Lucene search
K

274 matches found

Veracode
Veracode
added 2019/01/15 9:1 a.m.23 views

Arbitrary Code Execution

openstack-glance is vulnerable to arbitrary code execution attacks. The vulnerability exists as the Sheepdog backend in OpenStack Image Registry and Delivery Service Glance 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modif...

6CVSS7.1AI score0.01992EPSS
Exploits0References9Affected Software1
Veracode
Veracode
added 2019/01/15 9:1 a.m.24 views

Bypass Access Restriction

The openstack-glance package is vulnerable to access restriction bypass. When Glance downloadimage policy is enforced for cached system images, it allows an authenticated user to guess the image by its UUID and download that image,against the downloadimage policy. It only affects the setups makin...

3.5CVSS6AI score0.03082EPSS
Exploits1References11Affected Software1
Veracode
Veracode
added 2019/01/15 8:54 a.m.20 views

Information Disclosure

openStack-glance is vulnerable to information disclosure. When an error occurs during new image creation in single tenant mode, the endpoint logs usernames and passwords in plaintext. An authenticated user would be able to obtain credentials and gain access to the endpoint as an administrator...

4CVSS5.7AI score0.02965EPSS
Exploits0References16Affected Software1
Veracode
Veracode
added 2019/01/15 8:51 a.m.32 views

Information Disclosure

openstack-glance is vulnerable to information disclosure. A flaw in the way certain image requests are handled allowed an authenticated user to obtain Glance's OpenStack Swift or Amazon S3 credentials...

3.5CVSS5.4AI score0.01356EPSS
Exploits0References17Affected Software1
Veracode
Veracode
added 2019/01/15 8:51 a.m.19 views

Authorization Bypass

openstack-glance is vulnerable to authorization bypass. The API allows remote authenticated users are able to delete arbitrary, non-protected images from Glance servers via an image deletion request...

5.5CVSS5.8AI score0.03318EPSS
Exploits0References19Affected Software1
OSV
OSV
added 2018/07/31 8:29 p.m.8 views

CVE-2016-8611

A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 /images API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation...

6.5CVSS5.8AI score0.02326EPSS
Exploits0References5
OSV
OSV
added 2018/07/31 8:29 p.m.4 views

UBUNTU-CVE-2016-8611

A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 /images API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation...

6.5CVSS6.5AI score0.02326EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2018/07/31 8:29 p.m.21 views

CVE-2016-8611

A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 /images API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation...

6.5CVSS6.6AI score0.02326EPSS
Exploits0References3
OSV
OSV
added 2018/07/31 8:29 p.m.3 views

DEBIAN-CVE-2016-8611

A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 /images API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation...

6.5CVSS6AI score0.02326EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/07/31 8:0 p.m.27 views

CVE-2016-8611

A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 /images API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation...

4.3CVSS6.4AI score0.02326EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2018/07/31 8:0 p.m.51 views

CVE-2016-8611

A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 /images API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation...

6.5CVSS5.5AI score0.02326EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2018/07/31 12:0 a.m.6 views

PT-2018-5031 · Openstack +1 · Openstack Glance +1

Name of the Vulnerable Software and Affected Versions: Openstack Glance affected versions not specified Description: A vulnerability was found in Openstack Glance where no limits are enforced within the Glance image service for both v1 and v2 "/images" API POST method for authenticated users. Thi...

9.8CVSS6.5AI score0.30921EPSS
Exploits7References79
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:0 a.m.22 views

Security Bulletin: IBM PowerVC is impacted by OpenStack Glance server-side request forgery (CVE-2017-7200)

Summary IBM PowerVC may disclose some sensitive information while creating images with 'copyfrom' feature in the v1 Image Service API. Vulnerability Details CVEID: CVE-2017-7200 DESCRIPTION: OpenStack Glance is vulnerable to server-side request forgery, caused by a flaw in the 'copyfrom' feature ...

5.8CVSS0.6AI score0.02034EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/10/12 12:0 a.m.27 views

Ubuntu 14.04 LTS : OpenStack Glance vulnerabilities (USN-3446-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3446-1 advisory. Hemanth Makkapati discovered that OpenStack Glance incorrectly handled access restrictions. A remote authenticated user could use this issue to change th...

6.8CVSS5.2AI score0.02376EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2017/10/12 12:0 a.m.25 views

Ubuntu: Security Advisory (USN-3446-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS4.6AI score0.02376EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2017/10/11 11:24 a.m.58 views

USN-3446-1: OpenStack Glance vulnerabilities

Hemanth Makkapati discovered that OpenStack Glance incorrectly handled access restrictions. A remote authenticated user could use this issue to change the status of images, contrary to access restrictions. CVE-2015-5251 Mike Fedosin and Alexei Galkin discovered that OpenStack Glance incorrectly...

6.8CVSS5AI score0.02376EPSS
Exploits0
OSV
OSV
added 2017/10/02 6:6 p.m.1 views

SUSE-SU-2017:2628-1 Security update for openstack-glance

This update for openstack-glance fixes the following issues: - Restrict imagelocation metadata When showmultiplelocations is enabled in Glance, any user can rewrite the metadata information for locations, causing a security breach. bsc1023507...

6.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2017/06/29 12:52 p.m.25 views

CVE-2016-4383

An immutability flaw was discovered in openstack-glance, where the glance-manage DB allows deleted image IDs to be reassigned. The flaw could be exploited to allow remote authenticated users to cause other users to boot into a malicious image without knowing it. Mitigation For this flaw to be...

8.5CVSS2.9AI score0.02742EPSS
Exploits0References1
OSV
OSV
added 2017/06/27 8:29 p.m.5 views

CVE-2016-4383

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change...

8.4CVSS7.9AI score
Exploits0References7
NVD
NVD
added 2017/06/27 8:29 p.m.17 views

CVE-2016-4383

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change...

8.5CVSS8AI score0.02742EPSS
Exploits0References4
Rows per page
Query Builder