Important: Red Hat Security Advisory: rhosp-director-images security and bug fix update

Updated deployment images are now available for Red Hat OpenStack Platform 8.0 Liberty director. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2016-4474

An issue was discovered in the image build process for the overcloud images, as used by director, resulting in all previous images to have a default root password of "rootpw". Remote root access via SSH is disabled by default...

CVE-2016-3738

A vulnerability was found in the STI build process in OpenShift Enterprise. Access to STI builds was not properly restricted, allowing an attacker to use STI builds to access the Docker socket and escalate their privileges...

The vulnerability of the Kubernetes cluster management software allows a hacker to increase their privileges.

The vulnerability of the software interface of the Kubernetes cluster management server is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to enhance their privileges by modifying system configuration during the system build process...

RedHat Update for util-linux RHSA-2012:0307-03

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2010-2276

The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact...

CVE-2010-2276

The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact...

Default configuration

The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact...

CVE-2010-2276

CVE-2010-2276 affects Dojo where the default build-process configuration uses copyTests=true and mini=false, enabling remote attackers to cause an unspecified impact via requests to test or demo components. Affected Dojo lines: 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x bef...

CVE-2010-2276

The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact...

CVE-2010-2276

The default configuration of the build process in Dojo 0.4.x before 0.4.4, 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 has the copyTests=true and mini=false options, which makes it easier for remote attackers to have an unspecified impact...

FreeBSD : dojo -- XSS and other vulnerabilities (805603a1-3e7a-11df-a5a1-0050568452ac)

The Dojo Toolkit team reports : Some PHP files did not properly escape input. Some files could operate like 'open redirects'. A bad actor could form an URL that looks like it came from a trusted site, but the user would be redirected or load content from the bad actor's site. A file exposed a mor...

Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution

Summary Product : Vim -- Vi IMproved Versions : 5.0--current, possibly older; 4.6 and 3.0 not vulnerable Impact : Arbitrary code execution Wherefrom: Local Original : http://www.rdancer.org/vulnerablevim-configure.in.html http://www.rdancer.org/vulnerablevim-configure.in.patch Insecure temporary...

Design/Logic Flaw

The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally disables access restrictions when using the /var/yp/securenets file, which allows remote attackers to bypass intended access restrictions...

DEBIAN-CVE-2004-0256

GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp...