43 matches found
EUVD-2014-4669
Malware in sbrugna...
EUVD-2015-0174
Malware in sbrugna...
EUVD-2015-0175
Malware in sbrugna...
EUVD-2015-2055
Malware in sbrugna...
EUVD-2014-4668
Malware in sbrugna...
EUVD-2015-2042
Malware in sbrugna...
EUVD-2014-3114
Malware in sbrugna...
Security Bulletin: Openstack Compute (Nova) noVNC proxy
Summary Fix OpenStack Nova allowing a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the noVNC component. By modifying untrusted URL input using multiple backslashes, an attacker could exploit this vulnerability to redirect a victim to arbitrary website...
Security Bulletin: PowerVC is impacted by an Openstack Nova vulnerability which could leak consoleauth tokens into log files (CVE-2015-9543)
Summary An issue discovered in Openstack Nova can leak consoleauth tokens into log files which can be used by an attacker with access to service's log files to gain additional access in to the Openstack based deployment. Vulnerability Details CVEID: CVE-2015-9543 DESCRIPTION: OpenStack Nova could...
Security Bulletin: PowerVC is impacted by an OpenStack Neutron vulnerability related to security group rules (CVE-2019-10876)
Summary OpenStack Neutron is vulnerable to a denial of service, caused by a flaw in the neutron-openvswitch-agent. By creating two security groups with separate/overlapping port ranges, a remote authenticated attacker could exploit this vulnerability to prevent Neutron from being able to configur...
Security Bulletin: PowerVC is impacted by an OpenStack Neutron denial of service vulnerability (CVE-2018-14635)
Summary Openstack Neutron is vulnerable to a denial of service, caused by improper validation of user-supplied input. By using specially-crafted content, a remote authenticated attacker could exploit this vulnerability to cause the application to crash. Vulnerability Details CVEID: CVE-2018-14635...
Security Bulletin: Ceilometer database access unrestricted in PowerVC (CVE-2015-1937)
Summary IBM PowerVC is using a ceilometer database that does not have authentication enabled. Vulnerability Details CVEID: CVE-2015-1937 DESCRIPTION: IBM PowerVC NoSQL database used by ceilometer is listening on the remote port and is configured to allow connections without any authentication. A...
Security Bulletin: Nova Filter Scheduler bypass through rebuild action (CVE-2017-16239)
Summary OpenStack Nova could allow a remote authenticated attacker to bypass security restrictions. By rebuilding an instance, an attacker could exploit this vulnerability to achieve Filter Scheduler bypass. Vulnerability Details CVE-ID: CVE-2017-16239 Description: OpenStack Nova could allow a...
Security Bulletin: IBM PowerVC is impacted by OpenStack Compute denial of service vulnerability (CVE-2016-7498)
Summary If an authenticated user deletes an instance while it is in resize state, it will cause the original instance to not be deleted from the compute node it was running on. An attacker can use this to launch a denial of service attack. All Nova setups are affected. Vulnerability Details CVEID...
Security Bulletin: IBM PowerVC is impacted by python oslo.middleware package information disclosure (CVE-2017-2592)
Summary IBM PowerVC may disclose some sensitive values in an error message. Vulnerability Details CVEID: CVE-2017-2592 DESCRIPTION: The OpenStack python oslo.middleware package could allow a local authenticated attacker to obtain sensitive information by including sensitive data in the CatchError...
Security Bulletin: IBM PowerVC is impacted by OpenStack Glance server-side request forgery (CVE-2017-7200)
Summary IBM PowerVC may disclose some sensitive information while creating images with 'copyfrom' feature in the v1 Image Service API. Vulnerability Details CVEID: CVE-2017-7200 DESCRIPTION: OpenStack Glance is vulnerable to server-side request forgery, caused by a flaw in the 'copyfrom' feature ...
Security Bulletin: IBM PowerVC is affected by vulnerability in OpenStack Nova (CVE-2017-7214)
Summary OpenStack Nova could allow an attacker to obtain sensitive information from logs. Vulnerability Details CVEID: CVE-2017-7214 DESCRIPTION: Legacy notification exception contexts appearing in OpenStack Nova's ERROR level logs may include sensitive information such as account passwords and...
Security Bulletin: IBM PowerVC - Local escalation of privilege vulnerability in DB2 for Linux (CVE-2016-5995)
Summary IBM PowerVC is impacted by Local escalation of privilege vulnerability in DB2 for Linux CVE-2016-5995 Vulnerability Details CVE-ID: CVE-2016-5995 Description: DB2 for Linux, Unix and Windows is vulnerable to a privilege escalation due to code being built with binaries with libraries in...
Security Bulletin: IBM PowerVC is impacted by OpenStack Nova information disclosure vulnerabilities (CVE-2015-1850, CVE-2015-7548)
Summary IBM PowerVC is impacted by OpenStack Nova information disclosure vulnerailities CVE-2015-1850, CVE-2015-7548 Vulnerability Details CVEID: CVE-2015-1850 DESCRIPTION: OpenStack Nova could allow a local attacker to obtain sensitive information, caused by the failure to provide input format t...
Authentication flaw
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code...