cbcvebase.

Glance Project Glance vulnerabilities

29 known vulnerabilities affecting glance_project/glance.

Total CVEs
29
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM22LOW3

Vulnerabilities

Page 2 of 2
CVE-2015-1881P4MEDIUMCVSS 4.0≥ 0, < 11.0.0a02022-05-17
CVE-2015-1881 [MEDIUM] CWE-770 OpenStack Glance Denial of service by creating a large number of images OpenStack Glance Denial of service by creating a large number of images OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9
ghsaosv
CVE-2014-5356P4MEDIUMCVSS 4.0≥ 0, < 11.0.0a02022-05-17
CVE-2014-5356 [MEDIUM] OpenStack Glance improper validation of the image_size_cap configuration option OpenStack Glance improper validation of the image_size_cap configuration option OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a lar
ghsaosv
CVE-2014-9684P4MEDIUMCVSS 4.0≥ 0, < 11.0.0a02022-05-17
CVE-2014-9684 [MEDIUM] CWE-770 OpenStack Glance Denial of service by creating a large number of images OpenStack Glance Denial of service by creating a large number of images OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vul
ghsaosv
CVE-2013-0212P4MEDIUMCVSS 4.0≥ 2012.1, < 2012.2.32022-05-05
CVE-2013-0212 [MEDIUM] CWE-200 OpenStack Glance logs user name and password in cleartext OpenStack Glance logs user name and password in cleartext store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.
ghsaosv
CVE-2014-9623P4MEDIUMCVSS 4.0≥ 0, < 11.0.0a02022-05-17
CVE-2014-9623 [MEDIUM] OpenStack Glance Bypass the storage quota and Denial of service OpenStack Glance Bypass the storage quota and Denial of service OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.
ghsaosv
CVE-2015-3289P4MEDIUMCVSS 4.0≥ 0, < 2015.1.0-42015-08-14
CVE-2015-3289 [MEDIUM] CVE-2015-3289: OpenStack Glance before 2015 OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleting them.
osv
CVE-2013-1840P4LOWCVSS 3.5≥ 0, < 11.0.0a02022-05-17
CVE-2013-1840 [LOW] CWE-200 OpenStack Glance is vulnerable to Exposure of Sensitive Information OpenStack Glance is vulnerable to Exposure of Sensitive Information The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
ghsaosv
CVE-2022-4134P4LOW≥ 0, ≤ 25.1.02023-03-07
CVE-2022-4134 [LOW] CWE-829 OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.
ghsaosv
CVE-2014-1948P4MEDIUMCVSS 2.6≥ 0, < 11.0.0a02022-05-17
CVE-2014-1948 [MEDIUM] CWE-532 OpenStack Glance sensitive information disclosure via logs OpenStack Glance sensitive information disclosure via logs OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.
ghsaosv
Glance Project Glance vulnerabilities | cvebase