Search for packages
| purl | pkg:deb/debian/nova@2014.1.3-11 |
| Next non-vulnerable version | 2:26.2.2-1~deb12u3 |
| Latest non-vulnerable version | 2:26.2.2-1~deb12u3 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1fb2-ccby-7yfq
Aliases: CVE-2020-17376 GHSA-c7w7-9c85-4qxv PYSEC-2020-243 |
An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected. |
Affected by 5 other vulnerabilities. |
|
VCID-1qbm-qguj-gkem
Aliases: CVE-2017-16239 GHSA-w2wf-cgwh-vpqg |
OpenStack Nova Filter Scheduler Bypass In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3. |
Affected by 9 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-2dpk-ncrc-1fcw
Aliases: CVE-2019-14433 GHSA-pg64-r7rr-phv8 PYSEC-2019-191 |
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data. |
Affected by 5 other vulnerabilities. |
|
VCID-5nfz-1bk3-93fe
Aliases: CVE-2015-3241 GHSA-3vx7-xff6-h2vx |
OpenStack Nova instance migration process does not stop when instance is deleted OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance. |
Affected by 10 other vulnerabilities. |
|
VCID-6n3z-x4zj-4bez
Aliases: CVE-2015-7713 GHSA-67rh-9p29-vrxr |
OpenStack Compute (Nova) allows remote attackers to bypass intended restriction A vulnerability was discovered in the way OpenStack Compute (nova) networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances. |
Affected by 10 other vulnerabilities. |
|
VCID-7yp4-ebnm-g3c3
Aliases: CVE-2016-2140 GHSA-49jv-37hm-6gfp |
OpenStack Nova host data access through resize/migration The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. |
Affected by 10 other vulnerabilities. |
|
VCID-9se5-m6dx-8kcj
Aliases: CVE-2015-8749 GHSA-c36r-g737-9qp8 |
OpenStack Nova Potential Xen connection password leak via StorageError The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors. |
Affected by 10 other vulnerabilities. |
|
VCID-br4q-499g-vqhg
Aliases: CVE-2022-47951 GHSA-7h75-hwxx-qpgc |
OpenStack Cinder, glance, and Nova vulnerable to Path Traversal An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. |
Affected by 5 other vulnerabilities. |
|
VCID-cwub-w9dp-wfgy
Aliases: CVE-2017-17051 GHSA-vq76-rxx3-4r4r |
OpenStack Nova DoS by rebuilding the same instance with a new image multiple times An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected. |
Affected by 6 other vulnerabilities. |
|
VCID-cy7p-gzf8-eqcj
Aliases: CVE-2017-18191 GHSA-ffmh-r67w-m88f |
OpenStack Nova Denial of service attack on the compute host An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected. |
Affected by 6 other vulnerabilities. |
|
VCID-ek6e-977t-3bew
Aliases: CVE-2015-3280 GHSA-mfmj-gwg3-vhw7 |
OpenStack Compute (nova) allows remote authenticated users to cause a denial of service A flaw was found in the way OpenStack Compute (nova) handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of service. |
Affected by 10 other vulnerabilities. |
|
VCID-h6rd-5p7q-s3gq
Aliases: CVE-2024-32498 GHSA-r4v4-w9pv-6fph |
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected. |
Affected by 0 other vulnerabilities. |
|
VCID-jdb7-71q5-pfcx
Aliases: CVE-2017-7214 GHSA-f4g4-cj8f-3cr9 |
OpenStack Nova logs sensitive context from notification exceptions An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens. |
Affected by 9 other vulnerabilities. |
|
VCID-k48d-ecqx-m3ed
Aliases: CVE-2016-7498 |
openstack-nova: May fail to delete images in resize state regression |
Affected by 10 other vulnerabilities. |
|
VCID-nb1y-cbzs-abhc
Aliases: CVE-2015-7548 |
openstack-nova: Unprivileged API user can access host data using instance snapshot |
Affected by 10 other vulnerabilities. |
|
VCID-qfdm-g857-3yb5
Aliases: CVE-2015-9543 GHSA-22jm-4hxw-35jf |
OpenStack Nova can leak consoleauth token into log files An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to `NovaProxyRequestHandlerBase.new_websocket_client` in `console/websocketproxy.py`. |
Affected by 5 other vulnerabilities. |
|
VCID-s69v-tc7x-37fe
Aliases: CVE-2026-24708 GHSA-m4f3-qp2w-gwh6 |
OpenStack Nova calls qemu-img without format restrictions for resize An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected. |
Affected by 0 other vulnerabilities. |
|
VCID-zy9m-d25c-5uga
Aliases: CVE-2015-5162 GHSA-g2j5-7vgx-6xrx |
OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption A resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw. |
Affected by 10 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1p1c-fevy-bydg | Insufficient Verification of Data Authenticity It was discovered that the OpenStack Compute (nova) console websocket does not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw. |
CVE-2015-0259
GHSA-x8xr-rm9r-7mvf |
| VCID-5w9q-vw2n-zfdu | OpenStack Nova Denial of Service in network source security groups Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests. |
CVE-2013-4185
GHSA-ph2h-hh49-vh27 |
| VCID-7wvt-bvww-g7ck | OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256. |
CVE-2013-4278
GHSA-43cm-73px-5v4m |
| VCID-az4e-wgmd-gyc3 | OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance. NOTE: this issue is due to an incomplete fix for CVE-2013-2096. |
CVE-2013-4469
GHSA-2w87-5qcj-j6gx |
| VCID-bauj-n7jg-gkd2 | OpenStack Compute (Nova) Denial of Service vulnerability A denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time. |
CVE-2014-3708
GHSA-43hc-pwvx-pmfg |
| VCID-ex1j-py3q-93hv | Exposure of Sensitive Information to an Unauthorized Actor api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests. |
CVE-2014-3517
GHSA-xjmj-p278-4jp5 |
| VCID-hcsa-vfvp-buax | OpenStack Nova Router metadata queries are not restricted by tenant Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (`agent/metadata/agent.py`) in Neutron. |
CVE-2013-6419
GHSA-22w9-j288-8p9w |
| VCID-hgk8-jtvw-9fgb | nova: qpid SSL configuration |
CVE-2013-6491
|
| VCID-jdn1-d4d3-sud7 | The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image. |
CVE-2014-0134
GHSA-w429-xc55-hc48 PYSEC-2014-112 |
| VCID-kncr-vrmh-fygm | The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability. |
CVE-2013-1068
|
| VCID-kqbu-drg3-fycm | OpenStack Nova denial of service through compressed disk images OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096. |
CVE-2013-4463
GHSA-5644-2v3h-5w4x |
| VCID-n6d6-1kyd-qufe | OpenStack Compute Nova Improper Access Control The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions. |
CVE-2013-4497
GHSA-27q4-38qf-m25h |
| VCID-q246-vzd6-3qfb | OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests. |
CVE-2014-0167
GHSA-p258-xmh3-72pv |
| VCID-qb9p-rpza-5fa5 | OpenStack Compute (Nova) allows remote authenticated users to obtain sensitive information CVE-2013-2256 OpenStack: Nova private flavors resource limit circumvention |
CVE-2013-2256
GHSA-5mj6-643f-2g85 |
| VCID-qe1w-wnfu-mudr | OpenStack: openstack-nova-compute console-log DoS |
CVE-2013-4261
|
| VCID-qnhs-qv3p-myg2 | The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image. |
CVE-2014-2573
GHSA-jv34-xvjq-ppch PYSEC-2014-113 |
| VCID-r558-z5xb-v3a8 | OpenStack Nova VMware instance leak potentially leading to compute DoS The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state. |
CVE-2014-8333
GHSA-g63p-mfcm-54c4 |
| VCID-rvp9-etcr-wycj | OpenStack Nova DoS through ephemeral disk backing files The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file. |
CVE-2013-6437
GHSA-hrv9-4x4c-9jc8 |
| VCID-sj2k-uq1g-suby | Improper Restriction of Operations within the Bounds of a Memory Buffer CVE-2013-4179 OpenStack: Nova XML entities DoS |
CVE-2013-4179
GHSA-j6xh-q826-55jw |
| VCID-t2sh-b3m5-vyax | OpenStack Compute (Nova) does not verify the virtual size of a QCOW2 image OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data. |
CVE-2013-2096
GHSA-m674-hmx2-ffhq |
| VCID-v47b-k4qx-h7a2 | OpenStack Nova live snapshots use an insecure local directory OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots. |
CVE-2013-7048
GHSA-grp5-h379-j75x |
| VCID-vena-h39k-v3fe | The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage. |
CVE-2013-7130
GHSA-99rx-9x8v-9j8p PYSEC-2014-111 |
| VCID-x5k4-dm9d-xkf7 | OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service CVE-2014-3608 openstack-nova: incomplete fix for CVE-2014-2573, Nova VMware driver still leaks rescued images |
CVE-2014-3608
GHSA-92hc-c226-32q7 |
| VCID-y8va-eyt2-3kfv | OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for. |
CVE-2015-2687
GHSA-97fv-22hc-mrgj PYSEC-2017-145 |
| VCID-ykzj-fz7y-eug8 | Trove: potential leak of passwords into log files |
CVE-2014-7230
|