Search for packages
| purl | pkg:pypi/nova@2014.2.0 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1p1c-fevy-bydg
Aliases: CVE-2015-0259 GHSA-x8xr-rm9r-7mvf |
Insufficient Verification of Data Authenticity It was discovered that the OpenStack Compute (nova) console websocket does not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw. |
Affected by 0 other vulnerabilities. |
|
VCID-bauj-n7jg-gkd2
Aliases: CVE-2014-3708 GHSA-43hc-pwvx-pmfg |
OpenStack Compute (Nova) Denial of Service vulnerability A denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-04T14:30:37.922808+00:00 | GHSA Importer | Affected by | VCID-bauj-n7jg-gkd2 | https://github.com/advisories/GHSA-43hc-pwvx-pmfg | 38.1.0 |
| 2026-04-04T14:30:37.666033+00:00 | GHSA Importer | Affected by | VCID-1p1c-fevy-bydg | https://github.com/advisories/GHSA-x8xr-rm9r-7mvf | 38.1.0 |
| 2026-04-01T12:50:34.873167+00:00 | GitLab Importer | Affected by | VCID-bauj-n7jg-gkd2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/nova/CVE-2014-3708.yml | 38.0.0 |
| 2026-04-01T12:50:27.840147+00:00 | GitLab Importer | Affected by | VCID-1p1c-fevy-bydg | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/nova/CVE-2015-0259.yml | 38.0.0 |