47 matches found
EUVD-2013-4238
Malware in sbrugna...
EUVD-2015-0036
Malware in sbrugna...
EUVD-2022-4907
Malicious code in bioql PyPI...
EUVD-2022-4019
Malicious code in bioql PyPI...
RHEL 7 : openstack-cinder, openstack-glance, and openstack-nova update (Moderate) (RHSA-2016:2991)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:2991 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...
Linux Distros Unpatched Vulnerability : CVE-2014-0162
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Sheepdog backend in OpenStack Image Registry and Delivery Service Glance 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated...
RHEL 6 : openstack-glance (RHSA-2014:1685)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1685 advisory. OpenStack Image service glance provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or...
RHEL 7 : openstack-cinder, openstack-glance, and openstack-nova (RHSA-2017:0282)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0282 advisory. The Oslo concurrency library has utilities for safely running multi-thread, multi-process applications using locking mechanisms, and for running...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-glance-store) security update
An update for python-glance-store is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.0 (openstack-glance) security update
An update for openstack-glance is now available for Red Hat OpenStack Platform 17.0 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
SUSE CVE-2015-5162
The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service memory and disk consumption via a crafted disk image...
GHSA-GVJG-R9FV-7QX9 OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service
OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting images that are being uploaded using a token that expires during the process. NOTE: this...
Authorization Bypass
openstack-glance is vulnerable to authorization bypass. A flaw was discovered in the OpenStack Image service where a tenant could manipulate the status of their images by submitting an HTTP PUT request together with an 'x-image-meta-status' header. A malicious tenant could exploit this flaw to...
Arbitrary File Read
openstack-glance is vulnerable to arbitrary file read. A flaw was found in the OpenStack Image Service glance import task action. When processing a malicious qcow2 header, glance could be tricked into reading an arbitrary file from the glance host. Only setups using the glance V2 API are affected...
Arbitrary File Read
openstack-glance is vulnerable to arbitrary file read attacks. The vulnerability exists as the V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the...
Information Disclosure
openstack-glance is vulnerable to information disclosure attacks. The vulnerability exists as OpenStack Image Registry and Delivery Service Glance 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING...
openstack-nova/glance/cinder: Malicious image may exhaust resources
A resource vulnerability in the OpenStack Compute nova, Block Storage cinder, and Image glance services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host...
CVE-2016-0757
OpenStack Image Service Glance before 2015.1.3 kilo and 11.0.x before 11.0.2 liberty, when showmultiplelocations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image...
PT-2016-4404 · Openstack +1 · Openstack Image Service +1
Name of the Vulnerable Software and Affected Versions: OpenStack Image Service Glance versions prior to 2015.1.3 kilo OpenStack Image Service Glance versions 11.0.x prior to 11.0.2 liberty Description: The issue allows remote authenticated users to tamper with images, potentially compromising the...
Low: Red Hat Security Advisory: openstack-glance security update
Updated openstack-glance packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a Low security impact. Common Vulnerability Scoring System CVSS base scores, which give...