Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack nova vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-7231
The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove prior to 2013.2.4 and 2014.1 prior to 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.
Openstack Nova
Openstack Cinder
Openstack Trove
Redhat Openstack 5.0
NA
CVE-2014-7230
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove prior to 2013.2.4 and 2014.1 prior to 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.
Openstack Nova
Openstack Cinder
Openstack Trove
Redhat Openstack 5.0
Canonical Ubuntu Linux 14.04
NA
CVE-2013-1068
The OpenStack Nova (python-nova) package 1:2013.2.3-0 prior to 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 prior to 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 prior to 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 prior to 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 a...
Canonical Ubuntu Linux 13.10
Canonical Ubuntu Linux 14.04
NA
CVE-2014-0134
The instance rescue mode in OpenStack Compute (Nova) 2013.2 prior to 2013.2.3 and Icehouse prior to 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk ...
Openstack Compute 2013.2.2
Openstack Compute 2013.2.1
Openstack Compute 2013.2
NA
CVE-2014-2573
The VMWare driver in OpenStack Compute (Nova) 2013.2 up to and including 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into ...
Openstack Compute 2013.2.2
Openstack Compute 2013.2.1
Openstack Compute 2013.2
NA
CVE-2013-4463
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix fo...
Openstack Havana -
Openstack Grizzly -
Openstack Folsom -
NA
CVE-2013-6491
The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo prior to 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote malicious users to obtain sensitive information by sniffing the network.
Openstack Oslo
Redhat Openstack 3.0
NA
CVE-2013-2030
keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/key...
Openstack Compute 2013.1.1
Openstack Compute 2013.1.2
Openstack Compute 2013.1
Openstack Grizzly 2013.1
Openstack Havana Havana-2
Openstack Folsom -
Openstack Havana Havana-1
Openstack Havana Havana-3
Openstack Compute 2013.1.3
NA
CVE-2013-4497
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana prior to 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote malicious users to bypass intended restrictions.
Openstack Havana
Openstack Havana Havana-2
Openstack Havana Havana-1
Openstack Grizzly -
Openstack Folsom -
NA
CVE-2013-4469
OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual si...
Openstack Havana -
Openstack Grizzly -
Openstack Folsom -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »