cvelistv5 - cve-2015-5286

CVE-2015-5286 (GCVE-0-2015-5286)

Vulnerability from cvelistv5

Published

2015-10-26 17:00

Modified

2024-08-06 06:41

Severity ?

CWE

Summary

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.

References

►

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

suse-su-2016:0101-1

Vulnerability from csaf_suse

Published

2016-01-13 12:31

Modified

2016-01-13 12:31

Summary

Security update for openstack-glance

Notes

Title of the patch

Security update for openstack-glance

Description of the patch

This update for openstack-glance provides the following fixes: - Catch NotAuthenticated exception in import task. (bsc#947735, CVE-2015-5286) - Cleanup chunks for deleted image if token expired. (bsc#947735, CVE-2015-5286) - Prevent image status being directly modified via v1. (bsc#945994, CVE-2015-5251) - Fix error when downloading image status is not active. (bsc#945051) - Add ability to deactivate an image.

Patchnames

sleclo50sp3-openstack-glance-12321

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for openstack-glance",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for openstack-glance provides the following fixes:\n\n- Catch NotAuthenticated exception in import task. (bsc#947735, CVE-2015-5286)\n- Cleanup chunks for deleted image if token expired. (bsc#947735, CVE-2015-5286)\n- Prevent image status being directly modified via v1. (bsc#945994, CVE-2015-5251)\n- Fix error when downloading image status is not active. (bsc#945051)\n- Add ability to deactivate an image.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "sleclo50sp3-openstack-glance-12321",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0101-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2016:0101-1",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160101-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2016:0101-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-January/001795.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 945051",
        "url": "https://bugzilla.suse.com/945051"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 945994",
        "url": "https://bugzilla.suse.com/945994"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 947735",
        "url": "https://bugzilla.suse.com/947735"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-5251 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-5251/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-5286 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-5286/"
      }
    ],
    "title": "Security update for openstack-glance",
    "tracking": {
      "current_release_date": "2016-01-13T12:31:46Z",
      "generator": {
        "date": "2016-01-13T12:31:46Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2016:0101-1",
      "initial_release_date": "2016-01-13T12:31:46Z",
      "revision_history": [
        {
          "date": "2016-01-13T12:31:46Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-glance-doc-2014.2.4.juno-14.1.noarch",
                "product": {
                  "name": "openstack-glance-doc-2014.2.4.juno-14.1.noarch",
                  "product_id": "openstack-glance-doc-2014.2.4.juno-14.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-glance-2014.2.4.juno-14.1.x86_64",
                "product": {
                  "name": "openstack-glance-2014.2.4.juno-14.1.x86_64",
                  "product_id": "openstack-glance-2014.2.4.juno-14.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python-glance-2014.2.4.juno-14.1.x86_64",
                "product": {
                  "name": "python-glance-2014.2.4.juno-14.1.x86_64",
                  "product_id": "python-glance-2014.2.4.juno-14.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 5",
                "product": {
                  "name": "SUSE OpenStack Cloud 5",
                  "product_id": "SUSE OpenStack Cloud 5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:cloud:5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-glance-2014.2.4.juno-14.1.x86_64 as component of SUSE OpenStack Cloud 5",
          "product_id": "SUSE OpenStack Cloud 5:openstack-glance-2014.2.4.juno-14.1.x86_64"
        },
        "product_reference": "openstack-glance-2014.2.4.juno-14.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-glance-doc-2014.2.4.juno-14.1.noarch as component of SUSE OpenStack Cloud 5",
          "product_id": "SUSE OpenStack Cloud 5:openstack-glance-doc-2014.2.4.juno-14.1.noarch"
        },
        "product_reference": "openstack-glance-doc-2014.2.4.juno-14.1.noarch",
        "relates_to_product_reference": "SUSE OpenStack Cloud 5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-glance-2014.2.4.juno-14.1.x86_64 as component of SUSE OpenStack Cloud 5",
          "product_id": "SUSE OpenStack Cloud 5:python-glance-2014.2.4.juno-14.1.x86_64"
        },
        "product_reference": "python-glance-2014.2.4.juno-14.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-5251",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-5251"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 5:openstack-glance-2014.2.4.juno-14.1.x86_64",
          "SUSE OpenStack Cloud 5:openstack-glance-doc-2014.2.4.juno-14.1.noarch",
          "SUSE OpenStack Cloud 5:python-glance-2014.2.4.juno-14.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-5251",
          "url": "https://www.suse.com/security/cve/CVE-2015-5251"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 945994 for CVE-2015-5251",
          "url": "https://bugzilla.suse.com/945994"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 5:openstack-glance-2014.2.4.juno-14.1.x86_64",
            "SUSE OpenStack Cloud 5:openstack-glance-doc-2014.2.4.juno-14.1.noarch",
            "SUSE OpenStack Cloud 5:python-glance-2014.2.4.juno-14.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-01-13T12:31:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-5251"
    },
    {
      "cve": "CVE-2015-5286",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-5286"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE OpenStack Cloud 5:openstack-glance-2014.2.4.juno-14.1.x86_64",
          "SUSE OpenStack Cloud 5:openstack-glance-doc-2014.2.4.juno-14.1.noarch",
          "SUSE OpenStack Cloud 5:python-glance-2014.2.4.juno-14.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-5286",
          "url": "https://www.suse.com/security/cve/CVE-2015-5286"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 947735 for CVE-2015-5286",
          "url": "https://bugzilla.suse.com/947735"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE OpenStack Cloud 5:openstack-glance-2014.2.4.juno-14.1.x86_64",
            "SUSE OpenStack Cloud 5:openstack-glance-doc-2014.2.4.juno-14.1.noarch",
            "SUSE OpenStack Cloud 5:python-glance-2014.2.4.juno-14.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-01-13T12:31:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-5286"
    }
  ]
}

rhsa-2015:1897

Vulnerability from csaf_redhat

Published

2015-10-15 12:29

Modified

2025-08-01 23:37

Summary

Red Hat Security Advisory: openstack-glance security update

Notes

Topic

Updated openstack-glance packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details

OpenStack Image service (glance) provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. A flaw was discovered in the OpenStack Image service where a tenant could manipulate the status of their images by submitting an HTTP PUT request together with an 'x-image-meta-status' header. A malicious tenant could exploit this flaw to reactivate disabled images, bypass storage quotas, and in some cases replace image contents (where they have owner access). Setups using the Image service's v1 API could allow the illegal modification of image status. Additionally, setups which also use the v2 API could allow a subsequent re-upload of image contents. (CVE-2015-5251) A race-condition flaw was discovered in the OpenStack Image service. When images in the upload state were deleted using a token close to expiration, untracked image data could accumulate in the back end. Because untracked data does not count towards the storage quota, an attacker could use this flaw to cause a denial of service through resource exhaustion. (CVE-2015-5286) Red Hat would like to thank the OpenStack project for reporting these issues. Upstream acknowledges Hemanth Makkapati of Rackspace as the original reporter of CVE-2015-5251, and Mike Fedosin and Alexei Galkin of Mirantis as the original reporters of CVE-2015-5286. All openstack-glance users are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, running Image service services will be restarted automatically.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated openstack-glance packages that fix two security issues are now\navailable for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenStack Image service (glance) provides discovery, registration, and\ndelivery services for disk and server images. It provides the ability to\ncopy or snapshot a server image, and immediately store it away. Stored\nimages can be used as a template to get new servers up and running quickly\nand more consistently than installing a server operating system and\nindividually configuring additional services.\n\nA flaw was discovered in the OpenStack Image service where a\ntenant could manipulate the status of their images by submitting an\nHTTP PUT request together with an \u0027x-image-meta-status\u0027 header. A\nmalicious tenant could exploit this flaw to reactivate disabled images,\nbypass storage quotas, and in some cases replace image contents (where\nthey have owner access). Setups using the Image service\u0027s v1 API could\nallow the illegal modification of image status. Additionally, setups\nwhich also use the v2 API could allow a subsequent re-upload of image\ncontents. (CVE-2015-5251)\n\nA race-condition flaw was discovered in the OpenStack Image service.\nWhen images in the upload state were deleted using a token close to\nexpiration, untracked image data could accumulate in the back end.\nBecause untracked data does not count towards the storage quota, an\nattacker could use this flaw to cause a denial of service through\nresource exhaustion. (CVE-2015-5286)\n\nRed Hat would like to thank the OpenStack project for reporting these\nissues. Upstream acknowledges Hemanth Makkapati of Rackspace as the\noriginal reporter of CVE-2015-5251, and Mike Fedosin and Alexei Galkin of\nMirantis as the original reporters of CVE-2015-5286.\n\nAll openstack-glance users are advised to upgrade to these updated\npackages, which correct these issues. After installing the updated\npackages, running Image service services will be restarted\nautomatically.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2015:1897",
        "url": "https://access.redhat.com/errata/RHSA-2015:1897"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1263511",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1263511"
      },
      {
        "category": "external",
        "summary": "1267516",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1267516"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1897.json"
      }
    ],
    "title": "Red Hat Security Advisory: openstack-glance security update",
    "tracking": {
      "current_release_date": "2025-08-01T23:37:05+00:00",
      "generator": {
        "date": "2025-08-01T23:37:05+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.6"
        }
      },
      "id": "RHSA-2015:1897",
      "initial_release_date": "2015-10-15T12:29:01+00:00",
      "revision_history": [
        {
          "date": "2015-10-15T12:29:01+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2015-10-15T12:29:01+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-08-01T23:37:05+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
                "product": {
                  "name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
                  "product_id": "6Server-RH6-RHOS-5.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:5::el6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
                "product": {
                  "name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
                  "product_id": "7Server-RH7-RHOS-5.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:5::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
                "product": {
                  "name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
                  "product_id": "7Server-RH7-RHOS-6.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:6::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
                "product": {
                  "name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
                  "product_id": "7Server-RH7-RHOS-7.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:7::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenStack Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-glance-0:2014.1.5-3.el6ost.noarch",
                "product": {
                  "name": "openstack-glance-0:2014.1.5-3.el6ost.noarch",
                  "product_id": "openstack-glance-0:2014.1.5-3.el6ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-glance@2014.1.5-3.el6ost?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-glance-doc-0:2014.1.5-3.el6ost.noarch",
                "product": {
                  "name": "openstack-glance-doc-0:2014.1.5-3.el6ost.noarch",
                  "product_id": "openstack-glance-doc-0:2014.1.5-3.el6ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-glance-doc@2014.1.5-3.el6ost?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-glance-0:2014.1.5-3.el6ost.noarch",
                "product": {
                  "name": "python-glance-0:2014.1.5-3.el6ost.noarch",
                  "product_id": "python-glance-0:2014.1.5-3.el6ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-glance@2014.1.5-3.el6ost?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-glance-0:2014.1.5-3.el7ost.noarch",
                "product": {
                  "name": "python-glance-0:2014.1.5-3.el7ost.noarch",
                  "product_id": "python-glance-0:2014.1.5-3.el7ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-glance@2014.1.5-3.el7ost?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-glance-doc-0:2014.1.5-3.el7ost.noarch",
                "product": {
                  "name": "openstack-glance-doc-0:2014.1.5-3.el7ost.noarch",
                  "product_id": "openstack-glance-doc-0:2014.1.5-3.el7ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-glance-doc@2014.1.5-3.el7ost?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-glance-0:2014.1.5-3.el7ost.noarch",
                "product": {
                  "name": "openstack-glance-0:2014.1.5-3.el7ost.noarch",
                  "product_id": "openstack-glance-0:2014.1.5-3.el7ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-glance@2014.1.5-3.el7ost?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-glance-0:2014.2.3-3.el7ost.noarch",
                "product": {
                  "name": "python-glance-0:2014.2.3-3.el7ost.noarch",
                  "product_id": "python-glance-0:2014.2.3-3.el7ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-glance@2014.2.3-3.el7ost?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-glance-doc-0:2014.2.3-3.el7ost.noarch",
                "product": {
                  "name": "openstack-glance-doc-0:2014.2.3-3.el7ost.noarch",
                  "product_id": "openstack-glance-doc-0:2014.2.3-3.el7ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-glance-doc@2014.2.3-3.el7ost?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-glance-0:2014.2.3-3.el7ost.noarch",
                "product": {
                  "name": "openstack-glance-0:2014.2.3-3.el7ost.noarch",
                  "product_id": "openstack-glance-0:2014.2.3-3.el7ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-glance@2014.2.3-3.el7ost?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-glance-0:2015.1.1-3.el7ost.noarch",
                "product": {
                  "name": "openstack-glance-0:2015.1.1-3.el7ost.noarch",
                  "product_id": "openstack-glance-0:2015.1.1-3.el7ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-glance@2015.1.1-3.el7ost?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-glance-0:2015.1.1-3.el7ost.noarch",
                "product": {
                  "name": "python-glance-0:2015.1.1-3.el7ost.noarch",
                  "product_id": "python-glance-0:2015.1.1-3.el7ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-glance@2015.1.1-3.el7ost?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-glance-doc-0:2015.1.1-3.el7ost.noarch",
                "product": {
                  "name": "openstack-glance-doc-0:2015.1.1-3.el7ost.noarch",
                  "product_id": "openstack-glance-doc-0:2015.1.1-3.el7ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-glance-doc@2015.1.1-3.el7ost?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-glance-0:2014.1.5-3.el6ost.src",
                "product": {
                  "name": "openstack-glance-0:2014.1.5-3.el6ost.src",
                  "product_id": "openstack-glance-0:2014.1.5-3.el6ost.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-glance@2014.1.5-3.el6ost?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-glance-0:2014.1.5-3.el7ost.src",
                "product": {
                  "name": "openstack-glance-0:2014.1.5-3.el7ost.src",
                  "product_id": "openstack-glance-0:2014.1.5-3.el7ost.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-glance@2014.1.5-3.el7ost?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-glance-0:2014.2.3-3.el7ost.src",
                "product": {
                  "name": "openstack-glance-0:2014.2.3-3.el7ost.src",
                  "product_id": "openstack-glance-0:2014.2.3-3.el7ost.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-glance@2014.2.3-3.el7ost?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-glance-0:2015.1.1-3.el7ost.src",
                "product": {
                  "name": "openstack-glance-0:2015.1.1-3.el7ost.src",
                  "product_id": "openstack-glance-0:2015.1.1-3.el7ost.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-glance@2015.1.1-3.el7ost?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-glance-0:2014.1.5-3.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
          "product_id": "6Server-RH6-RHOS-5.0:openstack-glance-0:2014.1.5-3.el6ost.noarch"
        },
        "product_reference": "openstack-glance-0:2014.1.5-3.el6ost.noarch",
        "relates_to_product_reference": "6Server-RH6-RHOS-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-glance-0:2014.1.5-3.el6ost.src as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
          "product_id": "6Server-RH6-RHOS-5.0:openstack-glance-0:2014.1.5-3.el6ost.src"
        },
        "product_reference": "openstack-glance-0:2014.1.5-3.el6ost.src",
        "relates_to_product_reference": "6Server-RH6-RHOS-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-glance-doc-0:2014.1.5-3.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
          "product_id": "6Server-RH6-RHOS-5.0:openstack-glance-doc-0:2014.1.5-3.el6ost.noarch"
        },
        "product_reference": "openstack-glance-doc-0:2014.1.5-3.el6ost.noarch",
        "relates_to_product_reference": "6Server-RH6-RHOS-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-glance-0:2014.1.5-3.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
          "product_id": "6Server-RH6-RHOS-5.0:python-glance-0:2014.1.5-3.el6ost.noarch"
        },
        "product_reference": "python-glance-0:2014.1.5-3.el6ost.noarch",
        "relates_to_product_reference": "6Server-RH6-RHOS-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-glance-0:2014.1.5-3.el7ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
          "product_id": "7Server-RH7-RHOS-5.0:openstack-glance-0:2014.1.5-3.el7ost.noarch"
        },
        "product_reference": "openstack-glance-0:2014.1.5-3.el7ost.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOS-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-glance-0:2014.1.5-3.el7ost.src as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
          "product_id": "7Server-RH7-RHOS-5.0:openstack-glance-0:2014.1.5-3.el7ost.src"
        },
        "product_reference": "openstack-glance-0:2014.1.5-3.el7ost.src",
        "relates_to_product_reference": "7Server-RH7-RHOS-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-glance-doc-0:2014.1.5-3.el7ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
          "product_id": "7Server-RH7-RHOS-5.0:openstack-glance-doc-0:2014.1.5-3.el7ost.noarch"
        },
        "product_reference": "openstack-glance-doc-0:2014.1.5-3.el7ost.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOS-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-glance-0:2014.1.5-3.el7ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
          "product_id": "7Server-RH7-RHOS-5.0:python-glance-0:2014.1.5-3.el7ost.noarch"
        },
        "product_reference": "python-glance-0:2014.1.5-3.el7ost.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOS-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-glance-0:2014.2.3-3.el7ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
          "product_id": "7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-3.el7ost.noarch"
        },
        "product_reference": "openstack-glance-0:2014.2.3-3.el7ost.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOS-6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-glance-0:2014.2.3-3.el7ost.src as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
          "product_id": "7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-3.el7ost.src"
        },
        "product_reference": "openstack-glance-0:2014.2.3-3.el7ost.src",
        "relates_to_product_reference": "7Server-RH7-RHOS-6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-glance-doc-0:2014.2.3-3.el7ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
          "product_id": "7Server-RH7-RHOS-6.0:openstack-glance-doc-0:2014.2.3-3.el7ost.noarch"
        },
        "product_reference": "openstack-glance-doc-0:2014.2.3-3.el7ost.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOS-6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-glance-0:2014.2.3-3.el7ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
          "product_id": "7Server-RH7-RHOS-6.0:python-glance-0:2014.2.3-3.el7ost.noarch"
        },
        "product_reference": "python-glance-0:2014.2.3-3.el7ost.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOS-6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-glance-0:2015.1.1-3.el7ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
          "product_id": "7Server-RH7-RHOS-7.0:openstack-glance-0:2015.1.1-3.el7ost.noarch"
        },
        "product_reference": "openstack-glance-0:2015.1.1-3.el7ost.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOS-7.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-glance-0:2015.1.1-3.el7ost.src as a component of Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
          "product_id": "7Server-RH7-RHOS-7.0:openstack-glance-0:2015.1.1-3.el7ost.src"
        },
        "product_reference": "openstack-glance-0:2015.1.1-3.el7ost.src",
        "relates_to_product_reference": "7Server-RH7-RHOS-7.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-glance-doc-0:2015.1.1-3.el7ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
          "product_id": "7Server-RH7-RHOS-7.0:openstack-glance-doc-0:2015.1.1-3.el7ost.noarch"
        },
        "product_reference": "openstack-glance-doc-0:2015.1.1-3.el7ost.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOS-7.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-glance-0:2015.1.1-3.el7ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
          "product_id": "7Server-RH7-RHOS-7.0:python-glance-0:2015.1.1-3.el7ost.noarch"
        },
        "product_reference": "python-glance-0:2015.1.1-3.el7ost.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOS-7.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "OpenStack project"
          ]
        },
        {
          "names": [
            "Hemanth Makkapati"
          ],
          "organization": "Rackspace",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2015-5251",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "discovery_date": "2015-09-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1263511"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was discovered in the OpenStack Image service (glance) where a tenant could manipulate the status of their images by submitting an HTTP PUT request together with an \u0027x-image-meta-status\u0027 header. A malicious tenant could exploit this flaw to reactivate disabled images, bypass storage quotas, and in some cases replace image contents (where they have owner access). Setups using the Image service\u0027s v1 API could allow the illegal modification of image status. Additionally, setups which also use the v2 API could allow a subsequent re-upload of image contents.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openstack-glance allows illegal modification of image status",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RH6-RHOS-5.0:openstack-glance-0:2014.1.5-3.el6ost.noarch",
          "6Server-RH6-RHOS-5.0:openstack-glance-0:2014.1.5-3.el6ost.src",
          "6Server-RH6-RHOS-5.0:openstack-glance-doc-0:2014.1.5-3.el6ost.noarch",
          "6Server-RH6-RHOS-5.0:python-glance-0:2014.1.5-3.el6ost.noarch",
          "7Server-RH7-RHOS-5.0:openstack-glance-0:2014.1.5-3.el7ost.noarch",
          "7Server-RH7-RHOS-5.0:openstack-glance-0:2014.1.5-3.el7ost.src",
          "7Server-RH7-RHOS-5.0:openstack-glance-doc-0:2014.1.5-3.el7ost.noarch",
          "7Server-RH7-RHOS-5.0:python-glance-0:2014.1.5-3.el7ost.noarch",
          "7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-3.el7ost.noarch",
          "7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-3.el7ost.src",
          "7Server-RH7-RHOS-6.0:openstack-glance-doc-0:2014.2.3-3.el7ost.noarch",
          "7Server-RH7-RHOS-6.0:python-glance-0:2014.2.3-3.el7ost.noarch",
          "7Server-RH7-RHOS-7.0:openstack-glance-0:2015.1.1-3.el7ost.noarch",
          "7Server-RH7-RHOS-7.0:openstack-glance-0:2015.1.1-3.el7ost.src",
          "7Server-RH7-RHOS-7.0:openstack-glance-doc-0:2015.1.1-3.el7ost.noarch",
          "7Server-RH7-RHOS-7.0:python-glance-0:2015.1.1-3.el7ost.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-5251"
        },
        {
          "category": "external",
          "summary": "RHBZ#1263511",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1263511"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-5251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-5251"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5251",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5251"
        }
      ],
      "release_date": "2015-09-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-10-15T12:29:01+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-RH6-RHOS-5.0:openstack-glance-0:2014.1.5-3.el6ost.noarch",
            "6Server-RH6-RHOS-5.0:openstack-glance-0:2014.1.5-3.el6ost.src",
            "6Server-RH6-RHOS-5.0:openstack-glance-doc-0:2014.1.5-3.el6ost.noarch",
            "6Server-RH6-RHOS-5.0:python-glance-0:2014.1.5-3.el6ost.noarch",
            "7Server-RH7-RHOS-5.0:openstack-glance-0:2014.1.5-3.el7ost.noarch",
            "7Server-RH7-RHOS-5.0:openstack-glance-0:2014.1.5-3.el7ost.src",
            "7Server-RH7-RHOS-5.0:openstack-glance-doc-0:2014.1.5-3.el7ost.noarch",
            "7Server-RH7-RHOS-5.0:python-glance-0:2014.1.5-3.el7ost.noarch",
            "7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-3.el7ost.noarch",
            "7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-3.el7ost.src",
            "7Server-RH7-RHOS-6.0:openstack-glance-doc-0:2014.2.3-3.el7ost.noarch",
            "7Server-RH7-RHOS-6.0:python-glance-0:2014.2.3-3.el7ost.noarch",
            "7Server-RH7-RHOS-7.0:openstack-glance-0:2015.1.1-3.el7ost.noarch",
            "7Server-RH7-RHOS-7.0:openstack-glance-0:2015.1.1-3.el7ost.src",
            "7Server-RH7-RHOS-7.0:openstack-glance-doc-0:2015.1.1-3.el7ost.noarch",
            "7Server-RH7-RHOS-7.0:python-glance-0:2015.1.1-3.el7ost.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1897"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-RH6-RHOS-5.0:openstack-glance-0:2014.1.5-3.el6ost.noarch",
            "6Server-RH6-RHOS-5.0:openstack-glance-0:2014.1.5-3.el6ost.src",
            "6Server-RH6-RHOS-5.0:openstack-glance-doc-0:2014.1.5-3.el6ost.noarch",
            "6Server-RH6-RHOS-5.0:python-glance-0:2014.1.5-3.el6ost.noarch",
            "7Server-RH7-RHOS-5.0:openstack-glance-0:2014.1.5-3.el7ost.noarch",
            "7Server-RH7-RHOS-5.0:openstack-glance-0:2014.1.5-3.el7ost.src",
            "7Server-RH7-RHOS-5.0:openstack-glance-doc-0:2014.1.5-3.el7ost.noarch",
            "7Server-RH7-RHOS-5.0:python-glance-0:2014.1.5-3.el7ost.noarch",
            "7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-3.el7ost.noarch",
            "7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-3.el7ost.src",
            "7Server-RH7-RHOS-6.0:openstack-glance-doc-0:2014.2.3-3.el7ost.noarch",
            "7Server-RH7-RHOS-6.0:python-glance-0:2014.2.3-3.el7ost.noarch",
            "7Server-RH7-RHOS-7.0:openstack-glance-0:2015.1.1-3.el7ost.noarch",
            "7Server-RH7-RHOS-7.0:openstack-glance-0:2015.1.1-3.el7ost.src",
            "7Server-RH7-RHOS-7.0:openstack-glance-doc-0:2015.1.1-3.el7ost.noarch",
            "7Server-RH7-RHOS-7.0:python-glance-0:2015.1.1-3.el7ost.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openstack-glance allows illegal modification of image status"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "OpenStack project"
          ]
        },
        {
          "names": [
            "Mike Fedosin"
          ],
          "summary": "Acknowledged by upstream."
        },
        {
          "names": [
            "Alexei Galkin"
          ],
          "organization": "Mirantis",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2015-5286",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2015-09-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1267516"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A race-condition flaw was discovered in the OpenStack Image service (glance). When images in the upload state were deleted using a token close to expiration, untracked image data could accumulate in the back end. Because untracked data does not count towards the storage quota, an attacker could use this flaw to cause a denial of service through resource exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openstack-glance: Storage overrun by deleting images",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RH6-RHOS-5.0:openstack-glance-0:2014.1.5-3.el6ost.noarch",
          "6Server-RH6-RHOS-5.0:openstack-glance-0:2014.1.5-3.el6ost.src",
          "6Server-RH6-RHOS-5.0:openstack-glance-doc-0:2014.1.5-3.el6ost.noarch",
          "6Server-RH6-RHOS-5.0:python-glance-0:2014.1.5-3.el6ost.noarch",
          "7Server-RH7-RHOS-5.0:openstack-glance-0:2014.1.5-3.el7ost.noarch",
          "7Server-RH7-RHOS-5.0:openstack-glance-0:2014.1.5-3.el7ost.src",
          "7Server-RH7-RHOS-5.0:openstack-glance-doc-0:2014.1.5-3.el7ost.noarch",
          "7Server-RH7-RHOS-5.0:python-glance-0:2014.1.5-3.el7ost.noarch",
          "7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-3.el7ost.noarch",
          "7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-3.el7ost.src",
          "7Server-RH7-RHOS-6.0:openstack-glance-doc-0:2014.2.3-3.el7ost.noarch",
          "7Server-RH7-RHOS-6.0:python-glance-0:2014.2.3-3.el7ost.noarch",
          "7Server-RH7-RHOS-7.0:openstack-glance-0:2015.1.1-3.el7ost.noarch",
          "7Server-RH7-RHOS-7.0:openstack-glance-0:2015.1.1-3.el7ost.src",
          "7Server-RH7-RHOS-7.0:openstack-glance-doc-0:2015.1.1-3.el7ost.noarch",
          "7Server-RH7-RHOS-7.0:python-glance-0:2015.1.1-3.el7ost.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-5286"
        },
        {
          "category": "external",
          "summary": "RHBZ#1267516",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1267516"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-5286",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-5286"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5286",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5286"
        }
      ],
      "release_date": "2015-10-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-10-15T12:29:01+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-RH6-RHOS-5.0:openstack-glance-0:2014.1.5-3.el6ost.noarch",
            "6Server-RH6-RHOS-5.0:openstack-glance-0:2014.1.5-3.el6ost.src",
            "6Server-RH6-RHOS-5.0:openstack-glance-doc-0:2014.1.5-3.el6ost.noarch",
            "6Server-RH6-RHOS-5.0:python-glance-0:2014.1.5-3.el6ost.noarch",
            "7Server-RH7-RHOS-5.0:openstack-glance-0:2014.1.5-3.el7ost.noarch",
            "7Server-RH7-RHOS-5.0:openstack-glance-0:2014.1.5-3.el7ost.src",
            "7Server-RH7-RHOS-5.0:openstack-glance-doc-0:2014.1.5-3.el7ost.noarch",
            "7Server-RH7-RHOS-5.0:python-glance-0:2014.1.5-3.el7ost.noarch",
            "7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-3.el7ost.noarch",
            "7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-3.el7ost.src",
            "7Server-RH7-RHOS-6.0:openstack-glance-doc-0:2014.2.3-3.el7ost.noarch",
            "7Server-RH7-RHOS-6.0:python-glance-0:2014.2.3-3.el7ost.noarch",
            "7Server-RH7-RHOS-7.0:openstack-glance-0:2015.1.1-3.el7ost.noarch",
            "7Server-RH7-RHOS-7.0:openstack-glance-0:2015.1.1-3.el7ost.src",
            "7Server-RH7-RHOS-7.0:openstack-glance-doc-0:2015.1.1-3.el7ost.noarch",
            "7Server-RH7-RHOS-7.0:python-glance-0:2015.1.1-3.el7ost.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1897"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-RH6-RHOS-5.0:openstack-glance-0:2014.1.5-3.el6ost.noarch",
            "6Server-RH6-RHOS-5.0:openstack-glance-0:2014.1.5-3.el6ost.src",
            "6Server-RH6-RHOS-5.0:openstack-glance-doc-0:2014.1.5-3.el6ost.noarch",
            "6Server-RH6-RHOS-5.0:python-glance-0:2014.1.5-3.el6ost.noarch",
            "7Server-RH7-RHOS-5.0:openstack-glance-0:2014.1.5-3.el7ost.noarch",
            "7Server-RH7-RHOS-5.0:openstack-glance-0:2014.1.5-3.el7ost.src",
            "7Server-RH7-RHOS-5.0:openstack-glance-doc-0:2014.1.5-3.el7ost.noarch",
            "7Server-RH7-RHOS-5.0:python-glance-0:2014.1.5-3.el7ost.noarch",
            "7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-3.el7ost.noarch",
            "7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-3.el7ost.src",
            "7Server-RH7-RHOS-6.0:openstack-glance-doc-0:2014.2.3-3.el7ost.noarch",
            "7Server-RH7-RHOS-6.0:python-glance-0:2014.2.3-3.el7ost.noarch",
            "7Server-RH7-RHOS-7.0:openstack-glance-0:2015.1.1-3.el7ost.noarch",
            "7Server-RH7-RHOS-7.0:openstack-glance-0:2015.1.1-3.el7ost.src",
            "7Server-RH7-RHOS-7.0:openstack-glance-doc-0:2015.1.1-3.el7ost.noarch",
            "7Server-RH7-RHOS-7.0:python-glance-0:2015.1.1-3.el7ost.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openstack-glance: Storage overrun by deleting images"
    }
  ]
}

fkie_cve-2015-5286

Vulnerability from fkie_nvd

Published

2015-10-26 17:59

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2015-1897.html
secalert@redhat.com	http://www.securityfocus.com/bid/76943
secalert@redhat.com	https://bugs.launchpad.net/bugs/1498163
secalert@redhat.com	https://security.openstack.org/ossa/OSSA-2015-020.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1897.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/76943
af854a3a-2127-422b-91ae-364da2661108	https://bugs.launchpad.net/bugs/1498163
af854a3a-2127-422b-91ae-364da2661108	https://security.openstack.org/ossa/OSSA-2015-020.html	Vendor Advisory

Impacted products

Vendor	Product	Version
openstack	image_registry_and_delivery_service_\(glance\)	*
openstack	image_registry_and_delivery_service_\(glance\)	2015.1.0
openstack	image_registry_and_delivery_service_\(glance\)	2015.1.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0964364D-BB85-4C6C-AC03-9C5654F31B11",
              "versionEndIncluding": "2014.2.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C66E0C3C-F6B7-433D-9F93-531594C52D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "897FC29D-7439-4BF2-8296-FB33712DCE43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623."
    },
    {
      "lang": "es",
      "value": "OpenStack Image Service (Glance) en versiones anteriores a 2014.2.4 (juno) y 2015.1.x en versiones anteriores a 2015.1.2 (kilo) permite a usuarios remotos autenticados eludir la cuota de almacenamiento y provocar una denegaci\u00f3n de servicio (consumo de disco) borrando im\u00e1genes que han sido subidas utilizando un token que expira durante el proceso. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2014-9623."
    }
  ],
  "id": "CVE-2015-5286",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-26T17:59:07.937",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/76943"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.launchpad.net/bugs/1498163"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.openstack.org/ossa/OSSA-2015-020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/76943"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/bugs/1498163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.openstack.org/ossa/OSSA-2015-020.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-gvjg-r9fv-7qx9

Vulnerability from github

Published

2022-05-17 03:44

Modified

2023-02-08 18:12

Summary

OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "glance"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2014.2.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "glance"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2015.1.0"
            },
            {
              "fixed": "2015.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2015-5286"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-08T18:12:35Z",
    "nvd_published_at": "2015-10-26T17:59:00Z",
    "severity": "MODERATE"
  },
  "details": "OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.",
  "id": "GHSA-gvjg-r9fv-7qx9",
  "modified": "2023-02-08T18:12:35Z",
  "published": "2022-05-17T03:44:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5286"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2015:1897"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2015-5286"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/bugs/1498163"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1267516"
    },
    {
      "type": "PACKAGE",
      "url": "https://opendev.org/openstack/glance"
    },
    {
      "type": "WEB",
      "url": "https://rhn.redhat.com/errata/RHSA-2015-1897.html"
    },
    {
      "type": "WEB",
      "url": "https://security.openstack.org/ossa/OSSA-2015-020.html"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200228024859/http://www.securityfocus.com/bid/76943"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service"
}

gsd-2015-5286

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2015-5286

Aliases

CVE-2015-5286

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-5286",
    "description": "OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.",
    "id": "GSD-2015-5286",
    "references": [
      "https://www.suse.com/security/cve/CVE-2015-5286.html",
      "https://access.redhat.com/errata/RHSA-2015:1897",
      "https://ubuntu.com/security/CVE-2015-5286"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-5286"
      ],
      "details": "OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.",
      "id": "GSD-2015-5286",
      "modified": "2023-12-13T01:20:06.098174Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2015-5286",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2015-1897.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html"
          },
          {
            "name": "http://www.securityfocus.com/bid/76943",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/76943"
          },
          {
            "name": "https://bugs.launchpad.net/bugs/1498163",
            "refsource": "MISC",
            "url": "https://bugs.launchpad.net/bugs/1498163"
          },
          {
            "name": "https://security.openstack.org/ossa/OSSA-2015-020.html",
            "refsource": "MISC",
            "url": "https://security.openstack.org/ossa/OSSA-2015-020.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c2014.2.4||\u003e=2015.1.0,\u003c2015.1.2",
          "affected_versions": "All versions before 2014.2.4, all versions starting from 2015.1.0 before 2015.1.2",
          "cvss_v2": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
          "cwe_ids": [
            "CWE-1035",
            "CWE-264",
            "CWE-937"
          ],
          "date": "2023-02-08",
          "description": "A race-condition flaw was discovered in the OpenStack Image service (glance). When images in the upload state were deleted using a token close to expiration, untracked image data could accumulate in the back end. Because untracked data does not count towards the storage quota, an attacker could use this flaw to cause a denial of service through resource exhaustion.",
          "fixed_versions": [
            "2014.2.4",
            "2015.1.2"
          ],
          "identifier": "CVE-2015-5286",
          "identifiers": [
            "GHSA-gvjg-r9fv-7qx9",
            "CVE-2015-5286"
          ],
          "not_impacted": "All versions starting from 2014.2.4 before 2015.1.0, all versions starting from 2015.1.2",
          "package_slug": "pypi/glance",
          "pubdate": "2022-05-17",
          "solution": "Upgrade to versions 2014.2.4, 2015.1.2 or above.",
          "title": "OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2015-5286",
            "https://bugs.launchpad.net/bugs/1498163",
            "https://security.openstack.org/ossa/OSSA-2015-020.html",
            "http://rhn.redhat.com/errata/RHSA-2015-1897.html",
            "https://access.redhat.com/errata/RHSA-2015:1897",
            "https://access.redhat.com/security/cve/CVE-2015-5286",
            "https://bugzilla.redhat.com/show_bug.cgi?id=1267516",
            "https://web.archive.org/web/20200228024859/http://www.securityfocus.com/bid/76943",
            "https://github.com/advisories/GHSA-gvjg-r9fv-7qx9"
          ],
          "uuid": "b213c3d2-be34-4b3f-a12c-f82cd0564ca0"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2014.2.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-5286"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.launchpad.net/bugs/1498163",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugs.launchpad.net/bugs/1498163"
            },
            {
              "name": "https://security.openstack.org/ossa/OSSA-2015-020.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://security.openstack.org/ossa/OSSA-2015-020.html"
            },
            {
              "name": "RHSA-2015:1897",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html"
            },
            {
              "name": "76943",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/76943"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-12T23:15Z",
      "publishedDate": "2015-10-26T17:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-5286 (GCVE-0-2015-5286)

Vulnerability from cvelistv5

suse-su-2016:0101-1

Vulnerability from csaf_suse

rhsa-2015:1897

Vulnerability from csaf_redhat

fkie_cve-2015-5286

Vulnerability from fkie_nvd

ghsa-gvjg-r9fv-7qx9

Vulnerability from github

gsd-2015-5286

Vulnerability from gsd

Tags

Sightings

Nomenclature