| CVE-2016-0738 |
high |
7.5 |
7.5 |
|
|
|
11y ago |
OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (pro… |
| CVE-2016-0737 |
high |
7.5 |
7.5 |
|
|
|
11y ago |
OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series o… |
| CVE-2013-2161 |
high |
— |
7.5 |
|
|
|
13y ago |
XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name. |
| CVE-2015-1856 |
medium |
— |
5.5 |
|
|
|
11y ago |
OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-vers… |
| CVE-2015-5223 |
medium |
— |
5.0 |
|
|
|
11y ago |
OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container. |
| CVE-2014-3497 |
medium |
— |
4.3 |
|
|
|
4y ago |
Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header. |
| CVE-2014-0006 |
medium |
— |
4.3 |
|
|
|
13y ago |
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timin… |
| CVE-2014-7960 |
medium |
— |
4.0 |
|
|
|
12y ago |
OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when c… |
| CVE-2013-4155 |
medium |
— |
4.0 |
|
|
|
13y ago |
OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE reque… |
