14 matches found
EUVD-2020-0053
Malware in sbrugna...
blazar-dashboard (=1.2.0), freezer-web-ui (=7.0.0.0b1) +3 more potentially affected by CVE-2020-29565 via horizon (=17.1.0)
horizon PYPI version =17.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on horizon and may be impacted: - blazar-dashboard =1.2.0 - freezer-web-ui =7.0.0.0b1 - monasca-ui =1.13.0 - sahara-dashboard =9.0.0.0b3, =2.4.0, =3.0.1 Source cves: CVE-2020-295...
blazar-dashboard (=1.2.0), freezer-web-ui (=7.0.0.0b1) +3 more potentially affected by CVE-2020-29565 via horizon (=17.1.0)
horizon PYPI version =17.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on horizon and may be impacted: - blazar-dashboard =1.2.0 - freezer-web-ui =7.0.0.0b1 - monasca-ui =1.13.0 - sahara-dashboard =9.0.0.0b3, =2.4.0, =3.0.1 Source cves: CVE-2020-295...
GHSA-939M-4XPW-V34V Arbitrary Code Execution in blazar-dashboard
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under because the Python eval function is used. This may result in...
Arbitrary Code Execution in blazar-dashboard
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under because the Python eval function is used. This may result in...
Arbitrary Code Execution
blazar-dashboard is vulnerable to arbitrary code execution. An insecure usage of the eval function allows a user to execute arbitrary code on the Horizon host...
CVE-2020-26943
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under because the Python eval function is used. This may result in...
CVE-2020-26943
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under because the Python eval function is used. This may result in...
PYSEC-2020-225
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under because the Python eval function is used. This may result in...
Design/Logic Flaw
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under because the Python eval function is used. This may result in...
PYSEC-2020-225
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under because the Python eval function is used. This may result in...
CVE-2020-26943
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under because the Python eval function is used. This may result in...
CVE-2020-26943
OpenStack blazar-dashboard (before 1.3.1, 2.0.0, and 3.0.0) exposes a Python eval-based vulnerability that can trigger code execution on the Horizon host when a user with access to the Blazar dashboard operates within Horizon. This may result in Horizon host unauthorized access and further compro...
blazar-dashboard (=1.2.0), freezer-web-ui (=7.0.0.0b1) +3 more potentially affected by CVE-2012-3540 via horizon (=17.1.0)
horizon PYPI version =17.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on horizon and may be impacted: - blazar-dashboard =1.2.0 - freezer-web-ui =7.0.0.0b1 - monasca-ui =1.13.0 - sahara-dashboard =9.0.0.0b3, =2.4.0, =3.0.1 Source cves: CVE-2012-354...