Vulnerabilities (CVE)

Filtered by vendor Openstack Subscribe
Filtered by product Icehouse
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-1851 2 Canonical, Openstack 4 Ubuntu Linux, Icehouse, Juno and 1 more 2024-11-21 6.8 MEDIUM N/A
OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.
CVE-2014-0167 1 Openstack 2 Compute, Icehouse 2024-11-21 6.0 MEDIUM N/A
The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests.
CVE-2014-0162 1 Openstack 2 Icehouse, Image Registry And Delivery Service \(glance\) 2024-11-21 6.0 MEDIUM N/A
The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.
CVE-2013-7130 1 Openstack 4 Compute, Grizzly, Havana and 1 more 2024-11-21 7.1 HIGH N/A
The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.