Image Registry And Delivery Service (Glance)
Approved changes feed: RSS · Atom
cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Openstack (7b0cf974-b2b5-592e-bdf4-6953805ef02a) |
|---|---|
| Product | Image Registry And Delivery Service (Glance) (08075d3f-d82e-57df-aa20-c356b48bf240) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2015-5286 |
vulnerable | 2026-06-03 14:34:59.126032 |
Details available
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.
Published: 2015-10-26T17:00:00.000Z
Updated: 2024-08-06T06:41:09.339Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-5251 |
vulnerable | 2026-06-03 14:34:59.019205 |
Details available
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.
Published: 2015-10-26T17:00:00.000Z
Updated: 2024-08-06T06:41:08.976Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-1195 |
vulnerable | 2026-06-03 14:34:38.960219 |
Details available
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493.
Published: 2015-01-21T18:00:00.000Z
Updated: 2024-08-06T04:33:20.821Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-9623 |
vulnerable | 2026-06-03 14:34:27.463432 |
Details available
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.
Published: 2015-01-23T15:00:00.000Z
Updated: 2024-08-06T13:47:41.740Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-9493 |
vulnerable | 2026-06-03 14:34:27.165297 |
Details available
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.
Published: 2015-01-07T19:00:00.000Z
Updated: 2024-08-06T13:47:41.357Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-5356 |
vulnerable | 2026-06-03 14:34:06.266464 |
Details available
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.
Published: 2014-08-25T14:00:00.000Z
Updated: 2024-08-06T11:41:49.236Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.