Search Results (Refine Search)
- CPE Product Version: cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:2014.1.2
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-5286 |
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623. Published: October 26, 2015; 1:59:07 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5251 |
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*. Published: October 26, 2015; 1:59:06 PM -0400 |
V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2014-9623 |
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state. Published: January 23, 2015; 10:59:06 AM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-1195 |
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493. Published: January 21, 2015; 1:59:56 PM -0500 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2014-9493 |
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property. Published: January 07, 2015; 2:59:02 PM -0500 |
V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2014-5356 |
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image. Published: August 25, 2014; 10:55:07 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |