Search CVE reports


Toggle filters

1 – 10 of 17 results


CVE-2022-47950

Medium priority

Some fixes available 7 of 8

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server,...

1 affected package

swift

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
swift Fixed Fixed Fixed Not affected Vulnerable
Show less packages

CVE-2017-8761

Low priority
Vulnerable

In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using...

1 affected package

swift

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
swift Not affected Not affected Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2013-2255

Low priority
Ignored

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.

6 affected packages

cinder, keystone, nova, python-keystoneclient, quantum, swift

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cinder
keystone
nova
python-keystoneclient
quantum
swift
Show less packages

CVE-2016-9590

Low priority

Some fixes available 1 of 5

puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying...

1 affected package

puppet-module-swift

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet-module-swift Not affected Not affected Not affected Fixed Vulnerable
Show less packages

CVE-2016-10074

Medium priority

Some fixes available 14 of 19

The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double...

1 affected package

libphp-swiftmailer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libphp-swiftmailer Fixed Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2016-0738

Low priority

Some fixes available 1 of 4

OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption)...

1 affected package

swift

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
swift Not affected
Show less packages

CVE-2016-0737

Medium priority

Some fixes available 1 of 3

OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a...

1 affected package

swift

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
swift Not affected
Show less packages

CVE-2015-8466

Medium priority

Some fixes available 1 of 5

Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.

1 affected package

swift-plugin-s3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
swift-plugin-s3 Not in release Not in release Not in release Not affected Vulnerable
Show less packages

CVE-2015-5223

Medium priority

Some fixes available 1 of 3

OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.

1 affected package

swift

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
swift Not affected
Show less packages

CVE-2015-1856

Medium priority

Some fixes available 2 of 3

OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.

1 affected package

swift

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
swift
Show less packages