Search Results (Refine Search)
- CPE Product Version: cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:-
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-5286 |
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623. Published: October 26, 2015; 1:59:07 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5251 |
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*. Published: October 26, 2015; 1:59:06 PM -0400 |
V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2014-9623 |
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state. Published: January 23, 2015; 10:59:06 AM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-5356 |
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image. Published: August 25, 2014; 10:55:07 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-4354 |
The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image. Published: November 23, 2013; 12:55:03 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2012-5482 |
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573. Published: November 11, 2012; 8:00:59 AM -0500 |
V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2012-4573 |
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482. Published: November 11, 2012; 8:00:58 AM -0500 |
V3.x:(not available) V2.0: 5.5 MEDIUM |