Every CVE whose affected-product data names Openstack Nova, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (39)
CVE-2017-7214 — CVSS 9.8 (critical): An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy…
CVE-2011-3147 — CVSS 8.6 (high): Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed…
CVE-2017-17051 — CVSS 8.6 (high): An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an…
CVE-2020-17376 — CVSS 8.3 (high): An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By…
CVE-2017-18191 — CVSS 7.5 (high): An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an…
CVE-2015-5162 — CVSS 7.5 (high): The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does…
CVE-2015-3241 — CVSS 6.8 (medium): OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted…
CVE-2015-3280 — CVSS 6.8 (medium): OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes…
CVE-2019-14433 — CVSS 6.5 (medium): An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an…
CVE-2017-16239 — CVSS 6.5 (medium): In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be…
CVE-2024-40767 — CVSS 6.5 (medium): In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2…
CVE-2024-32498 — CVSS 6.5 (medium): An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur…
CVE-2014-8750 — CVSS 6.5 (medium): Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated…
CVE-2021-3654 — CVSS 6.1 (medium): A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any…
CVE-2011-4596 — CVSS 6.0 (medium): Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage…
CVE-2013-2256 — CVSS 6.0 (medium): OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property…
CVE-2011-4076 — CVSS 5.9 (medium): OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY…
CVE-2015-8749 — CVSS 5.9 (medium): The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes…
CVE-2022-47951 — CVSS 5.7 (medium): An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and…
CVE-2026-46448 — CVSS 5.4 (medium): In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.
CVE-2016-2140 — CVSS 5.3 (medium): The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and…
CVE-2015-0259 — CVSS 5.1 (medium): OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket…
CVE-2015-7713 — CVSS 5.0 (medium): OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which…
CVE-2012-0030 — CVSS 4.9 (medium): Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other…
CVE-2012-3447 — CVSS 4.9 (medium): virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to…
CVE-2014-3517 — CVSS 4.3 (medium): api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata…
CVE-2013-6437 — CVSS 4.0 (medium): The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a…
CVE-2012-1585 — CVSS 4.0 (medium): OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk…
CVE-2014-3708 — CVSS 4.0 (medium): OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU…
CVE-2014-8333 — CVSS 4.0 (medium): The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk…
CVE-2012-2101 — CVSS 3.5 (low): Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated…
CVE-2015-7548 — CVSS 3.5 (low): OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and…
CVE-2015-9543 — CVSS 3.3 (low): An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into…
CVE-2022-37394 — CVSS 3.3 (low): An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the…
CVE-2013-7048 — CVSS 3.3 (low): OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the…
CVE-2014-3608 — CVSS 2.7 (low): The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a…
CVE-2014-7230 — CVSS 2.1 (low): The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows…
CVE-2014-7231 — CVSS 2.1 (low): The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before…