VulnerableCode Package Details - pkg:rpm/redhat/openstack-nova@2014.1.3-4?arch=el7ost

Search for packages

Vulnerability	Summary	Fixed by
VCID-8p6b-qw5m-jfha Aliases: CVE-2014-7231 GHSA-v933-vx5p-j7w2	OpenStack Oslo utility sensitive information exposure via log files The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.	There are no reported fixed by versions.
VCID-9vq2-2nsa-bbfa Aliases: CVE-2014-8750	openstack-nova: Nova VMware driver may connect VNC to another tenant's console	There are no reported fixed by versions.
VCID-x5k4-dm9d-xkf7 Aliases: CVE-2014-3608 GHSA-92hc-c226-32q7	OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service CVE-2014-3608 openstack-nova: incomplete fix for CVE-2014-2573, Nova VMware driver still leaks rescued images	There are no reported fixed by versions.
VCID-ykzj-fz7y-eug8 Aliases: CVE-2014-7230	Trove: potential leak of passwords into log files	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-8p6b-qw5m-jfha
Aliases:
CVE-2014-7231
GHSA-v933-vx5p-j7w2

OpenStack Oslo utility sensitive information exposure via log files The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.

There are no reported fixed by versions.

VCID-9vq2-2nsa-bbfa
Aliases:
CVE-2014-8750

openstack-nova: Nova VMware driver may connect VNC to another tenant's console

There are no reported fixed by versions.

VCID-x5k4-dm9d-xkf7
Aliases:
CVE-2014-3608
GHSA-92hc-c226-32q7

OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service CVE-2014-3608 openstack-nova: incomplete fix for CVE-2014-2573, Nova VMware driver still leaks rescued images

There are no reported fixed by versions.

VCID-ykzj-fz7y-eug8
Aliases:
CVE-2014-7230

Trove: potential leak of passwords into log files

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:46:45.193640+00:00	RedHat Importer	Affected by	VCID-8p6b-qw5m-jfha	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7231.json	38.0.0
2026-04-01T14:46:45.088713+00:00	RedHat Importer	Affected by	VCID-ykzj-fz7y-eug8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7230.json	38.0.0
2026-04-01T14:46:27.227023+00:00	RedHat Importer	Affected by	VCID-9vq2-2nsa-bbfa	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8750.json	38.0.0
2026-04-01T14:46:02.127410+00:00	RedHat Importer	Affected by	VCID-x5k4-dm9d-xkf7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3608.json	38.0.0