Nova

Latest version: v30.0.0

Vulnerabilities (56)

CVE/PVE	Vulnerability ID	Advisory	Affected versions	Severity	Severity Score
CVE-2024-40767	72371	In OpenStack Nova affected versions, by supplying a raw format image …	<=27.4.0 >=28.0.0,<=28.2.0 >=29.0.0,<=29.1.0	MEDIUM	6.5
CVE-2023-2088	58668	Nova 27.1.0, 26.2.0 and 25.2.0 include a fix for CVE-2023-2088: A fla…	<25.2.0 >=26.0.0.0rc1,<26.2.0 >=27.0.0.0rc1,<27.1.0	MEDIUM	6.5
CVE-2022-47951	52932	Nova 24.1.2, 25.0.2 and 26.0.0 include a fix for CVE-2022-47951: An i…	<24.1.2 >=25.0.0.0rc1,<25.0.2 >=26.0.0.0rc1,<26.0.0	MEDIUM	5.7
CVE-2022-37394	50455	Nova versions 23.2.2, 24.1.2 and 25.0.2 include a fix for CVE-2022-37…	<23.2.2 >=24.0.0.0rc1,<24.1.2 >=25.0.0.0rc1,<25.0.2	LOW	3.3
CVE-2014-0134	68020	The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 20…	>=2010.1-rc2,<2013 >=2013.2,<2013.2.3 >=2014,<2014.1	LOW	3.5
CVE-2020-17376	38722	An issue was discovered in Guest.migrate in virt/libvirt/guest.py in …	<19.3.1 >=20.0.0.0rc1,<20.3.1 ==21.0.0	HIGH	8.3
CVE-2015-9543	37903	An issue was discovered in OpenStack Nova before 18.2.4, 19.x before …	<18.2.4 >=20.0.0.0rc1,<20.1.0 >=19.0.0.0rc1,<19.1.0	LOW	3.3
CVE-2019-14433	37361	Nova 17.0.12, 18.2.2 and 19.0.2 include a fix for CVE-2019-14433: An …	<17.0.12 >=18.0.0.0rc1,<18.2.2 >=19.0.0.0rc1,<19.0.2	MEDIUM	6.5
CVE-2017-16239	67536	In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x throu…	<14.0.9 >=15.0.0,<=15.0.7 <=16.0.0,>=16.0.2	MEDIUM	6.5
CVE-2017-7214	67542	An issue was discovered in exception_wrapper.py in OpenStack Nova 13.…	>=13.0.0,<=13.1.3 >=14.0.0,<=14.0.4 >=15.0.0,<=15.0.1	CRITICAL	9.8
CVE-2015-3241	70419	OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earli…	>=2014.2,<=2014.2.3 >=2015.1.0,<=2015.1.1	MEDIUM	6.8
CVE-2014-3708	35568	OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1…	>=2014.2.0,<2014.2.1 >=2010,<2014.1.4	MEDIUM	4.0
CVE-2013-6437	68000	The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and ic…	>=2013,<2013.2.2 >=2014,<2014.1	MEDIUM	4.0
CVE-2013-6419	67989	Interaction error in OpenStack Nova and Neutron before Havana 2013.2.…	>=2013,<2013.2.1 >=2014,<2014.1	MEDIUM	5.0
CVE-2013-7048	68001	OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earli…	>=2013.1,<=2013.1.4 >=2013.2,<=2013.2.1	LOW	3.3
CVE-2015-3280	35617	OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2…	>=2010,<2014.2.4 >=2015.1,<2015.1.2	MEDIUM	6.8
CVE-2015-7713	35650	OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2…	>=2010,<2014.2.4 >=2015.1,<2015.1.2	MEDIUM	5.0
CVE-2015-0259	35599	OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, a…	>=2010,<2014.1.4 >=2014.2,<2014.2.3	MEDIUM	5.1
CVE-2014-3517	35556	api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, …	>=2010,<2013.2.4 >=2014,<2014.1.2	MEDIUM	4.3
CVE-2017-18191	67540	An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.…	>=15.0.0,<=15.1.0 >=16.0.0,<=16.1.1	HIGH	7.5
CVE-2015-5162	53780	The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; G…	<12.0.4 ==13.0.0	HIGH	7.5
CVE-2016-2140	70525	The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo)…	>=12.0.0,<12.0.3 >=2010,<2015.1.4	MEDIUM	5.3
CVE-2015-7548	70437	OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.…	>=12.0.0,<12.0.1 >=2010,<2015.1.3	LOW	3.5
CVE-2015-8749	70436	The volume_utils._parse_volume_info function in OpenStack Compute (No…	>=12.0.0,<12.0.1 >=2010,<2015.1.3	MEDIUM	5.9
CVE-2024-32498	72149	An security flaw in affected versions of OpenStack Nova allows arbitr…	<30.0.0.0rc1	MEDIUM	6.5
CVE-2021-3654	45513	Nova 24.0.0 includes a fix for CVE-2021-3654: A vulnerability was fou…	<24.0.0	MEDIUM	6.1
CVE-2014-8333	70421	The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows …	>=2014.1,<2014.1.4	MEDIUM	4.0
CVE-2014-8750	70420	Race condition in the VMware driver in OpenStack Compute (Nova) befor…	>=2014.1,<2014.1.4	MEDIUM	6.5
CVE-2013-4497	67988	The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and H…	>=2013,<=2013.2	MEDIUM	6.4
CVE-2013-2096	67985	OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify …	>=2013,<2013.1.5	LOW	2.1
CVE-2014-0167	35507	The Nova EC2 API security group implementation in OpenStack Compute (…	>=2013.1,<2013.2.4	MEDIUM	6.0
CVE-2013-0335	67983	OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1)…	>=2012,<2013.1.g3	MEDIUM	6.0
CVE-2013-1838	67986	OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1)…	>=2012,<=2012.2	MEDIUM	4.0
CVE-2012-3447	35368	virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2…	>=2012.1.0,<2012.1.2	MEDIUM	4.9
CVE-2011-4596	62097	Multiple directory traversal vulnerabilities in OpenStack Nova before…	>=2011.3,<2011.3.1	MEDIUM	6.0
CVE-2012-1585	67999	OpenStack Compute (Nova) Essex before 2011.3 allows remote authentica…	>=2011.1,<2011.3	MEDIUM	4.0
CVE-2014-7231	70431	The strutils.mask_password function in the OpenStack Oslo utility lib…	>2010,<=2014.1.5	LOW	2.1
CVE-2014-3608	35563	The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows …	>=2010,<2014.1.3	LOW	2.7
CVE-2014-2573	70460	The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2…	>2010,<2013.2.4	LOW	2.3
CVE-2013-4278	70564	The "create an instance" API in OpenStack Compute (Nova) Folsom, Griz…	>2010,<2013.2	LOW	3.5
CVE-2013-2256	35434	OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 d…	>=2010,<2013.1.3	MEDIUM	6.0
CVE-2013-4179	35437	The security group extension in OpenStack Compute (Nova) Grizzly 2013…	>=2010,<2013.1.3	MEDIUM	4.3
CVE-2013-2161	68030	XML injection vulnerability in account/utils.py in OpenStack Swift Fo…	>=2010.1-rc2,<2014	HIGH	7.5
CVE-2013-4463	68026	OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properl…	>=2010.1-rc2,<=2013.2.4	LOW	2.1
CVE-2013-4185	68029	Algorithmic complexity vulnerability in OpenStack Compute (Nova) befo…	>=2010.1-rc2,<2013.2.3	MEDIUM	4.0
CVE-2013-0208	68025	The boot-from-volume feature in OpenStack Compute (Nova) Folsom and E…	>=2010.1-rc2,<2013.1.1	MEDIUM	6.5
CVE-2012-5625	68024	OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when usi…	>=2010.1-rc2,<=2012.2.2	MEDIUM	4.3
CVE-2012-2654	68021	The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.…	>=2010.1-rc2,<=2012.2	MEDIUM	4.3
CVE-2012-3371	68023	The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Es…	>=2010.1-rc2,<=2012.2	LOW	3.5
CVE-2012-0030	68027	Nova 2011.3 and Essex, when using the OpenStack API, allows remote au…	>=2010.1-rc2,<=2012.1.3	MEDIUM	4.9
CVE-2012-2101	68028	Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit th…	>=2010.1-rc2,<=2012.1	LOW	3.5
CVE-2013-1068	25905	The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2…	>=2000,<2013.2.3	MEDIUM	5.0
CVE-2011-3147	37087	Versions of nova before 2012.1 could expose hypervisor host files to …	>=2000,<2012.1	HIGH	8.6
CVE-2011-4076	37736	OpenStack Nova before 2012.1 allows someone with access to an EC2_ACC…	>=2000,<2012.1	MEDIUM	5.9
CVE-2017-17051	67537	An issue was discovered in the default FilterScheduler in OpenStack N…	<16.0.4	HIGH	8.6
CVE-2013-0326	37745	OpenStack nova base images permissions are world readable. No fixes o…	>0	MEDIUM	5.5