George Shuklin discovered that OpenStack Nova incorrectly handled the migration process. A remote authenticated user could use this issue to consume resources, resulting in a denial of service. (CVE-2015-3241)
George Shuklin and Tushar Patil discovered that OpenStack Nova incorrectly handled deleting instances. A remote authenticated user could use this issue to consume disk resources, resulting in a denial of service. (CVE-2015-3280)
It was discovered that OpenStack Nova incorrectly limited qemu-img calls. A remote authenticated user could use this issue to consume resources, resulting in a denial of service. (CVE-2015-5162)
Matthew Booth discovered that OpenStack Nova incorrectly handled snapshots. A remote authenticated user could use this issue to read arbitrary files. (CVE-2015-7548)
Sreekumar S. and Suntao discovered that OpenStack Nova incorrectly applied security group changes. A remote attacker could possibly use this issue to bypass intended restriction changes by leveraging an instance that was running when the change was made. (CVE-2015-7713)
Matt Riedemann discovered that OpenStack Nova incorrectly handled logging. A local attacker could possibly use this issue to obtain sensitive information from log files. (CVE-2015-8749)
Matthew Booth discovered that OpenStack Nova incorrectly handled certain qcow2 headers. A remote authenticated user could possibly use this issue to read arbitrary files. (CVE-2016-2140)
{ "binaries": [ { "binary_name": "nova-ajax-console-proxy", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-api", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-api-ec2", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-api-metadata", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-api-os-compute", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-api-os-volume", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-baremetal", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-cells", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-cert", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-common", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-compute", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-compute-kvm", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-compute-libvirt", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-compute-lxc", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-compute-qemu", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-compute-vmware", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-compute-xen", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-conductor", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-console", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-consoleauth", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-network", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-novncproxy", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-objectstore", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-scheduler", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-spiceproxy", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-volume", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "nova-xvpvncproxy", "binary_version": "1:2014.1.5-0ubuntu1.7" }, { "binary_name": "python-nova", "binary_version": "1:2014.1.5-0ubuntu1.7" } ], "availability": "No subscription required" }