Search CVE reports


Toggle filters

1 – 10 of 30 results


CVE-2024-32498

Medium priority

Some fixes available 15 of 21

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references...

3 affected packages

cinder, glance, nova

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cinder Fixed Fixed Fixed Needs evaluation Needs evaluation
glance Fixed Fixed Fixed Needs evaluation Needs evaluation
nova Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2024-1141

Medium priority

Some fixes available 5 of 7

A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.

1 affected package

python-glance-store

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-glance-store Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2023-2088

Medium priority

Some fixes available 10 of 30

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their...

5 affected packages

cinder, ironic, nova, python-glance-store, python-os-brick

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cinder Fixed Ignored Ignored Ignored
ironic Fixed Ignored Ignored Ignored
nova Fixed Ignored Ignored Ignored
python-glance-store Fixed Ignored Ignored Ignored
python-os-brick Fixed Ignored Ignored Ignored
Show less packages

CVE-2022-4134

Medium priority
Vulnerable

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.

1 affected package

glance

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glance Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2022-47951

Medium priority

Some fixes available 23 of 25

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially...

3 affected packages

cinder, glance, nova

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cinder Fixed Fixed Fixed Fixed Vulnerable
glance Fixed Fixed Fixed Not affected Not affected
nova Fixed Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2021-23418

Medium priority

Some fixes available 3 of 5

The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.

1 affected package

glances

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glances Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2016-8611

Low priority
Ignored

A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through...

1 affected package

glance

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glance Ignored
Show less packages

CVE-2016-4383

Medium priority
Ignored

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.

1 affected package

glance

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glance Ignored
Show less packages

CVE-2015-8234

Low priority
Ignored

The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.

1 affected package

glance

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glance Not affected
Show less packages

CVE-2017-7200

Low priority
Ignored

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such...

1 affected package

glance

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glance Ignored
Show less packages