Vulnerabilities > Openstack > Nova > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-24 | CVE-2024-40767 | Unspecified vulnerability in Openstack Nova In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. | 6.5 |
| 2024-07-05 | CVE-2024-32498 | Unspecified vulnerability in Openstack Nova An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. | 6.5 |
| 2023-01-26 | CVE-2022-47951 | Path Traversal vulnerability in multiple products An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. | 5.7 |
| 2022-03-02 | CVE-2021-3654 | Open Redirect vulnerability in multiple products A vulnerability was found in openstack-nova's console proxy, noVNC. | 6.1 |
| 2020-08-26 | CVE-2020-17376 | XXE vulnerability in Openstack Nova An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. | 6.5 |
| 2019-11-26 | CVE-2011-4076 | Information Exposure vulnerability in Openstack Nova OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). | 4.3 |
| 2019-08-09 | CVE-2019-14433 | Information Exposure Through an Error Message vulnerability in multiple products An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. | 6.5 |
| 2019-04-22 | CVE-2011-3147 | Information Exposure vulnerability in Openstack Nova Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem. | 5.0 |
| 2017-12-05 | CVE-2017-17051 | Resource Exhaustion vulnerability in Openstack Nova 16.0.3 An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. | 4.0 |
| 2017-11-14 | CVE-2017-16239 | Unspecified vulnerability in Openstack Nova In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). | 4.0 |