Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nova vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv3
CVE-2015-9543
An issue exists in OpenStack Nova prior to 18.2.4, 19.x prior to 19.1.0, and 20.x prior to 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy ar...
Openstack Nova
5.3
CVSSv3
CVE-2016-2140
The libvirt driver in OpenStack Compute (Nova) prior to 2015.1.4 (kilo) and 12.0.x prior to 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root di...
Openstack Nova
NA
CVE-2012-1585
OpenStack Compute (Nova) Essex prior to 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name.
Openstack Nova
3.3
CVSSv3
CVE-2022-37394
An issue exists in OpenStack Nova prior to 23.2.2, 24.x prior to 24.1.2, and 25.x prior to 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user ma...
Openstack Nova
NA
CVE-2015-3280
OpenStack Compute (nova) prior to 2014.2.4 (juno) and 2015.1.x prior to 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.
Openstack Nova
NA
CVE-2011-4596
Multiple directory traversal vulnerabilities in OpenStack Nova prior to 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.
Openstack Nova
8.6
CVSSv3
CVE-2011-3147
Versions of nova prior to 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.
Openstack Nova
8.6
CVSSv3
CVE-2017-17051
An issue exists in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regress...
Openstack Nova 16.0.3
6.1
CVSSv3
CVE-2020-17362
search.php in the Nova Lite theme prior to 1.3.9 for WordPress allows Reflected XSS.
Themeinprogress Nova Lite
NA
CVE-2015-3951
RLE Nova-Wind Turbine HMI devices store cleartext credentials, which allows remote malicious users to obtain sensitive information via unspecified vectors.
Rle Nova-wind Turbine Hmi Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »