628 matches found
openstack-nova: Unprivileged API user can access host data using instance snapshot
A flaw was discovered in the OpenStack Compute nova snapshot feature when using the libvirt driver. A compute user could overwrite an attached instance disk with a malicious header specifying a backing file, and then request a snapshot, causing a file from the compute host to be leaked. This flaw...
openstack-cinder: Cinder-volume host data leak to virtual machine instance
The 1 GlusterFS and 2 Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header...
openstack-cinder: Cinder-volume host data leak to virtual machine instance
The 1 GlusterFS and 2 Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header...
GLSA-201407-03 : Xen: Multiple Vunlerabilities
The remote host is affected by the vulnerability described in GLSA-201407-03 Xen: Multiple Vunlerabilities Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : A remote attacker can utilize multiple vectors to execute...
DEBIAN-CVE-2014-4044
OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service uninitialized memory access and crash via unspecified vectors related to TMAY requests...
A Problem of CPU Consumption in Host Data Collector bundled with Hitachi Device Manager Software
Overview Host Data Collector bundled with Hitachi Device Manager Software contains a problem of CPU consumption. Impact When Host Data Collector receives a malicious unexpected request, a process of Host Data Collector might consume CPU resources. Solution Please refer to the 'Vendor Information'...
CVE-2009-5117
The Web Post Protection feature in McAfee Host Data Loss Prevention DLP 3.x before 3.0.100.10 and 9.x before 9.0.0.422, when HTTP Capture mode is enabled, allows local users to obtain sensitive information from web traffic by reading unspecified files...
CVE-2009-5117
The CVE-2009-5117 entry concerns McAfee Host Data Loss Prevention (DLP) with its Web Post Protection feature. Versions 3.x prior to 3.0.100.10 and 9.x prior to 9.0.0.422, when HTTP Capture mode is enabled, may let local users obtain sensitive information from web traffic by reading unspecified fi...