Vulnerabilities > Openstack > Image Registry AND Delivery Service Glance
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-13 | CVE-2016-0757 | Improper Access Control vulnerability in Openstack Image Registry and Delivery Service (Glance) 11.0.0/11.0.1/2015.1.2 OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image. | 4.3 |
| 2015-02-24 | CVE-2015-1881 | Resource Management Errors vulnerability in Openstack Image Registry and Delivery Service (Glance) 2014.2/2014.2.1/2014.2.2 OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684. | 4.0 |
| 2015-02-24 | CVE-2014-9684 | Resource Management Errors vulnerability in Openstack Image Registry and Delivery Service (Glance) 2014.2/2014.2.1/2014.2.2 OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881. | 4.0 |
| 2015-01-23 | CVE-2014-9623 | Resource Management Errors vulnerability in multiple products OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state. | 4.0 |
| 2015-01-21 | CVE-2015-1195 | Path Traversal vulnerability in Openstack Image Registry and Delivery Service (Glance) The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. | 6.5 |
| 2015-01-07 | CVE-2014-9493 | Permissions, Privileges, and Access Controls vulnerability in multiple products The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property. | 5.5 |
| 2014-08-25 | CVE-2014-5356 | Permissions, Privileges, and Access Controls vulnerability in multiple products OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image. | 4.0 |
| 2014-02-14 | CVE-2014-1948 | Credentials Management vulnerability in Openstack Image Registry and Delivery Service (Glance) 2013.2/2013.2.1 OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log. | 2.6 |
| 2013-11-23 | CVE-2013-4354 | Improper Input Validation vulnerability in Openstack Image Registry and Delivery Service (Glance) The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image. | 2.1 |
| 2012-11-11 | CVE-2012-5482 | Permissions, Privileges, and Access Controls vulnerability in Openstack products The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. | 5.5 |