Skip to main content

Image Registry And Delivery Service Glance

15 CVEs product

Monthly

CVE-2016-0757 PyPI MEDIUM PATCH This Month

OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Image Registry And Delivery Service Glance
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2015-5286 PyPI MEDIUM PATCH This Month

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Privilege Escalation Image Registry And Delivery Service Glance
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2015-5251 PyPI MEDIUM PATCH This Month

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Image Registry And Delivery Service Glance
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2015-1881 PyPI MEDIUM POC PATCH This Month

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Image Registry And Delivery Service Glance
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2014-9684 PyPI MEDIUM POC PATCH This Month

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Image Registry And Delivery Service Glance
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2014-9623 PyPI MEDIUM POC PATCH This Month

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Openstack Image Registry And Delivery Service Glance
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-1195 PyPI MEDIUM PATCH This Month

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Image Registry And Delivery Service Glance
NVD
CVSS 2.0
6.5
EPSS
1.1%
CVE-2014-9493 MEDIUM PATCH This Month

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file:. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Openstack Image Registry And Delivery Service Glance
NVD
CVSS 2.0
5.5
EPSS
0.8%
CVE-2014-5356 PyPI MEDIUM PATCH This Month

OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Privilege Escalation Image Registry And Delivery Service Glance Ubuntu Linux
NVD
CVSS 2.0
4.0
EPSS
0.8%
CVE-2014-0162 PyPI MEDIUM PATCH This Month

The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Information Disclosure Icehouse Image Registry And Delivery Service Glance
NVD VulDB
CVSS 2.0
6.0
EPSS
0.6%
CVE-2014-1948 PyPI LOW PATCH Monitor

OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and. Rated low severity (CVSS 2.6).

Authentication Bypass Image Registry And Delivery Service Glance
NVD
CVSS 2.0
2.6
EPSS
0.1%
CVE-2013-4354 LOW Monitor

The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Image Registry And Delivery Service Glance
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-0212 PyPI MEDIUM PATCH This Month

store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Image Registry And Delivery Service Glance Ubuntu Linux
NVD GitHub
CVSS 2.0
4.0
EPSS
1.2%
CVE-2012-5482 PyPI MEDIUM PATCH This Month

The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Essex Folsom Image Registry And Delivery Service Glance
NVD GitHub
CVSS 2.0
5.5
EPSS
1.4%
CVE-2012-4573 PyPI MEDIUM PATCH This Month

The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Essex Folsom Image Registry And Delivery Service Glance
NVD GitHub
CVSS 2.0
5.5
EPSS
0.8%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Image Registry And Delivery Service Glance
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Privilege Escalation Image Registry And Delivery Service Glance
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Image Registry And Delivery Service Glance
NVD
EPSS 1% CVSS 4.0
MEDIUM POC PATCH This Month

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Image Registry And Delivery Service Glance
NVD
EPSS 1% CVSS 4.0
MEDIUM POC PATCH This Month

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Image Registry And Delivery Service Glance
NVD
EPSS 0% CVSS 4.0
MEDIUM POC PATCH This Month

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Openstack Image Registry And Delivery Service Glance
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Image Registry And Delivery Service Glance
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file:. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Openstack Image Registry And Delivery Service Glance
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Privilege Escalation Image Registry And Delivery Service Glance +1
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Information Disclosure Icehouse Image Registry And Delivery Service Glance
NVD VulDB
EPSS 0% CVSS 2.6
LOW PATCH Monitor

OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and. Rated low severity (CVSS 2.6).

Authentication Bypass Image Registry And Delivery Service Glance
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Image Registry And Delivery Service Glance
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Image Registry And Delivery Service Glance Ubuntu Linux
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Essex Folsom +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Essex Folsom +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy