CVE-2015-5163

OpenStack Glance is affected by CVE-2015-5163 in the 2015.1.x line prior to 2015.1.2 (kilo). The V2 API allows remote authenticated users to read arbitrary files via a crafted qcow2 backing file during image import. The issue arises from how a backing file is processed and file content is read, e...

CVE-2015-5163

The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...

CVE-2015-5163

The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...

PT-2015-6790 · Openstack · Openstack Image Service

Name of the Vulnerable Software and Affected Versions: OpenStack Image Service Glance versions 2015.1.x before 2015.1.2 kilo Description: The issue allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image when using the V2 API. Recommendations: For...

openstack-glance: Glance v2 API host file disclosure through qcow2 backing file

A flaw was found in the OpenStack Image Service glance import task action. When processing a malicious qcow2 header, glance could be tricked into reading an arbitrary file from the glance host. Only setups using the glance V2 API are affected by this flaw...

Important: Red Hat Security Advisory: openstack-glance security update

Updated openstack-glance packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0. Red Hat Product Security has rated this update as having an Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

CVE-2015-3289

OpenStack Glance before 2015.1.1 kilo allows remote authenticated users to cause a denial of service disk consumption by repeatedly using the import task flow API to create images and then deleting them...

DEBIAN-CVE-2015-3289

OpenStack Glance before 2015.1.1 kilo allows remote authenticated users to cause a denial of service disk consumption by repeatedly using the import task flow API to create images and then deleting them...

CVE-2015-3289

OpenStack Glance before 2015.1.1 kilo allows remote authenticated users to cause a denial of service disk consumption by repeatedly using the import task flow API to create images and then deleting them...

Design/Logic Flaw

OpenStack Glance before 2015.1.1 kilo allows remote authenticated users to cause a denial of service disk consumption by repeatedly using the import task flow API to create images and then deleting them...

CVE-2015-3289

OpenStack Glance before 2015.1.1 kilo allows remote authenticated users to cause a denial of service disk consumption by repeatedly using the import task flow API to create images and then deleting them...

CVE-2015-3289

OpenStack Glance before 2015.1.1 kilo allows remote authenticated users to cause a denial of service disk consumption by repeatedly using the import task flow API to create images and then deleting them...

CVE-2015-3289

OpenStack Glance before 2015.1.1 kilo allows remote authenticated users to cause a denial of service disk consumption by repeatedly using the import task flow API to create images and then deleting them...

CVE-2015-3289

OpenStack Glance prior to 2015.1.1 (kilo) is affected. Affected component: Glance’s image import task flow API. Root cause: remote authenticated users can repeatedly invoke the import task flow API to create images and then delete them, leading to denial of service via disk consumption. Impact: d...

OpenStack Designate 'mDNS' Service Denial of Service Vulnerability

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA and Rackspace, Inc. in the United States. A denial of service vulnerability exists in OpenStack Designate 'mDNS' Service, which allows remote attackers to exploit this vulnerabilit...

OpenStack Glance Denial of Service Vulnerability (CNVD-2015-05221)

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration in collaboration with Rackspace, Inc. OpenStack Image Registry and Delivery Service Glance is a project that stores, queries, and retrieves virtual machine images. A denial-of-service...

Fedora 22 : openstack-swift-2.2.0-5.fc22 (2015-12245)

This update fixes CVE-2015-1856, unauthorized deletion of versioned Swift object. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora Update for openstack-swift FEDORA-2015-12245

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 22 Update: openstack-swift-2.2.0-5.fc22

OpenStack Object Storage Swift aggregates commodity servers to work toget her in clusters for reliable, redundant, and large-scale storage of static obje cts. Objects are written to multiple hardware devices in the data center, with t he OpenStack software responsible for ensuring data replicatio...

USN-2705-1: Keystone vulnerabilities

Qin Zhao discovered Keystone disabled certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct machine-in-the-middle attacks via a crafted certificate. CVE-2014-7144 Brant Knudson...