KVM virtualization new Vulnerability, CVE-2 0 1 5-6 8 1 5 Technical Analysis-vulnerability warning-the black bar safety net

0x00 Preface Cloud computing service has now touched multiple industries, whether it is cloud storage, cloud music and other life can be seen everywhere in business, even banking and Finance, payment information and other services and the cloud are closely related. As a cloud service based, the...

Moderate: Red Hat Security Advisory: openshift security update

Updated openshift packages that fix one security issue are now available for Red Hat OpenShift Enterprise 3.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: node.js security update

Updated node.js packages that fix one security issue are now available for Red Hat OpenShift Enterprise 2.1. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Elasticsearch Arbitrary Code Execution Vulnerability

Elasticsearch is a set of open source distributed RESTful search engine built on Lucene , it is mainly used in cloud computing , and supports data indexing via HTTP using JSON . A security vulnerability exists in Elasticsearch that allows a remote attacker to submit a special request to execute...

Debian DSA-3292-1 : cinder - security update

Bastian Blank from credativ discovered that cinder, a storage-as-a-service system for the OpenStack cloud computing suite, contained a bug that would allow an authenticated user to read any file from the cinder server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Debian: Security Advisory (DSA-3292-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Catastrophic vulnerability: Venom threat most of the data center-vulnerability warning-the black bar safety net

A security research firm alert, referring to a new Bug could allow a hacker from the inside of the ride unscathed in the data center solve most of the machine. The zero-day vulnerability from the extensive application virtualization software of the traditional General-purpose component that can b...

IBM Watson XSS / Open Redirect

Vulnerability type: Cross-site Scripting & Redirect Vendor: www.ibm.com Product: IBM Watson Cloud Computing SaaS Cognea Product Link: http://www.ibm.com/smarterplanet/us/en/ibmwatson/ Credit: Jerold Hoong The logout.jsp page function of the IBM Watson Cognea SaaS application is vulnerable to...

Watcher v1.5.8 - Web Security Testing Tool and Passive Vulnerability Scanner

Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as...

Important: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update

Updated openstack-nova packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System...

[SE-2014-02] Google App Engine Java security sandbox bypasses (details)

Hello All, Details of our SE-2014-02 project have been released to the public. A technical writeup and accompanying Proof of Concept codes can be found at the following location: http://www.security-explorations.com/en/SE-2014-02-details.html In case of Google App Engine for Java, its first layer...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.1.9 security, bug fix, and enhancement update

Red Hat OpenShift Enterprise release 2.1.9, which fixes two security issues, several bugs, and add one enhancement, is now available. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2 Release Advisory

Red Hat OpenShift Enterprise release 2.2, which fixes a security issue, several bugs and includes various enhancements, is now available. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Important: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update

Updated openstack-nova packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System...

NIST Publishes Draft Hypervisor Security Guide

NIST has followed up a three-year-old virtualization security guide with recommendations for hypervisor security. A draft version of SP800-125a was released this week and a public comment period opened on Monday and ends Nov. 10. The guide targets enterprise security and IT management as well dat...

the elasticsearch exploit tool kit-vulnerability warning-the black bar safety net

ElasticSearch is based on Lucene to build the open source, distributed, RESTful search engine. Designed for cloud computing, it is possible to achieve real-time search, stable, reliable, fast, install easy to use. Support through HTTP using the JSON data index. ! Please do not used for illegal...

Moderate: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update

Updated openstack-nova packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring...

Important: Red Hat Bug Fix Advisory: Red Hat OpenShift Enterprise 2.1 Release Advisory

Red Hat OpenShift Enterprise release 2.1, which fixes several bugs and includes various enhancements, is now available. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The OpenShift Enterpri...

Eucalyptus Web Services拒绝服务漏洞

CVE ID:CVE-2013-4768 Eucalyptus是一款开源的软件基础结构，用来通过计算集群或工作站群实现弹性的、实用的云计算。 Eucalyptus web services网络清理代码存在错误，允许攻击者利用漏洞提交特殊的请求进行拒绝服务攻击。 0 Eucalyptus 3.x Eucalyptus 3.4.2版本已修复该漏洞，建议用户下载使用： https://www.eucalyptus.com...

OpenStack Nova RBAC安全绕过漏洞

Bugtraq ID:65753 CVE ID:CVE-2014-0167 OpenStack是由Rackspace和NASA共同开发的云计算平台，帮助服务商和企业内部实现类似于Amazon EC2和S3的云基础架构。OpenStack Nova提供虚拟计算服务。 OpenStack Nova EC2 API安全组实现存在安全漏洞，如addrules, removerules 和destroy方法，受限用户可使用EC2 API绕过限制对安全组进行未授权操作。 0 OpenStack Nova 2013.1 - 2013.2.3 用户可参考如下厂商提供的安全补丁以修复该漏洞：...