Lucene search
K

272 matches found

CVE
CVE
added 2023/03/06 12:0 a.m.96 views

CVE-2022-4134

CVE-2022-4134 affects OpenStack Glance. A flaw allows a remote, authenticated attacker to tamper with uploaded images, compromising the integrity of virtual machines created from those images. The available sources describe the vulnerable component as openstack-glance and confirm the impact is im...

2.8CVSS3.6AI score0.00323EPSS
Exploits0References3Affected Software2
RedHat Linux
RedHat Linux
added 2023/02/28 3:48 p.m.4 views

openstack: Arbitrary file access through custom VMDK flat descriptor

A flaw was found in OpenStack-nova, Openstack-glance, and Openstack-cinder. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized...

5.7CVSS7.3AI score0.01025EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/02/28 3:48 p.m.5 views

openstack: Arbitrary file access through custom VMDK flat descriptor

A flaw was found in OpenStack-nova, Openstack-glance, and Openstack-cinder. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized...

5.7CVSS7.3AI score0.01025EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:44 a.m.6 views

SUSE CVE-2012-4573

The v1 API in OpenStack Glance Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482...

5.5CVSS6.7AI score0.03318EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:43 a.m.5 views

SUSE CVE-2012-5482

The v2 API in OpenStack Glance Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573...

5.5CVSS6.7AI score0.02722EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.5 views

SUSE CVE-2013-1840

The v1 API in OpenStack Glance Essex 2012.1, Folsom 2012.2, and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image...

3.5CVSS6.5AI score0.01356EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:36 a.m.6 views

SUSE CVE-2013-4354

The API before 2.1 in OpenStack Image Registry and Delivery Service Glance makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image...

2.1CVSS6.3AI score0.00338EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:30 a.m.4 views

SUSE CVE-2014-1948

OpenStack Image Registry and Delivery Service Glance 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading th...

2.6CVSS6.5AI score0.00314EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:24 a.m.4 views

SUSE CVE-2014-9493

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property...

5.5CVSS6.8AI score0.0277EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:24 a.m.3 views

SUSE CVE-2014-9623

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting an image in the saving state...

4CVSS6.6AI score0.02844EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:24 a.m.5 views

SUSE CVE-2014-9684

OpenStack Image Registry and Delivery Service Glance 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service disk consumption by creating a large number of images using the task v2 API and then deleting them before the uploads...

4CVSS6.6AI score0.01981EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:21 a.m.5 views

SUSE CVE-2015-1881

OpenStack Image Registry and Delivery Service Glance 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service disk consumption by creating a large number of images using the task v2 API and then deleting them, a different...

4CVSS6.4AI score0.02101EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.7 views

SUSE CVE-2015-3289

OpenStack Glance before 2015.1.1 kilo allows remote authenticated users to cause a denial of service disk consumption by repeatedly using the import task flow API to create images and then deleting them...

4CVSS6.7AI score0.01307EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.3 views

SUSE CVE-2015-5163

The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...

3.5CVSS6.7AI score0.01499EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.3 views

SUSE CVE-2015-5286

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting images that are being uploaded using a token that expires during the process. NOTE: this...

6.8CVSS6.8AI score0.02376EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:12 a.m.4 views

SUSE CVE-2015-8234

The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision...

5.5CVSS6.9AI score0.01176EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:57 a.m.5 views

SUSE CVE-2016-8611

A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 /images API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation...

4.3CVSS7.7AI score0.02326EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:48 a.m.4 views

SUSE CVE-2017-7200

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...

5.8CVSS6.9AI score0.02034EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:30 a.m.4 views

SUSE CVE-2022-4134

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images...

2.8CVSS4.4AI score0.00323EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/02/01 12:0 a.m.20 views

Ubuntu: Security Advisory (USN-5835-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.7CVSS5.7AI score0.01025EPSS
Exploits1References2
Rows per page
Query Builder