EUVD-2013-1565

Malware in sbrugna...

CVE-2025-58179 Astro Cloudflare adapter is vulnerable to Server-Side Request Forgery via /_image endpoint

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...

CVE-2025-58179 Astro Cloudflare adapter is vulnerable to Server-Side Request Forgery via /_image endpoint

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...

Critical: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.6 security update

An update for openstack-cinder, openstack-glance, and openstack-nova is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

USN-6073-7: Glance_store regression

USN-6073-2 fixed a vulnerability in Glancestore. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. We apologize for the inconvenience. Original advisory details: Jan Wasilewski and Gorka Eguileor discovered th...

@aaa-backend-stack/file-storage-local (>=1.16.0 <=2.4.4), @aaa-backend-stack/file-storage-s3 (>=1.16.0 <=2.4.4) +591 more potentially affected by unknown CVE via zxcvbn (>=2.0.1 <=4.4.2)

zxcvbn NPM version =2.0.1, =1.16.0, =1.16.0, =1.16.1, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.1, =1.0.0, =0.0.9, =1.7.7, =2.0.6, =0.0.5, =1.1.10, =1.16.136 and more Source cves: unknown CVE Source advisory: SNYK:JS-ZXCVBN-3257741...

GHSA-Q748-MCWG-XMQV OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/...

OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/...

GHSA-Q73F-VJC2-3GQF OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file

The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...

OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file

The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...

OpenStack Image Service (Glance) vulnerable to Improper Access Control

OpenStack Image Service Glance before 2015.1.3 kilo and 11.0.x before 11.0.2 liberty, when showmultiplelocations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image...

@aaa-backend-stack/image-service (>=1.16.0 <=1.16.9), @aaa-backend-stack/storage (>=1.16.0 <=2.4.4) +217 more potentially affected by CVE-2022-25852 via libpq (>=1.0.0 <=1.4.1)

libpq NPM version =1.0.0, =1.16.0, =1.16.0, =3.5.0, =7.5.0, =6.3.0, =1.1.1, =1.3.4, =0.0.1-alpha.3, =1.0.0, =0.0.1, =1.0.0, =1.8.0 and more Source cves: CVE-2022-25852 Source advisory: SNYK:JS-LIBPQ-2392366...

CVE-2021-29095 ArcGIS Server image service and raster analytics security update: uninitialized pointer

Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 and earlier allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account...

CVE-2021-29093 ArcGIS Server image service and raster analytics security update: use-after-free

A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 and earlier allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account...

Probably?

Remy Sharp asked a question on Twitter that got me thinking about probability for the first time in a while. The problem Get your copybooks out now! Remy is using an image service that has an API which returns a URL for one of its images, picked at random. Remy makes five requests to the service,...

Denial Of Service

OpenStack Image service glance provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more...

Denial Of Service (DoS)

OpenStack Image Service glance provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more...

UBUNTU-CVE-2016-8611

A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 /images API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation...

CVE-2016-8611

A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 /images API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation...

Security Bulletin: Nova live snapshots use an insecure local directory (CVE-2013-7048)

Summary The directories that are used to temporarily store live snapshots on Nova compute nodes are writable to all local users. A local attacker with shell access on the compute nodes might, therefore, read and modify the contents of live snapshots before those files are uploaded to the image...