VulnerableCode Package Details - pkg:rpm/redhat/openstack-nova@2014.1.4-3?arch=el6ost

Search for packages

Vulnerability	Summary	Fixed by
VCID-1p1c-fevy-bydg Aliases: CVE-2015-0259 GHSA-x8xr-rm9r-7mvf	Insufficient Verification of Data Authenticity It was discovered that the OpenStack Compute (nova) console websocket does not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw.	There are no reported fixed by versions.
VCID-bauj-n7jg-gkd2 Aliases: CVE-2014-3708 GHSA-43hc-pwvx-pmfg	OpenStack Compute (Nova) Denial of Service vulnerability A denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time.	There are no reported fixed by versions.
VCID-r558-z5xb-v3a8 Aliases: CVE-2014-8333 GHSA-g63p-mfcm-54c4	OpenStack Nova VMware instance leak potentially leading to compute DoS The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-1p1c-fevy-bydg
Aliases:
CVE-2015-0259
GHSA-x8xr-rm9r-7mvf

Insufficient Verification of Data Authenticity It was discovered that the OpenStack Compute (nova) console websocket does not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw.

There are no reported fixed by versions.

VCID-bauj-n7jg-gkd2
Aliases:
CVE-2014-3708
GHSA-43hc-pwvx-pmfg

OpenStack Compute (Nova) Denial of Service vulnerability A denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time.

There are no reported fixed by versions.

VCID-r558-z5xb-v3a8
Aliases:
CVE-2014-8333
GHSA-g63p-mfcm-54c4

OpenStack Nova VMware instance leak potentially leading to compute DoS The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:46:19.858542+00:00	RedHat Importer	Affected by	VCID-r558-z5xb-v3a8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8333.json	38.0.0
2026-04-01T14:45:31.509113+00:00	RedHat Importer	Affected by	VCID-bauj-n7jg-gkd2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3708.json	38.0.0
2026-04-01T14:42:50.895034+00:00	RedHat Importer	Affected by	VCID-1p1c-fevy-bydg	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0259.json	38.0.0