3786 matches found
Security Bulletin: IBM SmartCloud Orchestrator - Nova compute DoS through ephemeral disk backing files (CVE-2013-6437)
Summary By repeatedly creating snapshots, changing the ostype to a new random value, and spawning new instances from the snapshot and quickly deleting those instances, an authenticated user might generate lots of different ephemeral disk backing files. These files than fill up compute node disks,...
Design/Logic Flaw
openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCDCLIENTCERTAUTH and ETCDPEERCLIENTCERTAUTH in etcd.conf result in etcd being configured to allow remote users...
CVE-2018-1085
openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCDCLIENTCERTAUTH and ETCDPEERCLIENTCERTAUTH in etcd.conf result in etcd being configured to allow remote users...
Security Bulletin: Apache Commons FileUpload Vulnerability affects WebSphere Application Server (CVE-2016-3092)
Summary Apache Commons Fileupload vulnerability affects WebSphere Application Server and WebSphere Application Server Hypervisor Edition. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload...
RHEL 6 : eap6-jboss-ec2-eap (RHSA-2018:1451)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1451 advisory. The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services AWS Elastic...
Wallarm Node — now as a Google Cloud image
Today we’re excited to announce native availability of Wallarm Node image for Google Cloud Platform GCP. Many Wallarm customers and prospects use Google Cloud for its high-performance, scalable infrastructure with excellent price/performance. The ability to customize machine types to customer...
Remote code execution
A remote code execution vulnerability exists when the Windows Host Compute Service Shim hcsshim library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Windows Host Compute...
CVE-2018-8115
A remote code execution vulnerability exists when the Windows Host Compute Service Shim hcsshim library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Windows Host Compute...
CVE-2018-8115
A remote code execution vulnerability exists when the Windows Host Compute Service Shim hcsshim library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Windows Host Compute...
CVE-2018-8115
A remote code execution vulnerability exists when the Windows Host Compute Service Shim hcsshim library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Windows Host Compute...
CVE-2018-8115
CVE-2018-8115 affects the Windows Host Compute Service Shim (hcsshim) library. A remote code execution flaw exists because hcsshim fails to properly validate input when importing a container image, enabling an authenticated administrator to cause arbitrary code execution on the Windows host via a...
Windows Host Compute Service Shim Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows Host Compute Service Shim hcsshim library fails to properly validate input while importing a container image. To exploit the vulnerability, an attacker would place malicious code in a specially crafted container image which, if an...
KLA11239 ACE vulnerability in Windows Host Compute Service Shim
An remote code execution vulnerability was found in Windows Host Compute Service Shim. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially crafted image container. Original advisories CVE-2018-8115 Exploitation...
DoS Vulnerability in JP1/ServerConductor/Deployment Manager and Hitachi Compute Systems Manager
Overview A DoS Vulnerability was found in JP1/ServerConductor/Deployment Manager and Hitachi Compute Systems Manager Deployment Manager Plug-in. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the...
Default credentials
A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource...
CVE-2018-1097
CVE-2018-1097 affects Foreman prior to 1.16.1. The vulnerability allows users with limited permissions for powering Ovirt/RHV hosts on and off to discover the credentials (username and password) used to connect to the compute resource. Exploitation details are not provided in the connected docume...
Intel Tells Remote Keyboard Users to Delete App After Critical Bug Found
Intel said Tuesday it was putting the kibosh on a popular Android and iOS app called Intel Remote Keyboard after researchers discovered that local attackers can inject keystrokes into a remote keyboard session when in use. The Intel Remote Keyboard product is an Android and iOS app that works in...
PT-2018-10214 · Foreman · Foreman
Name of the Vulnerable Software and Affected Versions: foreman versions prior to 1.16.1 Description: A flaw was found in the software that allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource...
Important: Red Hat Security Advisory: jboss-ec2-eap package for EAP 7.1.1
An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 7.1.1 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 7.1.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impa...
Moderate: Red Hat Security Advisory: openstack-nova and python-novaclient security, bug fix, and enhancement update
An update for openstack-nova and python-novaclient is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...