VulnerableCode Package Details - pkg:deb/debian/swift@2.2.0-1%2Bdeb8u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-1k44-tzfw-pkhw Aliases: CVE-2016-0737 GHSA-972c-cfv8-2hq8	OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service A memory-leak issue was found in OpenStack Object Storage (swift), in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption.	2.10.2-1~deb9u1~bpo8+1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-4k1g-3b3h-1fbz Aliases: CVE-2017-8761 GHSA-8fxc-qm65-vpxg	Temporary urls leaked via logging In OpenStack Swift prior to 2.15.2, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.	2.19.1-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-4wxz-pgew-5uc4 Aliases: CVE-2016-0738 GHSA-fxwr-2vxm-cg7p	OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.	2.10.2-1~deb9u1~bpo8+1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-cczb-m9jq-wbb2 Aliases: CVE-2015-1856 GHSA-cc77-5vw4-7pwg	OpenStack Swift Unauthorized delete of versioned Swift object OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.	2.10.2-1~deb9u1~bpo8+1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-qsxb-qjb1-mqfd Aliases: CVE-2022-47950 GHSA-274c-rx2j-2v3x	OpenStack Swift XML external entities (XXE) Injection An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).	2.26.0-10+deb11u1 Affected by 0 other vulnerabilities.
VCID-yhkc-dkqq-x7fg Aliases: CVE-2015-5223 GHSA-q45h-chc8-hvp6	Exposure of Sensitive Information to an Unauthorized Actor OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.	2.10.2-1~deb9u1~bpo8+1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-1k44-tzfw-pkhw
Aliases:
CVE-2016-0737
GHSA-972c-cfv8-2hq8

OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service A memory-leak issue was found in OpenStack Object Storage (swift), in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption.

2.10.2-1~deb9u1~bpo8+1
Affected by 2 other vulnerabilities.

VCID-4k1g-3b3h-1fbz
Aliases:
CVE-2017-8761
GHSA-8fxc-qm65-vpxg

Temporary urls leaked via logging In OpenStack Swift prior to 2.15.2, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.

2.19.1-1
Affected by 1 other vulnerability.

VCID-4wxz-pgew-5uc4
Aliases:
CVE-2016-0738
GHSA-fxwr-2vxm-cg7p

OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

2.10.2-1~deb9u1~bpo8+1
Affected by 2 other vulnerabilities.

VCID-cczb-m9jq-wbb2
Aliases:
CVE-2015-1856
GHSA-cc77-5vw4-7pwg

OpenStack Swift Unauthorized delete of versioned Swift object OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.

2.10.2-1~deb9u1~bpo8+1
Affected by 2 other vulnerabilities.

VCID-qsxb-qjb1-mqfd
Aliases:
CVE-2022-47950
GHSA-274c-rx2j-2v3x

OpenStack Swift XML external entities (XXE) Injection An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).

2.26.0-10+deb11u1
Affected by 0 other vulnerabilities.

VCID-yhkc-dkqq-x7fg
Aliases:
CVE-2015-5223
GHSA-q45h-chc8-hvp6

Exposure of Sensitive Information to an Unauthorized Actor OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.

2.10.2-1~deb9u1~bpo8+1
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T00:26:33.350616+00:00	Debian Oval Importer	Affected by	VCID-4wxz-pgew-5uc4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T22:19:33.209578+00:00	Debian Oval Importer	Affected by	VCID-yhkc-dkqq-x7fg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T20:50:12.361359+00:00	Debian Oval Importer	Affected by	VCID-cczb-m9jq-wbb2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:55:24.858410+00:00	Debian Oval Importer	Affected by	VCID-4k1g-3b3h-1fbz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:54:19.783169+00:00	Debian Oval Importer	Affected by	VCID-qsxb-qjb1-mqfd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:50:48.550486+00:00	Debian Oval Importer	Affected by	VCID-1k44-tzfw-pkhw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T23:59:55.411491+00:00	Debian Oval Importer	Affected by	VCID-4wxz-pgew-5uc4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T21:57:01.697681+00:00	Debian Oval Importer	Affected by	VCID-yhkc-dkqq-x7fg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:30:51.177342+00:00	Debian Oval Importer	Affected by	VCID-cczb-m9jq-wbb2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:41:20.145720+00:00	Debian Oval Importer	Affected by	VCID-4k1g-3b3h-1fbz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:41:01.848639+00:00	Debian Oval Importer	Affected by	VCID-qsxb-qjb1-mqfd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:37:34.825772+00:00	Debian Oval Importer	Affected by	VCID-1k44-tzfw-pkhw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T23:31:29.550362+00:00	Debian Oval Importer	Affected by	VCID-4wxz-pgew-5uc4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T21:34:17.119196+00:00	Debian Oval Importer	Affected by	VCID-yhkc-dkqq-x7fg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T20:11:08.704833+00:00	Debian Oval Importer	Affected by	VCID-cczb-m9jq-wbb2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T17:28:38.629980+00:00	Debian Oval Importer	Affected by	VCID-4k1g-3b3h-1fbz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:31:34.488836+00:00	Debian Oval Importer	Affected by	VCID-qsxb-qjb1-mqfd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:28:18.343212+00:00	Debian Oval Importer	Affected by	VCID-1k44-tzfw-pkhw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0