 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.12.2023.5866.1 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-5866-1) |
| Summary: | The remote host is missing an update for the 'nova' package(s) announced via the USN-5866-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'nova' package(s) announced via the USN-5866-1 advisory. Vulnerability Insight: It was discovered that Nova did not properly manage data logged into the log file. An attacker with read access to the service's logs could exploit this issue and may obtain sensitive information. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2015-9543) It was discovered that Nova did not properly handle attaching and reattaching the encrypted volume. An attacker could possibly use this issue to perform a denial of service attack. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-18191) It was discovered that Nova did not properly handle the updation of domain XML after live migration. An attacker could possibly use this issue to corrupt the volume or perform a denial of service attack. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-17376) It was discovered that Nova was not properly validating the URL passed to noVNC. An attacker could possibly use this issue by providing malicious URL to the noVNC proxy to redirect to any desired URL. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2021-3654) It was discovered that Nova did not properly handle changes in the neutron port of vnic_type type. An authenticated user could possibly use this issue to perform a denial of service attack. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-37394) Affected Software/OS: 'nova' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-9543 https://launchpad.net/bugs/1492140 https://review.opendev.org/220622 http://www.openwall.com/lists/oss-security/2020/02/19/2 Common Vulnerability Exposure (CVE) ID: CVE-2017-18191 BugTraq ID: 103104 http://www.securityfocus.com/bid/103104 http://openwall.com/lists/oss-security/2018/04/20/3 RedHat Security Advisories: RHSA-2018:2332 https://access.redhat.com/errata/RHSA-2018:2332 RedHat Security Advisories: RHSA-2018:2714 https://access.redhat.com/errata/RHSA-2018:2714 RedHat Security Advisories: RHSA-2018:2855 https://access.redhat.com/errata/RHSA-2018:2855 Common Vulnerability Exposure (CVE) ID: CVE-2020-17376 http://www.openwall.com/lists/oss-security/2020/08/25/4 https://launchpad.net/bugs/1890501 Common Vulnerability Exposure (CVE) ID: CVE-2021-3654 https://security.gentoo.org/glsa/202305-02 https://bugs.launchpad.net/nova/+bug/1927677 https://bugs.python.org/issue32084 https://bugzilla.redhat.com/show_bug.cgi?id=1961439 https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66 https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb https://security.openstack.org/ossa/OSSA-2021-002.html https://www.openwall.com/lists/oss-security/2021/07/29/2 Common Vulnerability Exposure (CVE) ID: CVE-2022-37394 https://bugs.launchpad.net/ossa/+bug/1981813 https://review.opendev.org/c/openstack/nova/+/849985 https://review.opendev.org/c/openstack/nova/+/850003 |
| Copyright | Copyright (C) 2023 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |