|
Bug #1006414: Insecure loads()
|
 CVE-2012-4406 |
|
OpenStack Object Storage (swift)
|
Fix released, assigned to Vincent Untz
|
|
Bug #1177924: Use testr instead of nose as the unittest runner.
|
CVE-2016-0738 |
|
OpenStack Object Storage (swift)
|
Fix released, assigned to Richard Hawkins
|
|
Bug #1183884: [OSSA 2013-016] Unescaped content embedded in XML (CVE-2013-2161)
|
CVE-2013-2161 |
|
OpenStack Object Storage (swift)
|
Fix released, assigned to Jeremy Stanley
|
|
Bug #1188189: Some server-side 'SSL' communication fails to check certificates (use of HTTPSConnection)
|
CVE-2013-2255 |
|
OpenStack Object Storage (swift)
|
Invalid (unassigned)
|
|
Bug #1196932: [OSSA 2013-022] Possibly DoS attack using object tombstones (CVE-2013-4155)
|
CVE-2013-4155 |
|
OpenStack Object Storage (swift)
|
Fix released, assigned to Peter Portante
|
|
Bug #1265665: [OSSA 2014-002] Possible timing attack against tempurl (CVE-2014-0006)
|
CVE-2014-0006 |
|
OpenStack Object Storage (swift)
|
Fix released (unassigned)
|
|
Bug #1327414: [OSSA 2014-020] www-authenticate value isn't quoted (CVE-2014-3497)
|
CVE-2014-3497 |
|
OpenStack Object Storage (swift)
|
Fix released, assigned to John Dickinson
|
|
Bug #1430645: [OSSA 2015-006] unauthorized delete from container with x-version-location (CVE-2015-1856)
|
CVE-2015-1856 |
|
OpenStack Object Storage (swift)
|
Fix released (unassigned)
|
|
Bug #1449212: Container level temp URLs can unintentionally leak data.
|
CVE-2015-5223 |
|
OpenStack Object Storage (swift)
|
Fix released (unassigned)
|
|
Bug #1453948: [OSSA 2015-016] all PUT tempurls leak existence via DLO manifest attack (CVE-2015-5223)
|
CVE-2015-5223 |
|
OpenStack Object Storage (swift)
|
Fix released (unassigned)
|
|
Bug #1466549: [OSSA 2016-004] Download DLO objects leak connections when client kill connection (CVE-2016-0737)
|
CVE-2016-0737
CVE-2016-0738 |
|
OpenStack Object Storage (swift)
|
Fix released (unassigned)
|
|
Bug #1489749: staticweb middleware ignores acl and breaks clients
|
CVE-2015-5249 |
|
OpenStack Object Storage (swift)
|
Fix released, assigned to Christian Schwede
|
|
Bug #1493303: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)
|
CVE-2015-5223
CVE-2016-0737
CVE-2016-0738 |
|
OpenStack Object Storage (swift)
|
Fix released (unassigned)
|
|
Bug #1655781: Swift object/proxy server writing Auth Token to log file (swauth)
|
CVE-2017-16613 |
|
OpenStack Object Storage (swift)
|
Invalid (unassigned)
|
|
Bug #1685798: Swift tempurl middleware reveals signatures in the logfiles (CVE-2017-8761)
|
CVE-2017-8761 |
|
OpenStack Object Storage (swift)
|
Fix released, assigned to Christian Schwede
|
|
Bug #1998625: [OSSA-2023-001] Arbitrary file access through custom S3 XML entities (CVE-2022-47950)
|
CVE-2022-47950 |
|
OpenStack Object Storage (swift)
|
Fix released, assigned to Tim Burke
|
|
Bug #2119646: [OSSA-2025-002] Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE-2025-65073)
|
CVE-2025-65073 |
|
OpenStack Object Storage (swift)
|
Fix released (unassigned)
|
