ClusterLabs Hawk 安全漏洞

ClusterLabs Hawk is a ClusterLabs open source application. It is used to manage and monitor Pacemaker HA clusters. ClusterLabs Hawk has a security vulnerability that allows an attacker to bypass access restrictions to read or modify data using chmod...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.1.5 security and bug fix update

Red Hat Advanced Cluster Management for Kubernetes 2.1.5 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

Apache Ambari Arbitrary File Download Vulnerability

Apache Ambari is a web-based tool that supports provisioning, management and monitoring of Apache Hadoop clusters. An arbitrary file download vulnerability exists in Apache Ambari 2.6.2.2 and earlier versions. An attacker can exploit this vulnerability by constructing filenames to traverse other...

USN-4789-1: Apache ZooKeeper vulnerabilities

It was discovered that Apache ZooKeeper incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVE-2016-5017 It was discovered that Apache ZooKeeper incorrectly implemented "wchp/wchc" commands. An attacker could...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.0.8 security and bug fix update

Red Hat Advanced Cluster Management for Kubernetes 2.0.8 General Availability release, which fixes bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

HPE Apollo 70 Buffer Overflow Vulnerability (CNVD-2021-10580)

The HPE Apollo 70 system is an Arm-based platform that provides the density and scalability required for large HPC cluster deployments. A local buffer overflow vulnerability exists in the libifc.so webgetactivexcfg function in the Baseboard Management Controller BMC firmware in HPE Apollo 70...

HPE Apollo 70 Buffer Overflow Vulnerability (CNVD-2021-10576)

The HPE Apollo 70 system is an Arm-based platform that provides the density and scalability required for large HPC cluster deployments. A local buffer overflow vulnerability exists in the libifc.so websetremoteimageinfo function in the Baseboard Management Controller BMC firmware in HPE Apollo 70...

HPE Apollo 70 Command Injection Vulnerability (CNVD-2021-10577)

The HPE Apollo 70 system is an Arm-based platform that provides the density and scalability required for large HPC cluster deployments. A command injection vulnerability exists in the libifc.so websetdefaultlangcfg function in the Baseboard Management Controller BMC firmware in HPE Apollo 70...

HPE Apollo 70 Buffer Overflow Vulnerability

The HPE Apollo 70 system is an Arm-based platform that delivers the density and scalability required for large HPC cluster deployments. A local buffer overflow vulnerability exists in the libifc.so uploadsshkey function in the Baseboard Management Controller BMC firmware in HPE Apollo 70 versions...

HPE Apollo 70 Buffer Overflow Vulnerability (CNVD-2021-10581)

The HPE Apollo 70 system is an Arm-based platform that delivers the density and scalability required for large HPC cluster deployments. A local buffer overflow vulnerability exists in the libifc.so webgetactivexcfg function in the Baseboard Management Controller BMC firmware in HPE Apollo 70...

CVE-2021-25324

MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp...

CVE-2021-25324

MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp...

MISP 跨站脚本漏洞

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in MISP version 2.4.136, which originates from...

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2018-1002102)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that allows a compromised node to redirect API server requests from streaming endpoints to arbitrary hosts CVE-2018-1002102 Vulnerability Details CVEID: CVE-2018-1002102 Description: Improp...

Fedora 32 : golang-github-containernetworking-plugins (2021-ccb8a9c403)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-ccb8a9c403 advisory. - A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes...

CVE-2020-8564 Docker config secrets leaked when file is malformed and loglevel >= 4

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects v1.19.3, v1.18.10, v1.17.13...

Cross-Site Scripting (XSS)

pcs:stretch is vulnerable to a cross-site scripting. Improper validations of Node name field allow attackers to inject and execute arbitrary Javascript when creating or adding existing clusters...

[SECURITY] Fedora 33 Update: slurm-20.02.6-1.fc33

Slurm is an open source, fault-tolerant, and highly scalable cluster management and job scheduling system for Linux clusters. Components include machine status, partition management, job management, scheduling and accounting modules...

[SECURITY] Fedora 32 Update: pacemaker-2.0.5-0.7.rc3.fc32

Pacemaker is an advanced, scalable High-Availability cluster resource manager. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when related resources fail and can be...

[SECURITY] Fedora 32 Update: slurm-19.05.8-1.fc32

Slurm is an open source, fault-tolerant, and highly scalable cluster management and job scheduling system for Linux clusters. Components include machine status, partition management, job management, scheduling and accounting modules...