Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

111 matches found

RedHat Linux
RedHat Linuxadded 2019/04/30 5:0 p.m.3 views

openstack-cinder: Data retained after deletion of a ScaleIO volume

An information-leak flaw was found in openstack-cinder deployments using the third-party EMC ScaleIO backend. It was possible for new volumes to contain previous data if they were created from storage pools which had disabled zero-padding. An attacker could exploit this flaw to obtain sensitive...

7.5CVSS5.7AI score0.01244EPSS
Exploits0References5
Veracode
Veracodeadded 2019/01/15 9:27 a.m.19 views

Information Disclosure

openstack-cinder is vulnerable to information disclosure. As data is retained after deletion of a ScaleIO volume, newly created volumes in certain storage volume configurations contains data from the previous volume. This leads to confidential information leakage between tenants...

7.5CVSS7AI score0.01244EPSS
Exploits0References14Affected Software1
RedHat Linux
RedHat Linuxadded 2018/11/13 10:14 p.m.3 views

openstack-cinder: Data retained after deletion of a ScaleIO volume

An information-leak flaw was found in openstack-cinder deployments using the third-party EMC ScaleIO backend. It was possible for new volumes to contain previous data if they were created from storage pools which had disabled zero-padding. An attacker could exploit this flaw to obtain sensitive...

7.5CVSS5.7AI score0.01244EPSS
Exploits0References5
NVD
NVDadded 2018/08/27 5:29 p.m.46 views

CVE-2017-15139

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive...

7.5CVSS6AI score0.01244EPSS
Exploits0References4
UbuntuCve
UbuntuCveadded 2018/08/27 5:29 p.m.22 views

CVE-2017-15139

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive...

7.5CVSS6.3AI score0.01244EPSS
Exploits0References2
OSV
OSVadded 2018/08/27 5:29 p.m.3 views

UBUNTU-CVE-2017-15139

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive...

7.5CVSS6.2AI score0.01244EPSS
Exploits0References3
OSV
OSVadded 2018/08/27 5:29 p.m.25 views

CVE-2017-15139

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive...

7.5CVSS7.3AI score0.01244EPSS
Exploits0References4
OSV
OSVadded 2018/08/27 5:29 p.m.2 views

DEBIAN-CVE-2017-15139

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive...

7.5CVSS5.2AI score0.01244EPSS
Exploits0References1
Prion
Prionadded 2018/08/27 5:29 p.m.17 views

Design/Logic Flaw

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive...

5CVSS7.3AI score0.01244EPSS
Exploits0References4Affected Software2
CVE
CVEadded 2018/08/27 5:0 p.m.84 views

CVE-2017-15139

CVE-2017-15139 affects OpenStack Cinder up to Queens, specifically ScaleIO volumes using thin volumes with zero padding. The vulnerability can lead to leakage of sensitive data between tenants when new volumes are created in certain configurations. Public documentation in connected items confirms...

7.5CVSS7.2AI score0.01244EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVEadded 2018/08/27 5:0 p.m.24 views

CVE-2017-15139

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive...

7.5CVSS5.3AI score0.01244EPSS
Exploits0
Cvelist
Cvelistadded 2018/08/27 5:0 p.m.51 views

CVE-2017-15139

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive...

5.1CVSS7.3AI score0.01244EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2018/08/27 12:0 a.m.4 views

PT-2018-5782 · Openstack · Openstack Cinder

Name of the Vulnerable Software and Affected Versions: openstack-cinder versions up to and including Queens Description: A vulnerability was found in openstack-cinder, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO...

7.5CVSS5.1AI score0.01244EPSS
Exploits0References19
RedhatCVE
RedhatCVEadded 2018/08/21 9:18 a.m.27 views

CVE-2017-15139

An information-leak flaw was found in openstack-cinder deployments using the third-party EMC ScaleIO backend. It was possible for new volumes to contain previous data if they were created from storage pools which had disabled zero-padding. An attacker could exploit this flaw to obtain sensitive...

7.5CVSS0.3AI score0.01244EPSS
Exploits0References2
0day.today
0day.todayadded 2018/03/29 12:0 a.m.61 views

Dell EMC ScaleIO Buffer Overflow / Command Injection Vulnerability

Dell EMC ScaleIO customers are encouraged to update to ScaleIO version 2.5, which contains fixes for multiple security vulnerabilities in earlier ScaleIO software versions that could potentially be exploited by malicious users to compromise the affected system. Dell EMC Identifier: DSA-2018-058 C...

7.9AI score0.01585EPSS
Exploits1
CNVD
CNVDadded 2018/03/28 12:0 a.m.1 views

Dell EMC ScaleIO Command Injection Vulnerability

Dell EMC ScaleIO is a software-defined solution for converting DAS storage to shared data block storage from Dell, U.S.A. Light Installation Agent LIA is one of the installation agent programs. A command injection vulnerability exists in LIA in Dell EMC ScaleIO versions prior to 2.5. An attacker...

8.5CVSS8.1AI score0.01517EPSS
Exploits1References1
CNVD
CNVDadded 2018/03/28 12:0 a.m.2 views

Dell EMC ScaleIO certification attempts to limit improper vulnerabilities

Dell EMC ScaleIO is a software-defined solution for converting DAS storage to shared data block storage from Dell, U.S.A. Light Installation Agent LIA is one of the installation agent programs. A security vulnerability exists in LIA in Dell EMC ScaleIO versions prior to 2.5, which stems from the...

9.8CVSS7AI score0.01585EPSS
Exploits1References1
CNVD
CNVDadded 2018/03/28 12:0 a.m.2 views

Dell EMC ScaleIO Denial of Service Vulnerability

Dell EMC ScaleIO is a software-defined solution for converting DAS storage into shared data block storage from Dell, Inc. A security vulnerability exists in Dell EMC ScaleIO versions prior to 2.5, which stems from the program failing to properly handle packet data. A remote attacker could exploit...

7.5CVSS6.7AI score0.0146EPSS
Exploits1References1
Prion
Prionadded 2018/03/27 9:29 p.m.16 views

Command injection

Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent LIA. This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge...

8.5CVSS7.9AI score0.01517EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2018/03/27 9:29 p.m.3 views

CVE-2018-1238

Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent LIA. This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge...

7.5CVSS5.9AI score0.01517EPSS
Exploits1References1
Rows per page
Query Builder