swift · threatengine.sh

CVE-2026-28815

>= 4.0.0 and < 4.3.1

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, p

7.5HIGH

CVE-2023-26154

< 6.2.0

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before

5.9MEDIUM

CVE-2022-47950

< 2.28.1

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an aut

6.5MEDIUM

CVE-2022-3252

< 1.9.2

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing

7.5HIGH

CVE-2022-32389

all versions

Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This allows attackers to access sensit

7.5HIGH

CVE-2022-1642

< 5.6.2

A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source pro

7.5HIGH

CVE-2017-8761

<= 2.10.1

In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leakin

4.3MEDIUM

CVE-2020-9861

<= 5.1.4

A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for dealing with deeply

7.5HIGH

CVE-2019-8790

< 5.1.1

This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixe

5.5MEDIUM

CVE-2018-16386

all versions

An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary log filename) can be achieved via

7.5HIGH

CVE-2018-4220

< 4.1.1

An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. The issue involves the

8.8HIGH

CVE-2017-16613

<= 2.15.1

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swif

9.8CRITICAL

CVE-2016-0738

<= 2.3.0

OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connect

7.5HIGH

CVE-2016-0737

<= 2.3.0

OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a

7.5HIGH

CVE-2015-8466

<= 1.8

Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.

7.4HIGH

CVE-2015-5223

<= 2.3.0

OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object

CVE-2015-1856

<= 2.2.2

OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the l

CVE-2014-7960

<= 2.1.0

OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata co

CVE-2014-3497

all versions

Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web

CVE-2013-6396

all versions

The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL s

CVE-2014-0006

all versions

The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote att

CVE-2013-4155

<= 1.9.0

OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous"

CVE-2012-4406

< 1.7.0

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loadin

9.8CRITICAL

openstack swift