Home/Product/openstack nova
Product

openstack nova

40 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-40767
< 27.4.1
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafte
6.5MEDIUM
 CVE-2024-32498
< 27.3.1
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access ca
6.5MEDIUM
 CVE-2023-48795
< 11.8
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker
5.9MEDIUM
 CVE-2022-47951
< 24.1.2
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.
5.7MEDIUM
 CVE-2022-37394
< 23.2.2
An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port wi
3.3LOW
 CVE-2021-3654
< 21.2.3
A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect t
6.1MEDIUM
 CVE-2020-17376
< 19.3.1
An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0.
8.3HIGH
 CVE-2015-9543
< 18.2.4
An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth token
3.3LOW
 CVE-2013-0326
all versions
OpenStack nova base images permissions are world readable
5.5MEDIUM
 CVE-2011-4076
>= 2010.1 and < 2012.1
OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_K
5.9MEDIUM
 CVE-2019-14433
< 17.0.12
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an au
6.5MEDIUM
 CVE-2011-3147
>= 2010.1 and < 2012.1
Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constr
8.6HIGH
 CVE-2017-18191
>= 15.0.0 and <= 15.1.0
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted v
7.5HIGH
 CVE-2017-17051
all versions
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new ima
8.6HIGH
 CVE-2017-16239
<= 14.0.9
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user m
6.5MEDIUM
 CVE-2017-5936
<= 13.1.0
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances,
7.5HIGH
 CVE-2017-7214
all versions
An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.
9.8CRITICAL
 CVE-2015-5162
<= 12.0.3
The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13
7.5HIGH
 CVE-2016-2140
>= 12.0.0 and < 12.0.3
The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage a
5.3MEDIUM
 CVE-2015-8749
>= 12.0.0 and < 12.0.1
The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty)
5.9MEDIUM
 CVE-2015-7548
>= 12.0.0 and < 12.0.1
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_
3.5LOW
 CVE-2015-7713
>= 2014.2 and < 2014.2.4
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes,
 CVE-2015-3280
>= 2014.2 and < 2014.2.4
OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from comput
 CVE-2015-3241
>= 2014.2 and <= 2014.2.3
OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is d
 CVE-2015-0259
>= 2014.1 and < 2014.1.4
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websock
 CVE-2014-8333
>= 2014.1 and < 2014.1.4
The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk
 CVE-2014-3708
>= 2014.1 and < 2014.1.4
OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of servi
 CVE-2014-8750
>= 2014.1 and < 2014.1.4
Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenti
 CVE-2014-7231
>= 2013.2 and < 2013.2.4
The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 befo
 CVE-2014-7230
>= 2013.2 and < 2013.2.4
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3
 CVE-2014-3608
>= 2013.2 and <= 2013.2.4
The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and caus
 CVE-2014-3517
>= 2013.2 and <= 2013.2.4
api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying
 CVE-2013-6437
>= 2013.1 and < 2013.1.5
The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to
 CVE-2013-7048
>= 2013.1 and <= 2013.1.4
OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the
 CVE-2013-2256
>= 2013.1 and < 2013.1.3
OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public prope
 CVE-2012-3447
all versions
virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users
 CVE-2012-1585
>= 2011.1 and < 2011.3
OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and
 CVE-2012-2101
all versions
Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authent
 CVE-2012-0030
all versions
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants o
 CVE-2011-4596
>= 2011.3 and < 2011.3.1
Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-re
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin