7744 matches found
OpenStack Glance Denial of Service Vulnerability (CNVD-2015-01203)
Glance provides restful APIs to query the metadata of a virtual machine image, and can obtain the image. A denial of service vulnerability exists in OpenStack Glance, as the OpenStack Glance import task fails to update the image, allowing an attacker to exploit the vulnerability to crash the...
OpenStack Glance Denial of Service Vulnerability
Glance provides restful APIs to query the metadata of a virtual machine image, and can obtain the image. A denial of service vulnerability exists in OpenStack Glance's handling of image file uploads, which could be exploited by an attacker to crash an application...
openstack-glance: unrestricted path traversal flaw
It was discovered that an authenticated user could use a path traversal flaw in glance to download or delete any file on the glance server that is accessible to the glance process user. Note that only setups using the OpenStack Image V2 API were affected by this flaw...
Important: Red Hat Security Advisory: openstack-glance security update
Updated openstack-glance packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0 and Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security...
OpenStack Glance Denial of Service Vulnerability
OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration and Rackspace, Inc. Glance is a project that stores, queries and retrieves virtual machine images. A security vulnerability exists in OpenStack Glance versions 2014.2.x through 2014.2.1...
CVE-2014-9623
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting an image in the saving state...
DEBIAN-CVE-2014-9623
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting an image in the saving state...
CVE-2014-9623
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting an image in the saving state...
Design/Logic Flaw
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting an image in the saving state...
CVE-2014-9623
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting an image in the saving state...
CVE-2014-9623
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting an image in the saving state...
CVE-2014-9623
OpenStack Glance (Image Service) CVE-2014-9623 affects 2014.2.x through 2014.2.1, 2014.1.3 and earlier, allowing remote authenticated users to bypass storage quota and cause disk DoS by deleting an image in the saving state. Root cause is an incomplete fix that permitted quota bypass during uploa...
CVE-2014-9623
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting an image in the saving state...
OpenStack Image Registry Delivery Service Arbitrary File Manipulation Vulnerability
The OpenStack Image Registry Delivery Service is an OpenStack project that stores, queries, and retrieves virtual machine images. An arbitrary file manipulation vulnerability exists in OpenStack Image Registry Delivery Service versions prior to 2014.1.4, and 2014.2.x versions prior to 2014.2.2,...
CVE-2015-1195
The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...
CVE-2015-1195
The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...
DEBIAN-CVE-2015-1195
The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...
CVE-2015-1195
The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...
Design/Logic Flaw
The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...
CVE-2015-1195
The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...