pkg:Debian/nova

All known vulnerabilities

• CRITICAL9.8CVE-2017-7214OpenStack Nova logs sensitive context from notification exceptions
  from 0, < 2:14.0.0-4
• HIGH8.6CVE-2017-17051OpenStack Nova DoS by rebuilding the same instance with a new image multiple times
  from 0, < 2:16.0.3-6
• HIGH8.3CVE-2020-17376OpenStack Nova Live migration fails to update persistent domain XML
  from 0, < 2:21.1.0-1
• HIGH8.2CVE-2026-24708OpenStack Nova calls qemu-img without format restrictions for resize
  from 0, < 2:22.4.0-1~deb11u7
• HIGH8.2CVE-2026-24708OpenStack Nova calls qemu-img without format restrictions for resize
  from 0, < 2:22.4.0-1~deb11u7
• HIGH8.2CVE-2026-24708OpenStack Nova calls qemu-img without format restrictions for resize
  from 0, < 2:26.2.2-1~deb12u4
• HIGH7.5CVE-2013-7130OpenStack Nova Live migration can leak root disk into ephemeral storage
  from 0, < 2013.2.2
• HIGH7.5CVE-2015-5162OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption
  from 0, < 2:13.0.0-1
• HIGH7.5CVE-2017-18191OpenStack Nova Denial of service attack on the compute host
  from 0, < 2:17.0.0-1
• MEDIUM6.5CVE-2024-32498nova - security update
  from 0, < 2:26.2.2-1~deb12u3
• MEDIUM6.5CVE-2024-32498nova - security update
  from 0, < 2:22.4.0-1~deb11u5
• MEDIUM6.5CVE-2024-32498nova - security update
  from 0, < 2:22.4.0-1~deb11u5
• MEDIUM6.5CVE-2023-2088cinder - security update
  from 0
• MEDIUM6.5CVE-2019-14433nova - security update
  from 0, < 2:19.0.2-1
• MEDIUM6.5CVE-2019-14433nova - security update
  from 0, < 2:18.1.0-6+deb10u1
• MEDIUM6.5CVE-2014-2573OpenStack Nova VMWare driver leaks rescued images
  from 0, < 2014.1-9
• MEDIUM6.5CVE-2012-3447Arbitrary file overwrite in OpenStack Nova
  from 0, < 2012.1.1-6
• MEDIUM6.5CVE-2013-1838OpenStack Compute (Nova) Denial of service via a large number of calls to the addFixedIp function
  from 0, < 2012.1.1-15
• MEDIUM6.5CVE-2017-16239nova - security update
  from 0, < 2:14.0.0-4+deb9u1
• MEDIUM6.5CVE-2017-16239nova - security update
  from 0, < 2:16.0.3-1
• MEDIUM6.5CVE-2013-0335OpenStack Compute Nova Unauthorised access to arbitrary VM using VNC token from deleted VM
  from 0, < 2012.1.1-14
• MEDIUM6.5CVE-2016-7498OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a d…
  from 0, < 2:13.1.0-1
• MEDIUM6.1CVE-2021-3654Open Redirect in CPython that affects users of OpenStack Nova
  from 0
• MEDIUM5.9CVE-2015-8749OpenStack Nova Potential Xen connection password leak via StorageError
  from 0, < 2:13.0.0~rc3-1
• MEDIUM5.9CVE-2011-4076OpenStack Nova Exposure of Sensitive Information to an Unauthorized Actor
  from 0, < 2012.1~e1-1
• MEDIUM5.7CVE-2022-47951cinder - security update
  from 0, < 2:22.0.1-2+deb11u1
• MEDIUM5.7CVE-2022-47951cinder - security update
  from 0, < 2:22.0.1-2+deb11u1
• MEDIUM5.7CVE-2022-47951cinder - security update
  from 0, < 2:18.1.0-6+deb10u2
• MEDIUM5.5CVE-2013-0326OpenStack nova base images permissions are world readable
  from 0
• MEDIUM5.3CVE-2016-2140OpenStack Nova host data access through resize/migration
  from 0, < 2:13.0.0-1
• MEDIUM4.7CVE-2015-2687OpenStack Compute (Nova) Improper Access Control
  from 0, < 2014.1-1
• LOW3.5CVE-2015-7548OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_image…
  from 0, < 2:13.0.0~rc3-1
• LOW3.3CVE-2022-37394OpenStack Nova Changing vnic_type breaks compute service restart
  from 0
• LOW3.3CVE-2015-9543OpenStack Nova can leak consoleauth token into log files
  from 0, < 2:20.1.1-1
• LOW3.1CVE-2014-0134OpenStack Nova host data leak to vm instance in rescue mode
  from 0, < 2013.2.2-4
