Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack cinder vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-2088
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confi...
Redhat Openstack -
5.7
CVSSv3
CVE-2022-47951
An issue exists in OpenStack Cinder prior to 19.1.2, 20.x prior to 20.0.2, and 21.0.0; Glance prior to 23.0.1, 24.x prior to 24.1.1, and 25.0.0; and Nova prior to 24.1.2, 25.x prior to 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific...
Openstack Nova
Openstack Glance
Openstack Cinder
Debian Debian Linux 10.0
Debian Debian Linux 11.0
8.3
CVSSv3
CVE-2020-17376
An issue exists in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova prior to 19.3.1, 20.x prior to 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share th...
Openstack Nova
Openstack Nova 21.0.0
6.5
CVSSv3
CVE-2020-10755
An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with th...
Redhat Openstack-cinder
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
7.8
CVSSv3
CVE-2018-17954
An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue a...
Suse Openstack Cloud 8.0
Suse Openstack Cloud Crowbar 8.0
Suse Openstack Cloud Crowbar 9.0
Suse Openstack Cloud 9.0
Suse Openstack Cloud 7.0
NA
CVE-2015-1850
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an exploitable issue. Notes: none.
7.5
CVSSv3
CVE-2017-15139
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to lea...
Openstack Cinder
Redhat Openstack 10
Redhat Openstack 13
NA
CVE-2014-7230
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove prior to 2013.2.4 and 2014.1 prior to 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.
Openstack Trove
Openstack Cinder
Openstack Nova
Redhat Openstack 5.0
Canonical Ubuntu Linux 14.04
NA
CVE-2014-7231
The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove prior to 2013.2.4 and 2014.1 prior to 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.
Openstack Cinder
Openstack Nova
Openstack Trove
Redhat Openstack 5.0
NA
CVE-2013-1068
The OpenStack Nova (python-nova) package 1:2013.2.3-0 prior to 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 prior to 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 prior to 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 prior to 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 a...
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 13.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »