Vulnerabilities > Openstack > Nova > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-24 | CVE-2024-40767 | Unspecified vulnerability in Openstack Nova In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. | 6.5 |
| 2024-07-05 | CVE-2024-32498 | Unspecified vulnerability in Openstack Nova An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. | 6.5 |
| 2023-01-26 | CVE-2022-47951 | Path Traversal vulnerability in multiple products An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. | 5.7 |
| 2022-03-02 | CVE-2021-3654 | Open Redirect vulnerability in multiple products A vulnerability was found in openstack-nova's console proxy, noVNC. | 6.1 |
| 2019-12-05 | CVE-2013-0326 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products OpenStack nova base images permissions are world readable | 5.5 |
| 2019-11-26 | CVE-2011-4076 | Information Exposure vulnerability in Openstack Nova OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). | 5.9 |
| 2019-08-09 | CVE-2019-14433 | Information Exposure Through an Error Message vulnerability in multiple products An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. | 6.5 |
| 2017-11-14 | CVE-2017-16239 | Unspecified vulnerability in Openstack Nova In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). | 6.5 |
| 2016-04-12 | CVE-2016-2140 | Information Exposure vulnerability in Openstack Nova The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. | 5.3 |
| 2016-01-15 | CVE-2015-8749 | Information Exposure vulnerability in Openstack Nova The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors. | 5.9 |