Vulnerabilities > Openstack > Image Registry AND Delivery Service Glance > 2013.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-01-23 | CVE-2014-9623 | Resource Management Errors vulnerability in multiple products OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state. | 4.0 |
2014-08-25 | CVE-2014-5356 | Permissions, Privileges, and Access Controls vulnerability in multiple products OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image. | 4.0 |
2014-02-14 | CVE-2014-1948 | Credentials Management vulnerability in Openstack Image Registry and Delivery Service (Glance) 2013.2/2013.2.1 OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log. | 2.6 |