CVE-2017-4969

The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks...

CVE-2017-4969

The CVE-2017-4969 issue affects the Cloud Foundry cf-release Cloud Controller (pre-v255). A design/logic flaw allows authenticated developer users to exceed a task’s memory and disk quotas, enabling overconsumption relative to configured quotas. Impact is described as a quota-exceeding condition ...

CVE-2017-4969: Bug in CC allows users to exceed quotas | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v255 Description The Cloud Foundry Cloud Controller allows authenticated developer users to exceed memory and disk quotas for tasks. Mitigation OSS users are strongly encouraged to follow one of the...

CVE-2016-9882

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log...

CVE-2016-9882

CVE-2016-9882 affects Cloud Foundry cf-release before v250 and CAPI-release before v1.12.0. The issue is that Cloud Foundry logs credentials returned from service brokers in Cloud Controller system component logs; these logs are written to disk and often forwarded to log aggregators via syslog. T...

Parrot OS 3.0 (Lithium) - Friendly OS designed for Pentesting, Computer Forensic, Hacking, Cloud pentesting, Privacy/Anonimity and Cryptography

Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed by Frozenbox network. Who can use it Parrot is designed for everyone, from the Pro...

CVE-2013-4769

The cloud controller aka CLC component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is used, allows remote attackers to cause a denial of service traffic amplification via spoofed DNS queries...

Spoofing

The cloud controller aka CLC component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is used, allows remote attackers to cause a denial of service traffic amplification via spoofed DNS queries...

CVE-2013-4769

The cloud controller aka CLC component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is used, allows remote attackers to cause a denial of service traffic amplification via spoofed DNS queries...

CVE-2013-4769

The CVE affects the Cloud Controller (CLC) component of Eucalyptus in releases 3.3.x and 3.4.x prior to 3.4.2. When the dns.recursive.enabled setting is active, remote attackers can trigger a denial of service via traffic amplification by sending spoofed DNS queries. The impact is a partial avail...

CVE-2013-4769

The cloud controller aka CLC component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is used, allows remote attackers to cause a denial of service traffic amplification via spoofed DNS queries...

CVE-2013-4768

The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and 1 Cloud Controller CLC, 2 Walrus, 3 Storage Controller SC, and 4 VMware Broker VB...

Code injection

The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and 1 Cloud Controller CLC, 2 Walrus, 3 Storage Controller SC, and 4 VMware Broker VB...

CVE-2013-4768

The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and 1 Cloud Controller CLC, 2 Walrus, 3 Storage Controller SC, and 4 VMware Broker VB...

CVE-2013-4768

The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and 1 Cloud Controller CLC, 2 Walrus, 3 Storage Controller SC, and 4 VMware Broker VB...

[SECURITY] Fedora 18 Update: eucalyptus-3.2.2-1.fc18

Eucalyptus is a service overlay that implements elastic computing using existing resources. The goal of Eucalyptus is to allow sites with existing clusters and server infrastructure to co-host an elastic computing service that is interface-compatible with Amazon AWS. This package contains the...

OpenStack Nova安全绕过漏洞

BUGTRAQ ID: 61637 CVECAN ID: CVE-2013-2256 OpenStack Compute Nova是用Python编写的云计算构造控制器，属于laaS系统的一部分。 Nova 存在安全措施绕过漏洞，攻击者可利用此漏洞绕过某些安全限制，然后执行未授权操作。 0 openstack Nova 厂商补丁： openstack --------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://lists.openstack.org/pipermail/openstack-announce/...

CVE-2012-4065

Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain direct access to a 1 Cloud Controller or 2 Walrus service via a crafted message, as demonstrated by...

Design/Logic Flaw

Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to 1 Cloud Controller or 2 Walrus with the internal message format and a modified user id...

Authorization

Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain direct access to a 1 Cloud Controller or 2 Walrus service via a crafted message, as demonstrated by...