Openstack Nova vulnerabilities
66 known vulnerabilities affecting openstack/nova.
Total CVEs
66
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH11MEDIUM41LOW13
Vulnerabilities
Page 4 of 4
CVE-2014-7230P4LOWCVSS 2.1≥ 2013.2, < 2013.2.4≥ 2014.1, < 2014.1.32014-10-08
CVE-2014-7230 [LOW] CWE-200 CVE-2014-7230: The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.
nvdosv
CVE-2013-4469P4LOWCVSS 2.1≥ 0, < 12.0.0a02022-05-17
CVE-2013-4469 [LOW] OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image
OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image
OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual
ghsaosv
CVE-2013-4463P4LOWCVSS 2.1≥ 0, < 12.0.0a02022-05-17
CVE-2013-4463 [LOW] OpenStack Nova denial of service through compressed disk images
OpenStack Nova denial of service through compressed disk images
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.
ghsaosv
CVE-2013-7048P4LOWCVSS 3.3≥ 2013.1, ≤ 2013.1.4≥ 2013.2, ≤ 2013.2.12014-01-23
CVE-2013-7048 [LOW] CWE-264 CVE-2013-7048: OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and worl
OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.
ghsanvdosv
CVE-2014-7231P4LOWCVSS 2.1≥ 2013.2, < 2013.2.4≥ 2014.1, < 2014.1.32014-10-08
CVE-2014-7231 [LOW] CWE-200 CVE-2014-7231: The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove b
The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.
nvd
CVE-2013-2096P4MEDIUMCVSS 2.1≥ 0, < 12.0.0a02022-05-17
CVE-2013-2096 [MEDIUM] CWE-770 OpenStack Compute (Nova) does not verify the virtual size of a QCOW2 image
OpenStack Compute (Nova) does not verify the virtual size of a QCOW2 image
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.
ghsaosv
← Previous4 / 4