Search CVE reports


Toggle filters

21 – 30 of 30 results


CVE-2014-5356

Medium priority
Fixed

OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote...

1 affected package

glance

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glance
Show less packages

CVE-2014-0162

Medium priority
Fixed

The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute...

1 affected package

glance

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glance
Show less packages

CVE-2014-1948

Medium priority
Not affected

OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled,...

1 affected package

glance

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glance
Show less packages

CVE-2013-4354

Medium priority
Ignored

The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.

1 affected package

glance

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glance
Show less packages

CVE-2013-4428

Medium priority
Fixed

OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows...

1 affected package

glance

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glance
Show less packages

CVE-2013-4111

Medium priority
Fixed

The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN)...

1 affected package

python-glanceclient

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-glanceclient
Show less packages

CVE-2013-1840

Medium priority
Fixed

The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend...

1 affected package

glance

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glance
Show less packages

CVE-2013-0212

Medium priority
Fixed

store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or...

1 affected package

glance

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glance
Show less packages

CVE-2012-5482

Medium priority
Fixed

The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an...

1 affected package

glance

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glance
Show less packages

CVE-2012-4573

Medium priority

Some fixes available 2 of 3

The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.

1 affected package

glance

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glance
Show less packages