Lucene search
K

735 matches found

Cvelist
Cvelist
added 2013/10/27 12:0 a.m.48 views

CVE-2013-4428

OpenStack Image Registry and Delivery Service Glance Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the downloadimage policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image...

6AI score0.03082EPSS
Exploits1References9
CVE
CVE
added 2013/10/27 12:0 a.m.76 views

CVE-2013-4428

CVE-2013-4428 affects the OpenStack Image Registry and Delivery Service (Glance) in the Folsom/Grizzly line before 2013.1.4 and Havana before 2013.2. The issue is a flaw in the download_image policy enforcement for cached system images: after an image is cached by an authorized download, any auth...

3.5CVSS6.1AI score0.03082EPSS
Exploits1References9Affected Software1
Debian CVE
Debian CVE
added 2013/10/27 12:0 a.m.61 views

CVE-2013-4428

OpenStack Image Registry and Delivery Service Glance Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the downloadimage policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image...

3.5CVSS6.1AI score0.03082EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2013/10/24 12:0 a.m.35 views

Ubuntu 12.10 / 13.04 : glance vulnerability (USN-2003-1)

Stuart McLaren discovered that Glance did not properly enforce the 'downloadimage' policy for cached images. An authenticated user could exploit this to obtain sensitive information in an image protected by this setting. Note that Tenable Network Security has extracted the preceding description...

3.5CVSS5.4AI score0.03082EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2013/10/23 8:23 p.m.63 views

USN-2004-1: python-glanceclient vulnerability

Thomas Leaman discovered that the Python client library for Glance did not properly verify SSL certificates. A remote attacker could exploit this to perform a machine-in-the-middle attack...

5.8CVSS5.3AI score0.00986EPSS
Exploits0
Ubuntu
Ubuntu
added 2013/10/23 8:19 p.m.48 views

USN-2003-1: Glance vulnerability

Stuart McLaren discovered that Glance did not properly enforce the 'downloadimage' policy for cached images. An authenticated user could exploit this to obtain sensitive information in an image protected by this setting...

3.5CVSS5.3AI score0.03082EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2013/10/16 12:0 a.m.23 views

CVE-2013-4428

OpenStack Image Registry and Delivery Service Glance Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the downloadimage policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image...

3.5CVSS5.9AI score0.03082EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2013/09/03 8:16 p.m.5 views

OpenStack: python-glanceclient failing SSL certificate check

The Python client library for Glance python-glanceclient before 0.10.0 does not properly check the preverifyok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate and allows...

5.8CVSS5.9AI score0.00986EPSS
Exploits0References4
OSV
OSV
added 2013/08/28 9:55 p.m.6 views

CVE-2013-4111

The Python client library for Glance python-glanceclient before 0.10.0 does not properly check the preverifyok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate and allows...

6.3AI score
Exploits0References7
OSV
OSV
added 2013/08/28 9:55 p.m.1 views

DEBIAN-CVE-2013-4111

The Python client library for Glance python-glanceclient before 0.10.0 does not properly check the preverifyok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate and allows...

5.8CVSS6.5AI score0.00986EPSS
Exploits0References1
NVD
NVD
added 2013/08/28 9:55 p.m.21 views

CVE-2013-4111

The Python client library for Glance python-glanceclient before 0.10.0 does not properly check the preverifyok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate and allows...

5.8CVSS6.3AI score0.00986EPSS
Exploits0References7
PyPA
PyPA
added 2013/08/28 9:55 p.m.6 views

PYSEC-2013-11

The Python client library for Glance python-glanceclient before 0.10.0 does not properly check the preverifyok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate and allows...

5.8CVSS6.9AI score0.00986EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2013/08/28 9:55 p.m.18 views

Code injection

The Python client library for Glance python-glanceclient before 0.10.0 does not properly check the preverifyok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate and allows...

5.8CVSS6.9AI score0.00986EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2013/08/28 9:55 p.m.25 views

PYSEC-2013-11

The Python client library for Glance python-glanceclient before 0.10.0 does not properly check the preverifyok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate and allows...

5.8CVSS5.4AI score0.00986EPSS
Exploits0References8
Cvelist
Cvelist
added 2013/08/28 5:0 p.m.34 views

CVE-2013-4111

The Python client library for Glance python-glanceclient before 0.10.0 does not properly check the preverifyok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate and allows...

6.2AI score0.00986EPSS
Exploits0References7
CVE
CVE
added 2013/08/28 5:0 p.m.86 views

CVE-2013-4111

The CVE concerns the Python client library for Glance, python-glanceclient, where versions before 0.10.0 fail to properly validate the server certificate (preverify_ok), allowing MITM spoofing via an arbitrary valid X.509 certificate. Impact: potential SSL-based credential/server spoofing. The is...

5.8CVSS6.3AI score0.00986EPSS
Exploits0References7Affected Software2
Debian CVE
Debian CVE
added 2013/08/28 5:0 p.m.63 views

CVE-2013-4111

The Python client library for Glance python-glanceclient before 0.10.0 does not properly check the preverifyok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate and allows...

5.8CVSS6.2AI score0.00986EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2013/08/28 12:0 a.m.31 views

CVE-2013-4111

The Python client library for Glance python-glanceclient before 0.10.0 does not properly check the preverifyok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate and allows...

5.8CVSS6AI score0.00986EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2013/08/20 12:0 a.m.8 views

Fedora Update for heat-jeos FEDORA-2013-9715

Check for the Version of heat-jeos OpenVAS Vulnerability Test Fedora Update for heat-jeos FEDORA-2013-9715 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

7.4AI score
Exploits0References2
Fedora
Fedora
added 2013/08/06 12:19 a.m.10 views

[SECURITY] Fedora 19 Update: heat-jeos-9-1.fc19

This is a project for creating Just Enough Operating System images for heat. This project supports the following features: - Creates TDL files for use with oz - Creates compressed qcow2 files for use with libvirt/glance - Registers image files with glance...

2AI score
Exploits0
Rows per page
Query Builder