Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack nova vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2011-4076
OpenStack Nova prior to 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an malicious user t...
Openstack Nova
5.9
CVSSv3
CVE-2015-8749
The volume_utils._parse_volume_info function in OpenStack Compute (Nova) prior to 2015.1.3 (kilo) and 12.0.x prior to 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow malicious users to obtain sensi...
Openstack Nova
8.6
CVSSv3
CVE-2011-3147
Versions of nova prior to 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.
Openstack Nova
3.3
CVSSv3
CVE-2022-37394
An issue exists in OpenStack Nova prior to 23.2.2, 24.x prior to 24.1.2, and 25.x prior to 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user ma...
Openstack Nova
5.3
CVSSv3
CVE-2016-2140
The libvirt driver in OpenStack Compute (Nova) prior to 2015.1.4 (kilo) and 12.0.x prior to 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root di...
Openstack Nova
NA
CVE-2015-3280
OpenStack Compute (nova) prior to 2014.2.4 (juno) and 2015.1.x prior to 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.
Openstack Nova
3.3
CVSSv3
CVE-2015-9543
An issue exists in OpenStack Nova prior to 18.2.4, 19.x prior to 19.1.0, and 20.x prior to 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy ar...
Openstack Nova
8.6
CVSSv3
CVE-2017-17051
An issue exists in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regress...
Openstack Nova 16.0.3
6.1
CVSSv3
CVE-2021-3654
A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.
Openstack Nova
Redhat Openstack Platform 16.1
Redhat Openstack Platform 16.2
NA
CVE-2014-7230
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove prior to 2013.2.4 and 2014.1 prior to 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.
Openstack Trove
Openstack Cinder
Openstack Nova
Redhat Openstack 5.0
Canonical Ubuntu Linux 14.04
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »