Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack compute - vulnerabilities and exploits
(subscribe to this query)
828
VMScore
CVE-2017-15114
When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equi...
Redhat Openstack Platform 12.0
605
VMScore
CVE-2015-3280
OpenStack Compute (nova) prior to 2014.2.4 (juno) and 2015.1.x prior to 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.
Openstack Nova
578
VMScore
CVE-2014-8750
Race condition in the VMware driver in OpenStack Compute (Nova) prior to 2014.1.4 and 2014.2 prior to 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.
Openstack Nova
Openstack Nova 2014.2
578
VMScore
CVE-2013-0208
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.
Openstack Essex -
Openstack Folsom -
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
570
VMScore
CVE-2013-4497
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana prior to 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote malicious users to bypass intended restrictions.
Openstack Havana Havana-2
Openstack Havana Havana-1
Openstack Havana
Openstack Grizzly -
Openstack Folsom -
534
VMScore
CVE-2013-0335
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
Openstack Essex 2012.1
Openstack Grizzly 2012.2
Openstack Folsom 2012.2
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
490
VMScore
CVE-2012-3360
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of...
Openstack Folsom 2012.2
Openstack Essex 2012.1
490
VMScore
CVE-2012-3361
virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.
Openstack Essex 2012.1
Openstack Folsom 2012.2
Openstack Diablo 2011.3
446
VMScore
CVE-2013-1664
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote malicious users to cause a denial of service (resource consump...
Openstack Cinder Folsom -
Openstack Keystone Essex -
Openstack Folsom -
Openstack Grizzly -
Openstack Compute \\(nova\\) Essex -
Openstack Compute \\(nova\\) Folsom -
436
VMScore
CVE-2012-3447
virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x prior to 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability...
Openstack Nova 2012.1
Openstack Folsom
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »