Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack glance vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2015-5251
OpenStack Image Service (Glance) prior to 2014.2.4 (juno) and 2015.1.x prior to 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.
Openstack Image Registry And Delivery Service \\(glance\\)
Openstack Image Registry And Delivery Service \\(glance\\) 2015.1.1
Openstack Image Registry And Delivery Service \\(glance\\) 2015.1.0
4
CVSSv2
CVE-2014-9684
OpenStack Image Registry and Delivery Service (Glance) 2014.2 up to and including 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then ...
Openstack Image Registry And Delivery Service \\(glance\\) 2014.2
Openstack Image Registry And Delivery Service \\(glance\\) 2014.2.1
Openstack Image Registry And Delivery Service \\(glance\\) 2014.2.2
4
CVSSv2
CVE-2015-1881
OpenStack Image Registry and Delivery Service (Glance) 2014.2 up to and including 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then ...
Openstack Image Registry And Delivery Service \\(glance\\) 2014.2
Openstack Image Registry And Delivery Service \\(glance\\) 2014.2.1
Openstack Image Registry And Delivery Service \\(glance\\) 2014.2.2
5
CVSSv2
CVE-2017-7200
An SSRF issue exists in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an malicious user to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This ...
Openstack Glance
4
CVSSv2
CVE-2015-3289
OpenStack Glance prior to 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleting them.
Openstack Glance
3.5
CVSSv2
CVE-2013-1840
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
Openstack Glance V1
NA
CVE-2024-1141
A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.
Openstack Glance-store
4.3
CVSSv2
CVE-2015-8234
The image signature algorithm in OpenStack Glance 11.0.0 allows remote malicious users to bypass the signature verification process via a crafted image, which triggers an MD5 collision.
Openstack Glance 11.0.0
4
CVSSv2
CVE-2013-0212
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) prior to 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated user...
Openstack Image Registry And Delivery Service \\(glance\\) 2012.2.2
Openstack Image Registry And Delivery Service \\(glance\\) 2012.2.1
Openstack Image Registry And Delivery Service \\(glance\\) 2012.1
Openstack Image Registry And Delivery Service \\(glance\\) 2012.2
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
1 Github repository
8.5
CVSSv2
CVE-2016-4383
The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.
Hp Helion Openstack Glance -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »