2015-0259 medium 5.1 11y ago OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity debianpython
CVE-2013-6419 medium 5.0 4y ago Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive… debianpython
CVE-2015-7713 medium 5.0 4y ago OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by lever… debianpython
CVE-2012-3447 medium 4.9 14y ago virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an im… debianpython
CVE-2015-2687 medium 4.7 4.7 9y ago OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for. debianpython
CVE-2012-2654 medium 4.3 4y ago The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protoc… debianpython
CVE-2014-3517 medium 4.3 12y ago OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability debianpython
CVE-2013-4179 medium 4.3 13y ago OpenStack Compute (Nova) vulnerable to denial of service via XML Entity Expansion attack debianpython
CVE-2012-5625 medium 4.3 14y ago OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which a… debianpython
CVE-2013-1838 medium 4.0 4y ago OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource… ubuntudebianpython
CVE-2014-3708 medium 4.0 4y ago OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API re… susedebianpython
CVE-2014-8333 medium 4.0 12y ago OpenStack Nova VMware instance leak potentially leading to compute DoS debianredhatpython
CVE-2013-6437 medium 4.0 12y ago OpenStack Nova DoS through ephemeral disk backing files debianpython
CVE-2013-4185 medium 4.0 13y ago OpenStack Nova Denial of Service in network source security groups debianpython
CVE-2012-1585 medium 4.0 14y ago OpenStack Nova Long server names grow nova-api log files significantly debianpython