Important: Red Hat Security Advisory: openstack-packstack and openstack-puppet-modules update

Updated openstack-packstack and openstack-puppet-modules packages that fix one security issue and adds one enhancement are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security...

openstack-puppet-modules: pacemaker configured with default password

It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root...

Red Hat openstack-puppet-modules trust management vulnerability

Red Hat openstack-puppet-modules is a Red Hat implementation of Puppet a configuration management tool based on a client/server architecture capable of configuring core OpenStack services. A security vulnerability in the puppet manifests in Red Hat openstack-puppet-modules versions prior to...

CVE-2015-1842

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors...

Default credentials

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors...

CVE-2015-1842

CVE-2015-1842 relates to Red Hat OpenStack modules where the puppet manifests in the openstack-puppet-modules package were configured with a known default password for the pcsd daemon (CHANGEME). If this password is not changed and an attacker can access pcsd remotely, they could execute arbitrar...

PT-2015-1274 · Openstack · Openstack Puppet Module

Name of the Vulnerable Software and Affected Versions: openstack-puppet-modules versions prior to 2014.2.13-2 Description: The issue concerns the use of a default password 'CHANGEME' for the pcsd daemon in the openstack-puppet-modules package. This allows remote attackers to execute arbitrary she...

Important: Red Hat Security Advisory: openstack-packstack and openstack-puppet-modules security and bug fix update

Updated openstack-packstack and openstack-puppet-modules packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring...

Balero CMS 0.7.2 SQL Injection

Balero CMS v0.7.2 Multiple Blind SQL Injection Vulnerabilities Vendor: BaleroCMS Software Product web page: http://www.balerocms.com Affected version: 0.7.2 Summary: Balero CMS is an open source project that can help you manage the page of your company with just a few guided steps, minimizing the...

GLSA-201503-13 : BusyBox: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201503-13 BusyBox: Multiple vulnerabilities Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker can load kernel modules...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20150305)

A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. CVE-2015-0274, Important It was found that...

Scientific Linux Security Update : ipa on SL7.x x86_64 (20150305)

Two cross-site scripting XSS flaws were found in jQuery, which impacted the Identity Management web administrative interface, and could allow an authenticated user to inject arbitrary HTML or web script into the interface. CVE-2010-5312, CVE-2012-6662 Note: The IdM version provided by this update...

Ubuntu: Security Advisory (USN-2546-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Source code disclosure of Websense Triton JSP files via double quote character

------------------------------------------------------------------------ Source code disclosure of Websense Triton JSP files via double quote character ------------------------------------------------------------------------ Han Sahin, September 2014...

Websense Triton Source Code Disclosure

------------------------------------------------------------------------ Source code disclosure of Websense Triton JSP files via double quote character ------------------------------------------------------------------------ Han Sahin, September 2014...

Mandriva Linux Security Advisory : kernel (MDVSA-2015:057)

Multiple vulnerabilities has been found and corrected in the Linux kernel : The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a parenthesized module template expression in the salgname field, as...

ipa security update

CentOS Errata and Security Advisory CESA-2015:0442 Updated ipa packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerabilit...

Oracle Linux 7 : ipa (ELSA-2015-0442)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0442 advisory. - CVE-2014-7850 freeipa: XSS flaw can be used to escalate privileges 1165774 - CVE-2014-7828 freeipa: password not required when OTP in use 1160877...

RedHat Update for ipa RHSA-2015:0442-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: ipa security, bug fix, and enhancement update

Updated ipa packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...