2 matches found
CVE-2014-3641
The CVE-2014-3641 issue affects OpenStack Cinder’s GlusterFS and Linux SMBFS drivers prior to 2014.1.3, enabling remote authenticated users to disclose file data from the Cinder-volume host by cloning and attaching a volume with a malicious qcow2 header. Public references note the remediation: up...
CVE-2013-4202
OpenStack Cinder (Grizzly, 2013.1.3 and earlier) backs up (api/contrib/backups.py) and volume_transfer (contrib/volume_transfer.py) APIs are vulnerable to XML Entity Expansion (XEE) leading to remote DoS (resource consumption and crash). Root cause is an incomplete fix for CVE-2013-1664 in the XM...