RHEL 7 : instack-undercloud (RHSA-2017:2557)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2017:2557 advisory. instack-undercloud provides a collection of scripts and elements that can be used to install an OpenStack undercloud using python-instack. Security...

PT-2022-19250 · Zoho · Zoho Manageengine Adselfservice Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ADSelfService Plus versions prior to 6122 Description: The issue allows a remote authenticated administrator to execute arbitrary operating system commands as SYSTEM via the policy custom script feature. This can be exploite...

Security Bulletin: IBM DataPower Gateway has released a fixpack in response to the vulnerability known as Spectre.

Summary IBM has released the following fixpack for IBM DataPower Gateways in response to CVE-2017-5753. Vulnerability Details CVEID: CVE-2017-5753 Affected Products and Versions IBM DataPower Gateways appliances, versions 7.1.0.0-7.1.0.21, 7.2.0.0-7.2.0.18, 7.5.0.0-7.5.0.12, 7.5.1.0-7.5.1.11,...

CVE-2017-7549

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploi...

instack-undercloud: uses hardcoded /tmp paths

A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files...