pkg:Debian/nova

All known vulnerabilities

• CRITICAL9.8CVE-2017-7214OpenStack Nova logs sensitive context from notification exceptions
  from 0, < 2:14.0.0-4
• HIGH8.6CVE-2017-17051OpenStack Nova DoS by rebuilding the same instance with a new image multiple times
  from 0, < 2:16.0.3-6
• HIGH8.3OpenStack Nova Live migration fails to update persistent domain XML
  from 0, < 2:21.1.0-1
• HIGH8.2nova - security update
  from 0, < 2:22.4.0-1~deb11u7
• HIGH8.2nova - security update
  from 0, < 2:22.4.0-1~deb11u7
• HIGH8.2nova - security update
  from 0, < 2:26.2.2-1~deb12u4
• HIGH7.5OpenStack Nova Live migration can leak root disk into ephemeral storage
  from 0, < 2013.2.2
• HIGH7.5OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption
  from 0, < 2:13.0.0-1
• HIGH7.5OpenStack Nova Denial of service attack on the compute host
  from 0, < 2:17.0.0-1
• MEDIUM6.5nova - security update
  from 0, < 2:26.2.2-1~deb12u3
• MEDIUM6.5nova - security update
  from 0, < 2:22.4.0-1~deb11u5
• MEDIUM6.5nova - security update
  from 0, < 2:22.4.0-1~deb11u5
• MEDIUM6.5cinder - security update
  from 0
• MEDIUM6.5nova - security update
  from 0, < 2:19.0.2-1
• MEDIUM6.5nova - security update
  from 0, < 2:18.1.0-6+deb10u1
• MEDIUM6.5OpenStack Nova VMWare driver leaks rescued images
  from 0, < 2014.1-9
• MEDIUM6.5Arbitrary file overwrite in OpenStack Nova
  from 0, < 2012.1.1-6
• MEDIUM6.5OpenStack Compute (Nova) Denial of service via a large number of calls to the addFixedIp function
  from 0, < 2012.1.1-15
• MEDIUM6.5nova - security update
  from 0, < 2:14.0.0-4+deb9u1
• MEDIUM6.5nova - security update
  from 0, < 2:16.0.3-1
• MEDIUM6.5OpenStack Compute Nova Unauthorised access to arbitrary VM using VNC token from deleted VM
  from 0, < 2012.1.1-14
• MEDIUM6.5OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a d…
  from 0, < 2:13.1.0-1
• MEDIUM6.1Open Redirect in CPython that affects users of OpenStack Nova
  from 0
• MEDIUM5.9OpenStack Nova Potential Xen connection password leak via StorageError
  from 0, < 2:13.0.0~rc3-1
• MEDIUM5.9OpenStack Nova Exposure of Sensitive Information to an Unauthorized Actor
  from 0, < 2012.1~e1-1
• MEDIUM5.7cinder - security update
  from 0, < 2:22.0.1-2+deb11u1
• MEDIUM5.7cinder - security update
  from 0, < 2:22.0.1-2+deb11u1
• MEDIUM5.7cinder - security update
  from 0, < 2:18.1.0-6+deb10u2
• MEDIUM5.5OpenStack nova base images permissions are world readable
  from 0
• MEDIUM5.3OpenStack Nova host data access through resize/migration
  from 0, < 2:13.0.0-1
• MEDIUM4.7OpenStack Compute (Nova) Improper Access Control
  from 0, < 2014.1-1
• LOW3.5OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_image…
  from 0, < 2:13.0.0~rc3-1
• LOW3.3OpenStack Nova Changing vnic_type breaks compute service restart
  from 0
• LOW3.3OpenStack Nova can leak consoleauth token into log files
  from 0, < 2:20.1.1-1
• LOW3.1OpenStack Nova host data leak to vm instance in rescue mode
  from 0, < 2013.2.2-4
• LOW2.8Openstack nova qcow format could expose host filesystem information
  from 0, < 2012.1~e1-1
• —OpenStack Nova Arbitrary file injection/corruption through directory traversal issues
  from 0, < 2012.1.1-2
• —OpenStack Nova Directory traversal vulnerability
  from 0, < 2012.1.1-2
• —OpenStack Nova Scheduler denial of service through scheduler_hints
  from 0, < 2012.1.1-5
• —XML Entity Expansion (XEE) in Django
  from 0, < 2012.1.1-13
• —OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors
  from 0, < 2013.1.3-1
• —OpenStack Compute (Nova) vulnerable to denial of service via XML Entity Expansion attack
  from 0, < 2013.1.3-1
• —OpenStack Compute Nova Improper Access Control
  from 0, < 2013.2-1
• —OpenStack Compute (Nova) does not verify the virtual size of a QCOW2 image
  from 0, < 2013.1.2-2
• —OpenStack Nova Router metadata queries are not restricted by tenant
  from 0, < 2013.2.1-1
• —OpenStack Nova denial of service through compressed disk images
  from 0, < 2013.2-3
• —OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests
  from 0, < 2013.2.3-1
• —OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image
  from 0, < 2013.2-3
• —Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules
  from 0, < 2012.1-2
• —OpenStack Compute (Nova) Improper Input Validation
  from 0, < 2012.1-6
• —OpenStack Nova Long server names grow nova-api log files significantly
  from 0, < 2012-1~rc3-1
• —OpenStack Nova Denial of Service in network source security groups
  from 0, < 2013.1.2-3
• —OpenStack Nova Multiple directory traversal vulnerabilities
  from 0, < 2012.1~e1-4
• —OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability
  from 0, < 2014.1.1-8
• —OpenStack Compute (Nova) allows remote authenticated users to obtain sensitive information
  from 0, < 2013.1.2-3
• —OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity
  from 0, < 2014.1.3-11
• —OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service
  from 0, < 2014.1.3-1
• —OpenStack Compute (Nova) Denial of Service vulnerability
  from 0, < 2014.1.3-6
• —OpenStack Nova live snapshots use an insecure local directory
  from 0, < 2013.2.2
• —OpenStack Compute (nova) allows remote authenticated users to cause a denial of service
  from 0, < 1:12.0.0-2
• —OpenStack Nova instance migration process does not stop when instance is deleted
  from 0, < 1:12.0.0-2
• —OpenStack Compute (Nova) allows remote attackers to bypass intended restriction
  from 0, < 1:12.0.0-2
• —OpenStack Nova DoS through ephemeral disk backing files
  from 0, < 2013.2.2
• —OpenStack Nova VMware instance leak potentially leading to compute DoS
  from 0, < 2014.1.3-7
• —The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows lo…
  from 0, < 2014.1.3-5
• —The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack…
  from 0, < 2014.1.1-4
• —The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set…
  from 0, < 2013.2.3-1
• —OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occ…
  from 0, < 2013.2-1
• —The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to bo…
  from 0, < 2012.1.1-12
• —Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other u…
  from 0, < 2012.1~rc1-1