• LOW2.8CVE-2011-3147Openstack nova qcow format could expose host filesystem information
  from 0, < 2012.1~e1-1
• —CVE-2012-3361OpenStack Nova Arbitrary file injection/corruption through directory traversal issues
  from 0, < 2012.1.1-2
• —CVE-2012-3360OpenStack Nova Directory traversal vulnerability
  from 0, < 2012.1.1-2
• —CVE-2012-3371OpenStack Nova Scheduler denial of service through scheduler_hints
  from 0, < 2012.1.1-5
• —CVE-2013-1664XML Entity Expansion (XEE) in Django
  from 0, < 2012.1.1-13
• —CVE-2013-4278OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors
  from 0, < 2013.1.3-1
• —CVE-2013-4179OpenStack Compute (Nova) vulnerable to denial of service via XML Entity Expansion attack
  from 0, < 2013.1.3-1
• —CVE-2013-4497OpenStack Compute Nova Improper Access Control
  from 0, < 2013.2-1
• —CVE-2013-2096OpenStack Compute (Nova) does not verify the virtual size of a QCOW2 image
  from 0, < 2013.1.2-2
• —CVE-2013-6419OpenStack Nova Router metadata queries are not restricted by tenant
  from 0, < 2013.2.1-1
• —CVE-2013-4463OpenStack Nova denial of service through compressed disk images
  from 0, < 2013.2-3
• —CVE-2014-0167OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests
  from 0, < 2013.2.3-1
• —CVE-2013-4469OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image
  from 0, < 2013.2-3
• —CVE-2012-2101Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules
  from 0, < 2012.1-2
• —CVE-2012-2654OpenStack Compute (Nova) Improper Input Validation
  from 0, < 2012.1-6
• —CVE-2012-1585OpenStack Nova Long server names grow nova-api log files significantly
  from 0, < 2012-1~rc3-1
• —CVE-2013-4185OpenStack Nova Denial of Service in network source security groups
  from 0, < 2013.1.2-3
• —CVE-2011-4596OpenStack Nova Multiple directory traversal vulnerabilities
  from 0, < 2012.1~e1-4
• —CVE-2014-3517OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability
  from 0, < 2014.1.1-8
• —CVE-2013-2256OpenStack Compute (Nova) allows remote authenticated users to obtain sensitive information
  from 0, < 2013.1.2-3
• —CVE-2015-0259OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity
  from 0, < 2014.1.3-11
• —CVE-2014-3608OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service
  from 0, < 2014.1.3-1
• —CVE-2014-3708OpenStack Compute (Nova) Denial of Service vulnerability
  from 0, < 2014.1.3-6
• —CVE-2013-7048OpenStack Nova live snapshots use an insecure local directory
  from 0, < 2013.2.2
• —CVE-2015-3280OpenStack Compute (nova) allows remote authenticated users to cause a denial of service
  from 0, < 1:12.0.0-2
• —CVE-2015-3241OpenStack Nova instance migration process does not stop when instance is deleted
  from 0, < 1:12.0.0-2
• —CVE-2015-7713OpenStack Compute (Nova) allows remote attackers to bypass intended restriction
  from 0, < 1:12.0.0-2
• —CVE-2013-6437OpenStack Nova DoS through ephemeral disk backing files
  from 0, < 2013.2.2
• —CVE-2014-8333OpenStack Nova VMware instance leak potentially leading to compute DoS
  from 0, < 2014.1.3-7
• —CVE-2014-7230The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows lo…
  from 0, < 2014.1.3-5
• —CVE-2013-1068The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack…
  from 0, < 2014.1.1-4
• —CVE-2013-6491The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set…
  from 0, < 2013.2.3-1
• —CVE-2013-4261OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occ…
  from 0, < 2013.2-1
• —CVE-2013-0208The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to bo…
  from 0, < 2012.1.1-12
• —CVE-2012-0030Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other u…
  from 0, < 2012.1~rc1-1