Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack glance vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-1141
A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.
Openstack Glance-store
NA
CVE-2022-4134
A flaw was found in openstack-glance. This issue could allow a remote, authenticated malicious user to tamper with images, compromising the integrity of virtual machines created using these modified images.
Openstack Glance
Redhat Openstack 13
Redhat Openstack 16.1
Redhat Openstack 16.2
Redhat Openstack 17
NA
CVE-2022-47951
An issue exists in OpenStack Cinder prior to 19.1.2, 20.x prior to 20.0.2, and 21.0.0; Glance prior to 23.0.1, 24.x prior to 24.1.1, and 25.0.0; and Nova prior to 24.1.2, 25.x prior to 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific...
Openstack Nova
Openstack Glance
Openstack Cinder
Debian Debian Linux 10.0
Debian Debian Linux 11.0
8.5
CVSSv2
CVE-2016-4383
The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.
Hp Helion Openstack Glance -
4.3
CVSSv2
CVE-2015-8234
The image signature algorithm in OpenStack Glance 11.0.0 allows remote malicious users to bypass the signature verification process via a crafted image, which triggers an MD5 collision.
Openstack Glance 11.0.0
5
CVSSv2
CVE-2017-7200
An SSRF issue exists in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an malicious user to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This ...
Openstack Glance
5.5
CVSSv2
CVE-2015-5251
OpenStack Image Service (Glance) prior to 2014.2.4 (juno) and 2015.1.x prior to 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.
Openstack Image Registry And Delivery Service \\(glance\\)
Openstack Image Registry And Delivery Service \\(glance\\) 2015.1.1
Openstack Image Registry And Delivery Service \\(glance\\) 2015.1.0
4
CVSSv2
CVE-2015-3289
OpenStack Glance prior to 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleting them.
Openstack Glance
4
CVSSv2
CVE-2014-9684
OpenStack Image Registry and Delivery Service (Glance) 2014.2 up to and including 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then ...
Openstack Image Registry And Delivery Service \\(glance\\) 2014.2
Openstack Image Registry And Delivery Service \\(glance\\) 2014.2.1
Openstack Image Registry And Delivery Service \\(glance\\) 2014.2.2
4
CVSSv2
CVE-2015-1881
OpenStack Image Registry and Delivery Service (Glance) 2014.2 up to and including 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then ...
Openstack Image Registry And Delivery Service \\(glance\\) 2014.2
Openstack Image Registry And Delivery Service \\(glance\\) 2014.2.1
Openstack Image Registry And Delivery Service \\(glance\\) 2014.2.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »