CyberSec.Space Logo
返回 CVE 浏览器

CVE-2015-1851

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1660%
EPSS Percentile27.53th
Published2015年6月25日
Last Modified2026年5月6日

Vulnerability Description

OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.

Affected Platforms (CPE)

💻
Canonical

Ubuntu Linux

= 15.04
📦
Openstack

Icehouse

<= 2014.1.4
📦
Openstack

Juno

= 2014.2
📦
Openstack

Juno

= 2014.2.2
📦
Openstack

Juno

= 2014.2.3
📦
Openstack

Kilo

= 2015.1.0

References & Advisories

🔗 http://lists.openstack.org/pipermail/openstack-announce/2015-June/000367.html
🔗 http://rhn.redhat.com/errata/RHSA-2015-1206.html
🔗 http://www.debian.org/security/2015/dsa-3292
🔗 http://www.openwall.com/lists/oss-security/2015/06/13/1
🔗 http://www.openwall.com/lists/oss-security/2015/06/17/2
🔗 http://www.openwall.com/lists/oss-security/2015/06/17/7
🔗 http://www.ubuntu.com/usn/USN-2703-1
🔗 https://bugs.launchpad.net/cinder/+bug/1415087

相关漏洞威胁

CVE-2021-344239.8

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before ve...

CVE-2018-66349.8

A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maint...

CVE-2021-34938.8

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file cap...

CVE-2021-34928.8

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during cop...