CVE-2015-1851
- EPSS 0.49%
- Published 25.06.2015 16:59:00
- Last modified 12.04.2025 10:46:40
OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.
- EPSS 0.56%
- Published 27.04.2014 20:55:23
- Last modified 12.04.2025 10:46:40
The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a ...
- EPSS 0.38%
- Published 15.04.2014 14:55:04
- Last modified 12.04.2025 10:46:40
The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compu...
CVE-2013-7130
- EPSS 2.54%
- Published 06.02.2014 17:00:06
- Last modified 11.04.2025 00:51:21
The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attacke...