Vulnerabilities > Openstack > Nova > 12.0.0

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2022-47951 Path Traversal vulnerability in multiple products
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0.
network
low complexity
openstack debian CWE-22
5.7
2022-03-02 CVE-2021-3654 Open Redirect vulnerability in multiple products
A vulnerability was found in openstack-nova's console proxy, noVNC.
network
low complexity
openstack redhat CWE-601
6.1
2020-08-26 CVE-2020-17376 XXE vulnerability in Openstack Nova
An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0.
network
low complexity
openstack CWE-611
6.5
2020-02-19 CVE-2015-9543 Information Exposure vulnerability in Openstack Nova
An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0.
local
low complexity
openstack CWE-200
2.1
2019-08-09 CVE-2019-14433 Information Exposure Through an Error Message vulnerability in multiple products
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2.
network
low complexity
openstack canonical redhat debian CWE-209
6.5
2017-11-14 CVE-2017-16239 Unspecified vulnerability in Openstack Nova
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter).
network
low complexity
openstack
4.0
2016-10-07 CVE-2015-5162 Resource Management Errors vulnerability in Openstack Cinder, Glance and Nova
The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.
network
low complexity
openstack CWE-399
7.5
2016-04-12 CVE-2016-2140 Information Exposure vulnerability in Openstack Nova
The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.
network
high complexity
openstack CWE-200
5.3
2016-01-15 CVE-2015-8749 Information Exposure vulnerability in Openstack Nova
The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.
network
openstack CWE-200
4.3
2016-01-12 CVE-2015-7548 Information Exposure vulnerability in Openstack Nova
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot.
network
high complexity
openstack CWE-200
2.1