Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack glance vulnerabilities and exploits
(subscribe to this query)
756
VMScore
CVE-2016-4383
The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.
Hp Helion Openstack Glance -
578
VMScore
CVE-2015-1195
The V2 API in OpenStack Image Registry and Delivery Service (Glance) prior to 2014.1.4 and 2014.2.x prior to 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerabil...
Openstack Image Registry And Delivery Service \\(glance\\)
490
VMScore
CVE-2015-5251
OpenStack Image Service (Glance) prior to 2014.2.4 (juno) and 2015.1.x prior to 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.
Openstack Image Registry And Delivery Service \\(glance\\)
Openstack Image Registry And Delivery Service \\(glance\\) 2015.1.1
Openstack Image Registry And Delivery Service \\(glance\\) 2015.1.0
490
VMScore
CVE-2012-5482
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.
Openstack Image Registry And Delivery Service \\(glance\\) -
Openstack Folsom 2012.2
Openstack Essex 2012.1
490
VMScore
CVE-2012-4573
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.
Openstack Folsom 2012.2
Openstack Essex 2012.1
Openstack Image Registry And Delivery Service \\(glance\\) -
445
VMScore
CVE-2017-7200
An SSRF issue exists in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an malicious user to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This ...
Openstack Glance
383
VMScore
CVE-2015-8234
The image signature algorithm in OpenStack Glance 11.0.0 allows remote malicious users to bypass the signature verification process via a crafted image, which triggers an MD5 collision.
Openstack Glance 11.0.0
356
VMScore
CVE-2015-3289
OpenStack Glance prior to 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleting them.
Openstack Glance
356
VMScore
CVE-2014-9684
OpenStack Image Registry and Delivery Service (Glance) 2014.2 up to and including 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then ...
Openstack Image Registry And Delivery Service \\(glance\\) 2014.2
Openstack Image Registry And Delivery Service \\(glance\\) 2014.2.1
Openstack Image Registry And Delivery Service \\(glance\\) 2014.2.2
356
VMScore
CVE-2015-1881
OpenStack Image Registry and Delivery Service (Glance) 2014.2 up to and including 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then ...
Openstack Image Registry And Delivery Service \\(glance\\) 2014.2
Openstack Image Registry And Delivery Service \\(glance\\) 2014.2.1
Openstack Image Registry And Delivery Service \\(glance\\) 2014.2.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »