Search for packages
| purl | pkg:deb/debian/nova@0?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5tkb-w761-4qc6 | keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora. |
CVE-2013-2030
GHSA-pxxv-rv32-2qgv PYSEC-2013-45 |
| VCID-9vq2-2nsa-bbfa | openstack-nova: Nova VMware driver may connect VNC to another tenant's console |
CVE-2014-8750
|
| VCID-e6ne-73mv-73bc | OpenStack Nova vulnerable to unauthorized access to potentially sensitive data In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498. |
CVE-2024-40767
GHSA-rm86-h44c-2r2m |
| VCID-nryd-hrub-cydj | OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV). |
CVE-2012-5625
GHSA-rwhr-h69g-8qmq PYSEC-2012-41 |