VYPR

Nova

by OpenStack

pypi: nova

Source repositories

CVEs (35)

  • CVE-2017-7214CriMar 21, 2017
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization…

  • CVE-2017-17051HigDec 5, 2017
    risk 0.49cvss 8.6epss 0.02

    An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations.…

  • CVE-2015-5162HigOct 7, 2016
    risk 0.42cvss 7.5epss 0.03

    The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted…

  • CVE-2016-7498MedSep 27, 2016
    risk 0.42cvss 6.5epss 0.02

    OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. NOTE: this vulnerability exists because of a…

  • CVE-2026-46448MedJun 16, 2026
    risk 0.35cvss 5.4epss 0.00

    In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.

  • CVE-2017-16239MedNov 14, 2017
    risk 0.35cvss 6.5epss 0.01

    In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All…

  • CVE-2015-8749MedJan 15, 2016
    risk 0.32cvss 5.9epss 0.02

    The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive…

  • CVE-2016-2140MedApr 12, 2016
    risk 0.28cvss 5.3epss 0.02

    The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.

  • CVE-2015-7548LowJan 12, 2016
    risk 0.23cvss 3.5epss 0.02

    OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and…

  • CVE-2024-40767Jul 24, 2024
    risk 0.00cvss epss 0.01

    In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of…

  • CVE-2023-2088May 12, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to…

  • CVE-2022-37394Aug 3, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user…

  • CVE-2013-0326Dec 5, 2019
    risk 0.00cvss epss 0.00

    OpenStack nova base images permissions are world readable

  • CVE-2015-7713Oct 29, 2015
    risk 0.00cvss epss 0.04

    OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.

  • CVE-2015-3280Oct 26, 2015
    risk 0.00cvss epss 0.03

    OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.

  • CVE-2015-3241Sep 8, 2015
    risk 0.00cvss epss 0.03

    OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then…

  • CVE-2015-0259Apr 1, 2015
    risk 0.00cvss epss 0.01

    OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.

  • CVE-2014-8333Oct 31, 2014
    risk 0.00cvss epss 0.02

    The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.

  • CVE-2014-3708Oct 31, 2014
    risk 0.00cvss epss 0.03

    OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.

  • CVE-2014-8750Oct 15, 2014
    risk 0.00cvss epss 0.02

    Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.

Page 1 of 2