Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack nova vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-14433
An issue exists in OpenStack Nova prior to 17.0.12, 18.x prior to 18.2.2, and 19.x prior to 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could ...
Openstack Nova
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 16.04
Redhat Openstack 10
Redhat Openstack 14
Redhat Openstack 13
Debian Debian Linux 10.0
5
CVSSv2
CVE-2011-3147
Versions of nova prior to 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.
Openstack Nova
4
CVSSv2
CVE-2017-17051
An issue exists in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regress...
Openstack Nova 16.0.3
1.9
CVSSv2
CVE-2015-2687
OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.
Openstack Compute 2013.2.2
Openstack Compute 2013.2.1
Openstack Compute 2013.2
Openstack Compute 2014.1.5
Openstack Compute 2014.1.4
Openstack Compute 2014.2.4
Openstack Compute 2014.2.3
Openstack Compute 2014.2.2
Openstack Compute 2014.2
Openstack Compute 2013.2.3
Openstack Compute 2014.1.2
Openstack Compute 2014.1
Openstack Compute 2014.2.1
Openstack Compute 2013.2.4
Openstack Compute 2014.1.3
Openstack Compute 2014.1.1
5
CVSSv2
CVE-2017-5936
OpenStack Nova-LXD prior to 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote malicious users to bypass intended security restrictions.
Canonical Ubuntu Linux 16.04
Openstack Nova-lxd
5
CVSSv2
CVE-2017-7214
An issue exists in exception_wrapper.py in OpenStack Nova 13.x up to and including 13.1.3, 14.x up to and including 14.0.4, and 15.x up to and including 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account ...
Openstack Nova 15.0.0
Openstack Nova 15.0.1
Openstack Nova 13.1.2
Openstack Nova 13.1.1
Openstack Nova 14.0.3
Openstack Nova 14.0.4
Openstack Nova 14.0.0
Openstack Nova 13.1.3
Openstack Nova 14.0.1
Openstack Nova 14.0.2
Openstack Nova 13.1.0
Openstack Nova 13.0.0
3.5
CVSSv2
CVE-2016-2140
The libvirt driver in OpenStack Compute (Nova) prior to 2015.1.4 (kilo) and 12.0.x prior to 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root di...
Openstack Nova
4.3
CVSSv2
CVE-2015-8749
The volume_utils._parse_volume_info function in OpenStack Compute (Nova) prior to 2015.1.3 (kilo) and 12.0.x prior to 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow malicious users to obtain sensi...
Openstack Nova
6.8
CVSSv2
CVE-2015-3280
OpenStack Compute (nova) prior to 2014.2.4 (juno) and 2015.1.x prior to 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.
Openstack Nova
6.5
CVSSv2
CVE-2014-8750
Race condition in the VMware driver in OpenStack Compute (Nova) prior to 2014.1.4 and 2014.2 prior to 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.
Openstack Nova
Openstack Nova 2014.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »