Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2 Release Advisory

Red Hat OpenShift Enterprise release 2.2, which fixes a security issue, several bugs and includes various enhancements, is now available. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

openstack-nova: Nova VMware driver may connect VNC to another tenant's console

A race condition flaw was found in the way the nova VMware driver handled VNC port allocation. An authenticated user could use this flaw to gain unauthorized console access to instances belonging to other tenants by repeatedly spawning new instances. Note that only nova setups using the VMware...

Important: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update

Updated openstack-nova packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System...

NIST Publishes Draft Hypervisor Security Guide

NIST has followed up a three-year-old virtualization security guide with recommendations for hypervisor security. A draft version of SP800-125a was released this week and a public comment period opened on Monday and ends Nov. 10. The guide targets enterprise security and IT management as well dat...

Moab Authentication Bypass [CVE-2014-5300]

Moab Authentication Bypass : CVE-2014-5300 Software: Moab Affected Versions: All versions prior to Moab 7.2.9 and Moab 8 CVE Reference: CVE-2014-5300 Author: John Fitzpatrick, MWR Labs http://labs.mwrinfosecurity.com/ Severity: High Risk Vendor: Adaptive Computing Vendor Response: Resolved in Moa...

RHEL 6 : trousers (RHSA-2014:1507)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1507 advisory. TrouSerS is an implementation of the Trusted Computing Group's Software Stack TSS specification. You can use TrouSerS to write applications that make...

Moab < 7.2.9 - Authorization Bypass

No description provided by source. Moab Authentication Bypass : CVE-2014-5300 Software: Moab Affected Versions: All versions prior to Moab 7.2.9 and Moab 8 CVE Reference: CVE-2014-5300 Author: John Fitzpatrick, MWR Labs http://labs.mwrinfosecurity.com/ Severity: High Risk Vendor: Adaptive Computi...

CVE-2014-5300

Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execute commands via a message without a signature...

CVE-2014-5375

The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which allows remote authenticated users to impersonate arbitrary users via the UserId and Owner tags...

CVE-2014-5376

Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-generated key is used, does not validate that the requesting user matches the actor in the message, which allows remote authenticated users to impersonate arbitrary users via the actor field in a message...

Authorization

Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execute commands via a message without a signature...

Code injection

Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-generated key is used, does not validate that the requesting user matches the actor in the message, which allows remote authenticated users to impersonate arbitrary users via the actor field in a message...

Code injection

The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which allows remote authenticated users to impersonate arbitrary users via the UserId and Owner tags...

CVE-2014-5375

CVE-2014-5375 affects Adaptive Computing Moab workload manager. It occurs when the Moab server does not properly validate that the message owner matches the submitting user, permitting remote authenticated users to impersonate arbitrary users via the and fields. Affected: Moab prior to 7.2.9 an...

CVE-2014-5300

The CVE-2014-5300 flaw affects Adaptive Computing Moab prior to 7.2.9 and Moab 8 prior to 8.0.0, where authentication can be bypassed by a message without a valid , allowing impersonation of arbitrary users and remote command execution. Root cause: the Moab server does not properly authenticate r...

CVE-2014-5375

The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which allows remote authenticated users to impersonate arbitrary users via the UserId and Owner tags...

CVE-2014-5376

Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-generated key is used, does not validate that the requesting user matches the actor in the message, which allows remote authenticated users to impersonate arbitrary users via the actor field in a message...

CVE-2014-5376

Moab Authentication Bypass (CVE-2014-5376): Moab before 7.2.9 and 8 before 8.0.0 can sign messages with a pre-generated key, bypassing validation that the signing user matches the actor in the message. This allows remote authenticated users to impersonate arbitrary users via the actor field, enab...

CVE-2014-5300

Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execute commands via a message without a signature...

Moab 7.2.9 - Authentication Bypass

Moab 7.2.9 - Authentication Bypass Moab Authentication Bypass : CVE-2014-5300 Software: Moab Affected Versions: All versions prior to Moab 7.2.9 and Moab 8 CVE Reference: CVE-2014-5300 Author: John Fitzpatrick, MWR Labs http://labs.mwrinfosecurity.com/ Severity: High Risk Vendor: Adaptive Computi...