Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
OpenstackImage Registry And Delivery Service (glance)

15 matches found

CVE
CVEadded 2015/10/26 5:59 p.m.69 views

CVE-2015-5251

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.

5.5CVSS4.3AI score0.00171EPSS
CVE
CVEadded 2013/02/24 9:55 p.m.65 views

CVE-2013-0212

store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive info...

4CVSS5.8AI score0.01144EPSS
CVE
CVEadded 2016/04/13 5:59 p.m.63 views

CVE-2016-0757

OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.

4.3CVSS4.1AI score0.00241EPSS
CVE
CVEadded 2015/01/23 3:59 p.m.62 views

CVE-2014-9623

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.

4CVSS6.1AI score0.01006EPSS
CVE
CVEadded 2014/04/27 8:55 p.m.60 views

CVE-2014-0162

The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.

6CVSS6.9AI score0.00557EPSS
CVE
CVEadded 2015/10/26 5:59 p.m.57 views

CVE-2015-5286

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: ...

6.8CVSS4.4AI score0.01006EPSS
CVE
CVEadded 2014/08/25 2:55 p.m.55 views

CVE-2014-5356

OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) b...

4CVSS6.1AI score0.00759EPSS
CVE
CVEadded 2015/01/07 7:59 p.m.55 views

CVE-2014-9493

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.

5.5CVSS6.2AI score0.00979EPSS
CVE
CVEadded 2012/11/11 1:0 p.m.52 views

CVE-2012-4573

The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.

5.5CVSS6.2AI score0.01403EPSS
CVE
CVEadded 2015/02/24 3:59 p.m.50 views

CVE-2014-9684

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the upload...

4CVSS6.1AI score0.00498EPSS
CVE
CVEadded 2014/02/14 3:55 p.m.49 views

CVE-2014-1948

OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading th...

2.6CVSS6AI score0.00062EPSS
CVE
CVEadded 2015/01/21 6:59 p.m.49 views

CVE-2015-1195

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...

6.5CVSS6.3AI score0.01447EPSS
CVE
CVEadded 2012/11/11 1:0 p.m.45 views

CVE-2012-5482

The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.

5.5CVSS6.4AI score0.01403EPSS
CVE
CVEadded 2013/11/23 5:55 p.m.34 views

CVE-2013-4354

The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.

2.1CVSS6.6AI score0.0006EPSS
CVE
CVEadded 2015/02/24 3:59 p.m.32 views

CVE-2015-1881

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vuln...

4CVSS6.1AI score0.00498EPSS