PyPI package
nova
pkg:pypi/nova
Vulnerabilities (52)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2013-2256 | — | < 2013.1.3 | 2013.1.3 | Sep 16, 2013 | OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unsp | ||
| CVE-2013-2096 | — | < 12.0.0a0 | 12.0.0a0 | Jul 9, 2013 | OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of | ||
| CVE-2013-1838 | — | < 12.0.0a0 | 12.0.0a0 | Mar 22, 2013 | OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to th | ||
| CVE-2013-0335 | — | < 12.0.0a0 | 12.0.0a0 | Mar 22, 2013 | OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port. | ||
| CVE-2012-3447 | — | < 12.0.0 | 12.0.0 | Aug 20, 2012 | virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability | ||
| CVE-2012-1585 | — | < 12.0.0a0 | 12.0.0a0 | Aug 17, 2012 | OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name. | ||
| CVE-2012-3361 | — | < 12.0.0a0 | 12.0.0a0 | Jul 22, 2012 | virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image. | ||
| CVE-2012-3360 | — | < 12.0.0a0 | 12.0.0a0 | Jul 22, 2012 | Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of | ||
| CVE-2012-3371 | — | < 12.0.0a0 | 12.0.0a0 | Jul 17, 2012 | The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repea | ||
| CVE-2012-2654 | — | < 12.0.0a0 | 12.0.0a0 | Jun 21, 2012 | The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypas | ||
| CVE-2012-2101 | — | < 12.0.0a0 | 12.0.0a0 | Jun 7, 2012 | Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number | ||
| CVE-2011-4596 | — | < 12.0.0a0 | 12.0.0a0 | Dec 23, 2011 | Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest. |
- CVE-2013-2256Sep 16, 2013affected < 2013.1.3fixed 2013.1.3
OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unsp
- CVE-2013-2096Jul 9, 2013affected < 12.0.0a0fixed 12.0.0a0
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of
- CVE-2013-1838Mar 22, 2013affected < 12.0.0a0fixed 12.0.0a0
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to th
- CVE-2013-0335Mar 22, 2013affected < 12.0.0a0fixed 12.0.0a0
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
- CVE-2012-3447Aug 20, 2012affected < 12.0.0fixed 12.0.0
virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability
- CVE-2012-1585Aug 17, 2012affected < 12.0.0a0fixed 12.0.0a0
OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name.
- CVE-2012-3361Jul 22, 2012affected < 12.0.0a0fixed 12.0.0a0
virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.
- CVE-2012-3360Jul 22, 2012affected < 12.0.0a0fixed 12.0.0a0
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of
- CVE-2012-3371Jul 17, 2012affected < 12.0.0a0fixed 12.0.0a0
The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repea
- CVE-2012-2654Jun 21, 2012affected < 12.0.0a0fixed 12.0.0a0
The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypas
- CVE-2012-2101Jun 7, 2012affected < 12.0.0a0fixed 12.0.0a0
Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number
- CVE-2011-4596Dec 23, 2011affected < 12.0.0a0fixed 12.0.0a0
Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.
Page 3 of 3