VYPR

Image Registry And Delivery Service \(glance\)

by OpenStack

Source repositories

CVEs (15)

  • CVE-2016-0757MedApr 13, 2016
    risk 0.28cvss 4.3epss 0.01

    OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.

  • CVE-2015-5286Oct 26, 2015
    risk 0.00cvss epss 0.02

    OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during…

  • CVE-2015-5251Oct 26, 2015
    risk 0.00cvss epss 0.02

    OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.

  • CVE-2015-1881Feb 24, 2015
    risk 0.00cvss epss 0.02

    OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting…

  • CVE-2014-9684Feb 24, 2015
    risk 0.00cvss epss 0.02

    OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting…

  • CVE-2014-9623Jan 23, 2015
    risk 0.00cvss epss 0.03

    OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.

  • CVE-2015-1195Jan 21, 2015
    risk 0.00cvss epss 0.03

    The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this…

  • CVE-2014-9493Jan 7, 2015
    risk 0.00cvss epss 0.03

    The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.

  • CVE-2014-5356Aug 25, 2014
    risk 0.00cvss epss 0.02

    OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service…

  • CVE-2014-0162Apr 27, 2014
    risk 0.00cvss epss 0.02

    The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.

  • CVE-2014-1948Feb 14, 2014
    risk 0.00cvss epss 0.00

    OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive…

  • CVE-2013-4354Nov 23, 2013
    risk 0.00cvss epss 0.00

    The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.

  • CVE-2013-0212Feb 24, 2013
    risk 0.00cvss epss 0.03

    store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to…

  • CVE-2012-5482Nov 11, 2012
    risk 0.00cvss epss 0.03

    The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.

  • CVE-2012-4573Nov 11, 2012
    risk 0.00cvss epss 0.03

    The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.