CVE-2019-13416

Search Guard versions before 24.3 had an issue when Cross Cluster Search CCS was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote clusters...

Fedora Update for slurm FEDORA-2019-4ca3a39825

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for slurm FEDORA-2019-5d0d2619df

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: In IBM Cloud Private on OpenShift icp-scc SecurityContextContraints is erroneously assigned to all pods in all namespaces

Summary In IBM Cloud Private on OpenShift icp-scc SecurityContextContraints is erroneously assigned to all pods in all namespaces Vulnerability Details CVEID: CVE-2019-4415 DESCRIPTION: IBM Cloud Private could allow a local user to obtain elevated privileges due to improper security context...

CVE-2019-12494

In Gardener before 0.20.0, incorrect access control in seed clusters allows information disclosure by sending HTTP GET requests from one's own shoot clusters to foreign shoot clusters. This occurs because traffic from shoot to seed via the VPN endpoint is not blocked...

Fedora Update for slurm FEDORA-2019-e66b1889ec

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-3779

Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA Certificate Authority to sign and trust certs for ETCD as used by the Kubernetes API. This could allow a user authenticated with a cluster to request a signed certificate leveraging the...

Cisco Talos Honeypot Analysis Reveals Rise in Attacks on Elasticsearch Clusters

Christopher Evans of Cisco Talos conducted the research for this post. Executive Summary Cisco Talos warns users that they need to keep a close eye on unsecured Elasticsearch clusters. We have recently observed a spike in attacks from multiple threat actors targeting these clusters. These attacke...

[SECURITY] Fedora 29 Update: docker-1.13.1-65.git1185cfd.fc29

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container...

[SECURITY] Fedora 28 Update: hadoop-2.7.7-1.fc28

Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers using simple programming model s. It is designed to scale up from single servers to thousands of machines, ea ch offering local computation and storage...

RHEL 7 : atomic-openshift-utils (RHSA-2016:2778)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:2778 advisory. Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud...

GHSA-83R3-C79W-F6WC High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service

The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations...

CVE-2018-3829

In Elastic Cloud Enterprise ECE versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to...

CVE-2018-3825

In Elastic Cloud Enterprise ECE versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper...

FreeBSD : FreeBSD -- Resource exhaustion in IP fragment reassembly (359e1548-a652-11e8-805b-a4badb2f4699)

A researcher has notified us of a DoS attack applicable to another operating system. While FreeBSD may not be vulnerable to that exact attack, we have identified several places where inadequate DoS protection could allow an attacker to consume system resources. It is not necessary that the attack...

Red Hat keycloak infinite loop vulnerability

Red Hat keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. An infinite loop vulnerability exists in session replacement in Red Hat Keycloak versions prior to 4.0.0.final, which stems from the failure of...

[SECURITY] Fedora 28 Update: hadoop-2.7.6-4.fc28

Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers using simple programming model s. It is designed to scale up from single servers to thousands of machines, ea ch offering local computation and storage...

Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-7456)

Summary A security vulnerability has been identified in the current levels of IBM Spectrum Scale V4.1.1 thru 4.1.1.3 and V4.2.0.0 that could allow a local unprivileged user, or a user with network access to the IBM Spectrum Scale cluster, to access admin passwords for object storage infrastructur...

[SECURITY] Fedora 27 Update: slurm-17.02.11-1.fc27

Slurm is an open source, fault-tolerant, and highly scalable cluster management and job scheduling system for large and small Linux clusters...

[SECURITY] Fedora 28 Update: slurm-17.11.7-1.fc28

Slurm is an open source, fault-tolerant, and highly scalable cluster management and job scheduling system for Linux clusters. Components include machine status, partition management, job management, scheduling and accounting modules...