EUVD-2022-3123

Malicious code in bioql PyPI...

SUSE CVE-2017-12440

Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust ID...

Red Hat OpenStack Platform Unauthorized Modification Vulnerability

Red Hat OpenStack Platform is a suite of platforms from Red Hat, Inc. that provide the core of next-generation IaaS Infrastructure-as-a-Service for private, public, and hybrid clouds.Pike, Newton, and Oacta are among the various version numbers. instack-undercloud is one of the... tools used to...

Design/Logic Flaw

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploi...

CVE-2017-12440

OpenStack Aodh (Ocata/Newton releases prior to change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and Pike-rc1) contains a verification flaw where trust IDs used in HTTP alarm actions (scheme trust+http) are not verified as belonging to the user. This allows remote authenticated users who know a...

CVE-2017-12440

Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust ID...