Vulnerabilities > Openstack > Nova > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-19 | CVE-2015-9543 | Information Exposure vulnerability in Openstack Nova An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. | 2.1 |
2019-12-05 | CVE-2013-0326 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products OpenStack nova base images permissions are world readable | 2.1 |
2016-01-12 | CVE-2015-7548 | Information Exposure vulnerability in Openstack Nova OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot. | 2.1 |
2014-10-08 | CVE-2014-7230 | Information Exposure vulnerability in multiple products The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log. | 2.1 |
2014-10-08 | CVE-2014-7231 | Information Exposure vulnerability in multiple products The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log. | 2.1 |
2014-01-23 | CVE-2013-7048 | Permissions, Privileges, and Access Controls vulnerability in Openstack Nova OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots. | 3.3 |
2012-06-07 | CVE-2012-2101 | Permissions, Privileges, and Access Controls vulnerability in Openstack Nova 2011.3/2012.1/Folsom Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules. | 3.5 |