Skip to main content

Compute

11 CVEs product

Monthly

CVE-2015-2687 PyPI MEDIUM PATCH This Month

OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for. Rated medium severity (CVSS 4.7).

Authentication Bypass Compute
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2014-0134 PyPI LOW PATCH Monitor

The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Compute
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-0167 PyPI MEDIUM PATCH This Month

The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules,. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Privilege Escalation Compute Icehouse
NVD VulDB
CVSS 2.0
6.0
EPSS
0.4%
CVE-2014-2573 PyPI LOW PATCH Monitor

The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a. Rated low severity (CVSS 2.3).

Denial Of Service Privilege Escalation VMware Compute
NVD VulDB
CVSS 2.0
2.3
EPSS
0.1%
CVE-2013-7130 PyPI HIGH PATCH This Week

The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Compute Grizzly Havana Icehouse
NVD
CVSS 2.0
7.1
EPSS
2.5%
CVE-2013-2030 PyPI LOW PATCH Monitor

keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Privilege Escalation Compute Folsom Grizzly Havana
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2013-4185 PyPI MEDIUM POC PATCH This Month

Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Compute Openstack
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2013-4278 PyPI LOW PATCH Monitor

The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Privilege Escalation Compute
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-4179 PyPI MEDIUM POC PATCH This Month

The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Havana Compute
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2012-3371 PyPI LOW POC PATCH Monitor

The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Compute Essex Folsom
NVD GitHub
CVSS 2.0
3.5
EPSS
0.9%
CVE-2012-2654 PyPI MEDIUM POC PATCH This Month

The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Authentication Bypass Compute Diablo Essex
NVD GitHub
CVSS 2.0
4.3
EPSS
1.2%
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for. Rated medium severity (CVSS 4.7).

Authentication Bypass Compute
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Compute
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules,. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Privilege Escalation Compute Icehouse
NVD VulDB
EPSS 0% CVSS 2.3
LOW PATCH Monitor

The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a. Rated low severity (CVSS 2.3).

Denial Of Service Privilege Escalation VMware +1
NVD VulDB
EPSS 3% CVSS 7.1
HIGH PATCH This Week

The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Compute Grizzly +2
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Privilege Escalation Compute Folsom +2
NVD
EPSS 1% CVSS 4.0
MEDIUM POC PATCH This Month

Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Compute Openstack
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Privilege Escalation Compute
NVD
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Havana +1
NVD
EPSS 1% CVSS 3.5
LOW POC PATCH Monitor

The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Compute Essex +1
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Authentication Bypass Compute Diablo +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy