7814 matches found
Red Hat OpenStack Platform Unauthorized Modification Vulnerability
Red Hat OpenStack Platform is a suite of platforms from Red Hat, Inc. that provide the core of next-generation IaaS Infrastructure-as-a-Service for private, public, and hybrid clouds.Pike, Newton, and Oacta are among the various version numbers. instack-undercloud is one of the... tools used to...
PYSEC-2017-152
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploi...
CVE-2017-7549
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploi...
Design/Logic Flaw
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploi...
CVE-2017-7549
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploi...
CVE-2017-7549
The CVE-2017-7549 issue affects instack-undercloud components in Red Hat OpenStack Platform: 7.2.0 (Pike), 6.1.0 (Oacta), and 5.3.0 (Newton). The root cause is insecure temporary files used by pre-install and security policy scripts, enabling a local user to perform a symbolic-link attack and ove...
CVE-2017-7549
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploi...
Huawei FusionSphere OpenStack Information Disclosure Vulnerability (CNVD-2017-34443)
Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. Huawei FusionSphere OpenStack suffers from an...
Security Advisory - Information Exposure Vulnerability on FusionSphere OpenStack
There is an information exposure vulnerability on FusionSphere OpenStack. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure...
CVE-2017-12155
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack...
Huawei FusionSphere OpenStack Information Disclosure Vulnerability
Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. Huawei FusionSphere OpenStack suffers from an...
Moderate: Red Hat Security Advisory: instack-undercloud security, bug fix, and enhancement update
An update for instack-undercloud is now available for Red Hat OpenStack Platform 11.0 Ocata. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Security Advisory - Sensitive Information Disclosure Vulnerability on FusionSphere OpenStack
There is a sensitive information disclosure vulnerability on FusionSphere OpenStack. The software stores some sensitive information with insufficient access control. An unauthenticated remote attacker could get sensitive information by accessing certain ports. Vulnerability ID: HWPSIRT-2017-06223...
Huawei FusionSphere Authorization Issues Vulnerability
Huawei FusionSphere, a product of Huawei, is a cloud operating system product developed based on the OpenStack framework. Huawei FusionSphere suffers from an authorization issue vulnerability, which can be exploited by an attacker to execute arbitrary commands, which in turn can query, modify, an...
Huawei FusionSphere SQL Injection Vulnerability
Huawei FusionSphere, a product of Huawei, is a cloud operating system product developed based on the OpenStack framework. Huawei FusionSphere suffers from a SQL injection vulnerability due to the program failing to adequately validate device input. An authenticated remote attacker can exploit thi...
Moderate: Red Hat Security Advisory: instack-undercloud security update
An update for instack-undercloud is now available for Red Hat OpenStack Platform 8.0 Liberty director. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...
Moderate: Red Hat Security Advisory: instack-undercloud security update
An update for instack-undercloud is now available for Red Hat Enterprise Linux OpenStack Platform director 7.0 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Moderate: Red Hat Security Advisory: instack-undercloud security, bug fix, and enhancement update
An update for instack-undercloud is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
Syntribos: An Open Source API Security Testing Tool
PenTestIT RSS Feed Web application security testing is a multi-faceted and yet important domains today. A few years ago, it was only the front end security tests and then came the backend. As newer endpoints are being exposed, it becomes imperative to test their security too. Syntribos is one suc...
CVE-2015-5695
Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service infinite loop via a crafted resource record s...