734 matches found
CVE-2026-57501
Summary: CVE-2026-57501 affects Zen, a Firefox-based browser. Before version 1.21.5b, the contextual actions “Open link in glance” and “Split link in new tab” could load a page-controlled link URL with the System principal rather than the originating page’s principal, allowing a malicious page to...
EUVD-2026-42748
Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link t...
PYSEC-2026-1708 OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...
PYSEC-2026-812 OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service
OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting images that are being uploaded using a token that expires during the process. NOTE: this...
OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service
OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting images that are being uploaded using a token that expires during the process. NOTE: this...
PYSEC-2026-871 OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption
The image parser in OpenStack Cinder prior to 7.0.2, and 8.0.0 and above, prior to 9.0.0; Glance prior to 14.00; and Nova prior to 12.0.4 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service memory and disk consumption via a crafted disk image. This iss...
CVE-2026-54911 vulnerabilities
Vulnerabilities for packages: openstack-horizon-2026.1-fips, openstack-glance-2025.2, openstack-horizon-2025.2-fips, openstack-glance-2025.2-fips, openstack-keystone-2025.1, openstack-horizon-2026.1, datahub-ingestion, openstack-placement-2025.2-fips, openstack-placement-2025.1-fips,...
GHSA-3J69-69WJ-XQX2 vulnerabilities
Vulnerabilities for packages: openstack-horizon-2026.1-fips, openstack-glance-2025.2, openstack-horizon-2025.2-fips, openstack-glance-2025.2-fips, openstack-keystone-2025.1, openstack-horizon-2026.1, datahub-ingestion, openstack-placement-2025.2-fips, openstack-placement-2025.1-fips,...
GHSA-6V7P-G79W-8964 vulnerabilities
Vulnerabilities for packages: openstack-horizon-2026.1-fips, openstack-glance-2025.2, mitmproxy, graalvm, openstack-horizon-2025.2-fips, awx, jupyter-all-spark-notebook, openstack-glance-2025.2-fips, openstack-keystone-2025.1, openstack-horizon-2026.1, dask-kubernetes-fips, py3-pipenv,...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : OpenStack Glance vulnerabilities (USN-8199-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8199-1 advisory. Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker...
USN-8199-1 glance vulnerabilities
Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker could possibly use this issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2024-32498 Hyeongeun Ji and Abhishek Keka...
USN-8199-1: OpenStack Glance vulnerabilities
Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker could possibly use this issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2024-32498 Hyeongeun Ji and Abhishek Keka...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the use of HTTP redirects. An attacker can access internal services by leveraging HTTP redirects to bypass URL validation checks. This is only exploitable if the web-download, glance-download impo...
OpenStack Glance is affected by Server-Side Request Forgery (SSRF)
OpenStack Glance versions = 30.0.0 30.1.1, == 31.0.0 are affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only the glance image import functionality is affected. In particular, the...
GHSA-MC26-Q38V-83GV OpenStack Glance is affected by Server-Side Request Forgery (SSRF)
OpenStack Glance versions = 30.0.0 30.1.1, == 31.0.0 are affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only the glance image import functionality is affected. In particular, the...
EUVD-2026-17323
OpenStack Glance =30.0.0 30.1.1, ==31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and...
CVE-2026-34881
OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, th...
CVE-2026-34881
OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, th...
UBUNTU-CVE-2026-34881
OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, th...
CVE-2026-34881
OpenStack Glance SSRF (CVE-2026-34881) affects Glance versions before 29.1.1, 30.x before 30.1.1, and 31.0.0. The vulnerability allows an authenticated user to bypass URL validation via HTTP redirects, enabling access to internal services through the web-download and glance-download image import ...