CPE Details
OpenStack Image Registry and Delivery Service (Glance) 2014.2.2
2014.2.2
2015-02-24
17h02 +00:00
17h02 +00:00
2015-02-25
18h41 +00:00
18h41 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2014.2.2:*:*:*:*:*:*:*
Informations
Vendor
openstackProduct
image_registry_and_delivery_service_\(glance\)Version
2014.2.2Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*. | 5.5 |
|||
| OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623. | 6.8 |
|||
| OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881. | 4 |
|||
| OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684. | 4 |
