Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack nova vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-7214
An issue exists in exception_wrapper.py in OpenStack Nova 13.x up to and including 13.1.3, 14.x up to and including 14.0.4, and 15.x up to and including 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account ...
Openstack Nova 13.0.0
Openstack Nova 14.0.0
Openstack Nova 14.0.3
Openstack Nova 15.0.0
Openstack Nova 13.1.1
Openstack Nova 14.0.1
Openstack Nova 14.0.2
Openstack Nova 14.0.4
Openstack Nova 13.1.2
Openstack Nova 13.1.3
Openstack Nova 15.0.1
Openstack Nova 13.1.0
8.6
CVSSv3
CVE-2011-3147
Versions of nova prior to 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.
Openstack Nova
8.6
CVSSv3
CVE-2017-17051
An issue exists in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regress...
Openstack Nova 16.0.3
8.3
CVSSv3
CVE-2020-17376
An issue exists in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova prior to 19.3.1, 20.x prior to 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share th...
Openstack Nova 21.0.0
Openstack Nova
7.5
CVSSv3
CVE-2017-5936
OpenStack Nova-LXD prior to 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote malicious users to bypass intended security restrictions.
Canonical Ubuntu Linux 16.04
Openstack Nova-lxd
6.5
CVSSv3
CVE-2023-2088
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confi...
Redhat Openstack -
6.5
CVSSv3
CVE-2019-14433
An issue exists in OpenStack Nova prior to 17.0.12, 18.x prior to 18.2.2, and 19.x prior to 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could ...
Openstack Nova
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 16.04
Redhat Openstack 10
Redhat Openstack 14
Redhat Openstack 13
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2021-3654
A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.
Openstack Nova
Redhat Openstack Platform 16.1
Redhat Openstack Platform 16.2
5.9
CVSSv3
CVE-2023-48795
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH prior to 9.6 and other products, allows remote malicious users to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may conseque...
Openbsd Openssh
Putty Putty
Filezilla-project Filezilla Client
Microsoft Powershell
Panic Transmit 5
Panic Nova
Roumenpetrov Pkixssh
Winscp Winscp
Bitvise Ssh Client
Bitvise Ssh Server
Lancom-systems Lcos
Lancom-systems Lcos Fx -
Lancom-systems Lcos Lx -
Lancom-systems Lcos Sx 5.20
Lancom-systems Lcos Sx 4.20
Lancom-systems Lanconfig -
Vandyke Securecrt
Libssh Libssh
Net-ssh Net-ssh 7.2.0
Ssh2 Project Ssh2
Proftpd Proftpd
Freebsd Freebsd
9 Github repositories
1 Article
5.9
CVSSv3
CVE-2011-4076
OpenStack Nova prior to 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an malicious user t...
Openstack Nova
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »