| CVE-2012-4406 |
critical |
9.8 |
9.8 |
|
|
|
14y ago |
OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arb… |
| CVE-2015-1856 |
medium |
— |
5.5 |
|
|
|
11y ago |
OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-vers… |
| CVE-2015-5223 |
medium |
— |
5.0 |
|
|
|
11y ago |
OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container. |
| CVE-2014-3497 |
medium |
— |
4.3 |
|
|
|
4y ago |
Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header. |
| CVE-2014-0006 |
medium |
— |
4.3 |
|
|
|
13y ago |
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timin… |
| CVE-2014-7960 |
medium |
— |
4.0 |
|
|
|
12y ago |
OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when c… |
| CVE-2013-4155 |
medium |
— |
4.0 |
|
|
|
13y ago |
OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE reque… |
