Lucene search
K

734 matches found

CVE
CVE
added 5 days ago9 views

CVE-2026-57501

Summary: CVE-2026-57501 affects Zen, a Firefox-based browser. Before version 1.21.5b, the contextual actions “Open link in glance” and “Split link in new tab” could load a page-controlled link URL with the System principal rather than the originating page’s principal, allowing a malicious page to...

6AI score0.0029EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42748

Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link t...

6AI score0.0029EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 2:34 p.m.4 views

PYSEC-2026-1708 OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...

7.1CVSS6.7AI score0.00835EPSS
Exploits0References17
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-812 OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting images that are being uploaded using a token that expires during the process. NOTE: this...

6.8CVSS6AI score0.02376EPSS
Exploits0References11
PyPA
PyPA
added 2026/07/06 8:3 a.m.4 views

OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting images that are being uploaded using a token that expires during the process. NOTE: this...

6.8CVSS6AI score0.02376EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-871 OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption

The image parser in OpenStack Cinder prior to 7.0.2, and 8.0.0 and above, prior to 9.0.0; Glance prior to 14.00; and Nova prior to 12.0.4 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service memory and disk consumption via a crafted disk image. This iss...

7.5CVSS6AI score0.03062EPSS
Exploits1References17
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.8 views

CVE-2026-54911 vulnerabilities

Vulnerabilities for packages: openstack-horizon-2026.1-fips, openstack-glance-2025.2, openstack-horizon-2025.2-fips, openstack-glance-2025.2-fips, openstack-keystone-2025.1, openstack-horizon-2026.1, datahub-ingestion, openstack-placement-2025.2-fips, openstack-placement-2025.1-fips,...

6.5CVSS6.1AI score0.00272EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.13 views

GHSA-3J69-69WJ-XQX2 vulnerabilities

Vulnerabilities for packages: openstack-horizon-2026.1-fips, openstack-glance-2025.2, openstack-horizon-2025.2-fips, openstack-glance-2025.2-fips, openstack-keystone-2025.1, openstack-horizon-2026.1, datahub-ingestion, openstack-placement-2025.2-fips, openstack-placement-2025.1-fips,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.21 views

GHSA-6V7P-G79W-8964 vulnerabilities

Vulnerabilities for packages: openstack-horizon-2026.1-fips, openstack-glance-2025.2, mitmproxy, graalvm, openstack-horizon-2025.2-fips, awx, jupyter-all-spark-notebook, openstack-glance-2025.2-fips, openstack-keystone-2025.1, openstack-horizon-2026.1, dask-kubernetes-fips, py3-pipenv,...

6.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.8 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : OpenStack Glance vulnerabilities (USN-8199-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8199-1 advisory. Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker...

7.1CVSS6AI score0.00835EPSS
Exploits1References3
OSV
OSV
added 2026/04/22 6:4 p.m.7 views

USN-8199-1 glance vulnerabilities

Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker could possibly use this issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2024-32498 Hyeongeun Ji and Abhishek Keka...

7.1CVSS5.8AI score0.00835EPSS
Exploits1References3
Ubuntu
Ubuntu
added 2026/04/22 6:4 p.m.15 views

USN-8199-1: OpenStack Glance vulnerabilities

Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker could possibly use this issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2024-32498 Hyeongeun Ji and Abhishek Keka...

7.1CVSS5.9AI score0.00835EPSS
Exploits1
Snyk
Snyk
added 2026/03/31 7:50 a.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the use of HTTP redirects. An attacker can access internal services by leveraging HTTP redirects to bypass URL validation checks. This is only exploitable if the web-download, glance-download impo...

7.1CVSS5.9AI score0.00258EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/31 6:31 a.m.13 views

OpenStack Glance is affected by Server-Side Request Forgery (SSRF)

OpenStack Glance versions = 30.0.0 30.1.1, == 31.0.0 are affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only the glance image import functionality is affected. In particular, the...

7.1CVSS5.9AI score0.00258EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/31 6:31 a.m.8 views

GHSA-MC26-Q38V-83GV OpenStack Glance is affected by Server-Side Request Forgery (SSRF)

OpenStack Glance versions = 30.0.0 30.1.1, == 31.0.0 are affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only the glance image import functionality is affected. In particular, the...

5CVSS5.9AI score0.00258EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/31 6:31 a.m.3 views

EUVD-2026-17323

OpenStack Glance =30.0.0 30.1.1, ==31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and...

5CVSS5.9AI score0.00258EPSS
Exploits1References3
NVD
NVD
added 2026/03/31 6:16 a.m.6 views

CVE-2026-34881

OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, th...

7.1CVSS0.00258EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/03/31 6:16 a.m.16 views

CVE-2026-34881

OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, th...

5CVSS5.9AI score0.00258EPSS
Exploits1References5
OSV
OSV
added 2026/03/31 6:16 a.m.4 views

UBUNTU-CVE-2026-34881

OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, th...

7.1CVSS5.8AI score0.00258EPSS
Exploits1References6
CVE
CVE
added 2026/03/31 5:29 a.m.54 views

CVE-2026-34881

OpenStack Glance SSRF (CVE-2026-34881) affects Glance versions before 29.1.1, 30.x before 30.1.1, and 31.0.0. The vulnerability allows an authenticated user to bypass URL validation via HTTP redirects, enabling access to internal services through the web-download and glance-download image import ...

7.1CVSS5.9AI score0.00258EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder