VYPR

rpm package

suse/openstack-swift-doc&distro=SUSE OpenStack Cloud 5

pkg:rpm/suse/openstack-swift-doc&distro=SUSE%20OpenStack%20Cloud%205

Vulnerabilities (5)

  • CVE-2015-7548LowJan 12, 2016
    affected < 2.1.0-14.1fixed 2.1.0-14.1

    OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesti

  • CVE-2015-5223Oct 26, 2015
    affected < 2.1.0-11.1fixed 2.1.0-11.1

    OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.

  • CVE-2015-3646May 12, 2015
    affected < 2.1.0-14.1fixed 2.1.0-14.1

    OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.

  • CVE-2015-1856Apr 17, 2015
    affected < 2.1.0-11.1fixed 2.1.0-11.1

    OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.

  • CVE-2014-7960Oct 17, 2014
    affected < 2.1.0-11.1fixed 2.1.0-11.1

    OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.