Search CVE reports


Toggle filters

1 – 10 of 14 results


CVE-2024-32498

Medium priority

Some fixes available 15 of 21

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references...

3 affected packages

cinder, glance, nova

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cinder Fixed Fixed Fixed Needs evaluation Needs evaluation
glance Fixed Fixed Fixed Needs evaluation Needs evaluation
nova Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2023-2088

Medium priority

Some fixes available 10 of 30

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their...

5 affected packages

cinder, ironic, nova, python-glance-store, python-os-brick

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cinder Fixed Ignored Ignored Ignored
ironic Fixed Ignored Ignored Ignored
nova Fixed Ignored Ignored Ignored
python-glance-store Fixed Ignored Ignored Ignored
python-os-brick Fixed Ignored Ignored Ignored
Show less packages

CVE-2022-47951

Medium priority

Some fixes available 23 of 25

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially...

3 affected packages

cinder, glance, nova

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cinder Fixed Fixed Fixed Fixed Vulnerable
glance Fixed Fixed Fixed Not affected Not affected
nova Fixed Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2020-10755

Low priority

Some fixes available 4 of 17

An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions...

2 affected packages

cinder, python-os-brick

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cinder Not affected Not affected Fixed Fixed Vulnerable
python-os-brick Not affected Not affected Fixed Fixed Vulnerable
Show less packages

CVE-2013-2255

Low priority
Ignored

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.

6 affected packages

cinder, keystone, nova, python-keystoneclient, quantum, swift

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cinder
keystone
nova
python-keystoneclient
quantum
swift
Show less packages

CVE-2017-15139

Low priority

Some fixes available 14 of 15

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using...

1 affected package

cinder

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cinder Fixed Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2015-1851

Medium priority

Some fixes available 1 of 2

OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the...

1 affected package

cinder

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cinder
Show less packages

CVE-2014-7230

Low priority

Some fixes available 2 of 15

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

3 affected packages

cinder, nova, trove

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cinder Not affected Not affected
nova Not affected Not affected
trove Ignored Ignored
Show less packages

CVE-2014-3641

Medium priority
Fixed

The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.

1 affected package

cinder

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cinder
Show less packages

CVE-2013-1068

Medium priority
Fixed

The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0...

2 affected packages

cinder, nova

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cinder
nova
Show less packages