Vulnerabilities > Openstack > Image Registry AND Delivery Service Glance > 2014.1

DATE	CVE	VULNERABILITY TITLE	RISK
2015-01-23	CVE-2014-9623	Resource Management Errors vulnerability in multiple products OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state. network low complexity redhat openstack CWE-399	4.0
2015-01-21	CVE-2015-1195	Path Traversal vulnerability in Openstack Image Registry and Delivery Service (Glance) The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. network low complexity openstack CWE-22	6.5
2015-01-07	CVE-2014-9493	Permissions, Privileges, and Access Controls vulnerability in multiple products The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property. network low complexity redhat openstack CWE-264	5.5
2014-08-25	CVE-2014-5356	Permissions, Privileges, and Access Controls vulnerability in multiple products OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image. network low complexity openstack canonical CWE-264	4.0

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.