7809 matches found
PYSEC-2015-39
The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...
PYSEC-2015-39
The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...
Code injection
The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...
CVE-2015-5163
OpenStack Glance is affected by CVE-2015-5163 in the 2015.1.x line prior to 2015.1.2 (kilo). The V2 API allows remote authenticated users to read arbitrary files via a crafted qcow2 backing file during image import. The issue arises from how a backing file is processed and file content is read, e...
CVE-2015-5163
The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...
CVE-2015-5163
The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...
PT-2015-6790 · Openstack · Openstack Image Service
Name of the Vulnerable Software and Affected Versions: OpenStack Image Service Glance versions 2015.1.x before 2015.1.2 kilo Description: The issue allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image when using the V2 API. Recommendations: For...
Important: Red Hat Security Advisory: openstack-glance security update
Updated openstack-glance packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0. Red Hat Product Security has rated this update as having an Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
openstack-glance: Glance v2 API host file disclosure through qcow2 backing file
A flaw was found in the OpenStack Image Service glance import task action. When processing a malicious qcow2 header, glance could be tricked into reading an arbitrary file from the glance host. Only setups using the glance V2 API are affected by this flaw...
CVE-2015-3289
OpenStack Glance before 2015.1.1 kilo allows remote authenticated users to cause a denial of service disk consumption by repeatedly using the import task flow API to create images and then deleting them...
DEBIAN-CVE-2015-3289
OpenStack Glance before 2015.1.1 kilo allows remote authenticated users to cause a denial of service disk consumption by repeatedly using the import task flow API to create images and then deleting them...
CVE-2015-3289
OpenStack Glance before 2015.1.1 kilo allows remote authenticated users to cause a denial of service disk consumption by repeatedly using the import task flow API to create images and then deleting them...
CVE-2015-3289
OpenStack Glance before 2015.1.1 kilo allows remote authenticated users to cause a denial of service disk consumption by repeatedly using the import task flow API to create images and then deleting them...
Design/Logic Flaw
OpenStack Glance before 2015.1.1 kilo allows remote authenticated users to cause a denial of service disk consumption by repeatedly using the import task flow API to create images and then deleting them...
CVE-2015-3289
OpenStack Glance before 2015.1.1 kilo allows remote authenticated users to cause a denial of service disk consumption by repeatedly using the import task flow API to create images and then deleting them...
CVE-2015-3289
OpenStack Glance prior to 2015.1.1 (kilo) is affected. Affected component: Glance’s image import task flow API. Root cause: remote authenticated users can repeatedly invoke the import task flow API to create images and then delete them, leading to denial of service via disk consumption. Impact: d...
CVE-2015-3289
OpenStack Glance before 2015.1.1 kilo allows remote authenticated users to cause a denial of service disk consumption by repeatedly using the import task flow API to create images and then deleting them...
OpenStack Glance Denial of Service Vulnerability (CNVD-2015-05221)
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration in collaboration with Rackspace, Inc. OpenStack Image Registry and Delivery Service Glance is a project that stores, queries, and retrieves virtual machine images. A denial-of-service...
OpenStack Designate 'mDNS' Service Denial of Service Vulnerability
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA and Rackspace, Inc. in the United States. A denial of service vulnerability exists in OpenStack Designate 'mDNS' Service, which allows remote attackers to exploit this vulnerabilit...
Fedora 22 : openstack-swift-2.2.0-5.fc22 (2015-12245)
This update fixes CVE-2015-1856, unauthorized deletion of versioned Swift object. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...