VulnerableCode Package Details - pkg:deb/debian/nova@2:13.0.0-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-7yp4-ebnm-g3c3	OpenStack Nova host data access through resize/migration The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.	CVE-2016-2140 GHSA-49jv-37hm-6gfp
VCID-zy9m-d25c-5uga	OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption A resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw.	CVE-2015-5162 GHSA-g2j5-7vgx-6xrx

Vulnerability

Summary

Aliases

VCID-7yp4-ebnm-g3c3

OpenStack Nova host data access through resize/migration The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.

CVE-2016-2140
GHSA-49jv-37hm-6gfp

VCID-zy9m-d25c-5uga

OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption A resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw.

CVE-2015-5162
GHSA-g2j5-7vgx-6xrx

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T10:47:43.887400+00:00	Debian Importer	Fixing	VCID-zy9m-d25c-5uga	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:24:39.938113+00:00	Debian Importer	Fixing	VCID-7yp4-ebnm-g3c3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-12T18:14:46.912637+00:00	Debian Importer	Fixing	VCID-7yp4-ebnm-g3c3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-12T18:14:46.684337+00:00	Debian Importer	Fixing	VCID-zy9m-d25c-5uga	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:47:29.678697+00:00	Debian Importer	Fixing	VCID-7yp4-ebnm-g3c3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:47:29.429131+00:00	Debian Importer	Fixing	VCID-zy9m-d25c-5uga	https://security-tracker.debian.org/tracker/data/json	38.1.0