EUVD-2022-2957

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-7404

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL...

SUSE CVE-2024-28718

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the certmanager.py. component...

GHSA-JX7X-9R98-H5XR OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the certmanager.py. component...

CVE-2024-28718

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the certmanager.py. component...

CVE-2024-28718

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the certmanager.py. component...

SUSE CVE-2016-7404

OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform...

CVE-2016-7404

OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform...

UBUNTU-CVE-2016-7404

OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform...

Design/Logic Flaw

OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform...

OpenStack Magnum Security Bypass Vulnerability

OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration and Rackspace, Inc. Magnum is a container resource management component. A security bypass vulnerability exists in OpenStack Magnum. An attacker could use this vulnerability to bypass...

CVE-2016-7404

OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform...

SUSE-SU-2017:1233-1 Security update for openstack-magnum

This update for openstack-magnum fixes the following issues: Security issues fixed: - CVE-2016-7404: Magnum created instances have full API access to creating user's OpenStack account bsc998182. Bugfixes: - Fixed exception for InvalidParameterValue. - Updated patches have been tested against...

Unauthorized Read Access

openstack-magnum is vulnerable to unauthorized read access. The vulnerability exists as the permissions for /etc/sysconfig/heat-params in openstack-magnum was 0644, which gave read access to non-root users...