Product:

Image_registry_and_delivery_service_\(Glance\)

(Openstack)
Repositories https://github.com/openstack/glance
#Vulnerabilities 15
Date Id Summary Products Score Patch Annotated
2015-02-24 CVE-2015-1881 OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684. Image_registry_and_delivery_service_\(Glance\) N/A
2015-01-21 CVE-2015-1195 The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493. Image_registry_and_delivery_service_\(Glance\) N/A
2015-02-24 CVE-2014-9684 OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881. Image_registry_and_delivery_service_\(Glance\) N/A
2015-01-23 CVE-2014-9623 OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state. Image_registry_and_delivery_service_\(Glance\), Openstack N/A
2015-01-07 CVE-2014-9493 The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property. Image_registry_and_delivery_service_\(Glance\), Openstack N/A
2014-08-25 CVE-2014-5356 OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image. Ubuntu_linux, Image_registry_and_delivery_service_\(Glance\) N/A
2014-02-14 CVE-2014-1948 OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log. Image_registry_and_delivery_service_\(Glance\) N/A
2013-11-23 CVE-2013-4354 The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image. Image_registry_and_delivery_service_\(Glance\) N/A
2012-11-11 CVE-2012-5482 The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573. Essex, Folsom, Image_registry_and_delivery_service_\(Glance\) N/A
2012-11-11 CVE-2012-4573 The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482. Essex, Folsom, Image_registry_and_delivery_service_\(Glance\) N/A