7759 matches found
OpenStack Security Bypass Vulnerabilities
OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration in collaboration with Rackspace, U.S.A. Openstack Ocata and Newton are both different versions of it. aodh is one of the Aodh is one of the alerting function modules. Openstack Ocata an...
Debian DSA-3953-1 : aodh - security update
Zane Bitter from Red Hat discovered a vulnerability in Aodh, the alarm engine for OpenStack. Aodh does not verify that the user creating the alarm is the trustor or has the same rights as the trustor, nor that the trust is for the same project as the alarm. The bug allows that an authenticated us...
Huawei FusionSphere OpenStack Command Injection Vulnerability
Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. The Huawei FusionSphere OpenStack suffers from a comma...
Huawei FusionSphere OpenStack Command Injection Vulnerability (CNVD-2017-30062)
Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. The Huawei FusionSphere OpenStack suffers from a comma...
OpenStack Neutron Information Disclosure Vulnerability
OpenStack is a cloud platform management project. neutron is one of the networking components that provides network-as-a-service, enabling the creation of networks between OpenStack services, access to network devices into the mesh, and more. A remote information disclosure vulnerability exists i...
[SECURITY] [DSA 3953-1] aodh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3953-1 [email protected] https://www.debian.org/security/ Luciano Bello August 23, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3953-1] aodh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3953-1 [email protected] https://www.debian.org/security/ Luciano Bello August 23, 2017 https://www.debian.org/security/faq -...
CVE-2016-2102
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network...
Design/Logic Flaw
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network...
CVE-2016-2102
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network...
CVE-2016-2102
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network...
CVE-2016-2102
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network...
CVE-2016-2102
Removed by vendor...
CVE-2016-2102
HAProxy in openstack-tripleo-image-elements is exposed via non-authenticated statistics over the network (CVE-2016-2102). Connected sources reference haproxy-related vulnerabilities affecting the package, and a Red Hat bug entry (1311145) is linked. The provided connected documents do not include...
Code injection
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust ID...
CVE-2017-12440
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust ID...
UBUNTU-CVE-2017-12440
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust ID...
CVE-2017-12440
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust ID...
CVE-2017-12440
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust ID...
DEBIAN-CVE-2017-12440
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust ID...