CVE-2015-1851

OpenStack Cinder contains a vulnerability (CVE-2015-1851) where remote authenticated users could read arbitrary files via a crafted qcow2 header in the upload-to-image command. Affected series include OpenStack Cinder releases up to 2014.1.5 (icehouse), 2014.2.x up to 2014.2.4 (juno), and 2015.1....

CVE-2014-0167

The CVE-2014-0167 entry documents a privilege-escalation flaw in OpenStack Nova (EC2 API security group) where the Nova compute API did not enforce RBAC policies for add_rules, remove_rules, destroy, and other methods when non-default policies were in use. Affected releases include OpenStack Comp...

CVE-2014-0162

CVE-2014-0162 affects the Sheepdog backend used by OpenStack Image Registry and Delivery Service (Glance). The vulnerability allows remote authenticated users who can insert or modify an image to run arbitrary commands via a crafted image location. Affected releases are Glance 2013.2 prior to 201...

CVE-2013-7130

CVE-2013-7130 affects the OpenStack OpenStack Compute (Nova) libvirt driver when performing KVM live block migration. The i_create_images_and_backing path does not create all expected files, which could let an authenticated attacker obtain the snapshot root disk contents of other users via epheme...