Package impact

PyPI / glance

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2015-5162	high	7.5	7.5	10y ago	OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption
CVE-2015-5286	medium	—	6.8	11y ago	OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service
CVE-2015-1195	medium	—	6.5	12y ago	OpenStack Glance v2 API unrestricted path traversal through filesystem:// scheme
CVE-2014-0162	medium	—	6.0	12y ago	OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability
CVE-2017-7200	medium	5.8	5.8	9y ago	OpenStack Glance Server-Side Request Forgery (SSRF)
CVE-2012-4573	medium	—	5.5	4y ago	The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulne…
CVE-2015-8234	medium	5.5	5.5	9y ago	The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.
CVE-2015-5251	medium	—	5.5	11y ago	OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions
CVE-2012-5482	medium	—	5.5	14y ago	OpenStack Glance arbitrary deletion of non-protected images
CVE-2016-0757	medium	4.3	4.3	4y ago	OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload…
CVE-2015-1881	medium	—	4.0	4y ago	OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption)…
CVE-2014-5356	medium	—	4.0	4y ago	OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configurati…
CVE-2014-9684	medium	—	4.0	11y ago	OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption)…
CVE-2014-9623	medium	—	4.0	12y ago	OpenStack Glance Bypass the storage quota and Denial of service
CVE-2013-0212	medium	—	4.0	13y ago	OpenStack Glance logs user name and password in cleartext
CVE-2015-5163	low	—	3.5	11y ago	The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file…
CVE-2013-1840	low	—	3.5	13y ago	The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obt…
CVE-2014-1948	low	—	2.6	4y ago	OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARN…
CVE-2026-34881	unknown	—	—	2mo ago	OpenStack Glance is affected by Server-Side Request Forgery (SSRF)
CVE-2024-32498	unknown	—	—	2y ago	OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
CVE-2022-4134	unknown	—	—	3y ago	A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.
CVE-2022-47951	unknown	—	—	3y ago	An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0…