55 matches found
Security Bulletin: Multiple vulnerabilities in VMware ESXi affect IBM Cloud Pak System
Summary Vulnerabilities identified in VMware ESXi bundled with Cloud Pak System. Cloud Pak Systen has addressed vulnerabilities. Vulnerability Details CVEID:CVE-2022-28693 DESCRIPTION: Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by unprotect...
SUSE CVE-2020-8907
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to run docker and...
Security Bulletin: Cloud Pak for Security is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)
Summary Cloud Pak for Security CP4S is vulnerable to denial of service and arbitrary code execution CVE-2021-45105, CVE-2021-45046, through the use of Apache Log4j's JNDI logging feature in CP4S Risk Manager component and SOAR component using Elastic Search. The vulnerabilities have been addresse...
CVE-2020-8933 Priviged Escalation in Google Cloud Platform's Guest-OSLogin
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and filesystems. Within ...
Moderate: Red Hat Bug Fix Advisory: OpenShift Container Platform 4.2.27 extras update
Red Hat OpenShift Container Platform release 4.2.27 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...
OPENSUSE-SU-2019:2109-1 Security update for SDL_image
This update for SDLimage fixes the following issues: Update SDLImage to new snapshot 1.2.12+hg695. Security issues fixed: TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file boo1140421 TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the...
OPENSUSE-SU-2019:2071-1 Security update for SDL_image
This update for SDLimage fixes the following issues: Update SDLImage to new snapshot 1.2.12+hg695. Security issues fixed: TALOS-2019-0821 CVE-2019-5052: exploitable integer overflow vulnerability when loading a PCX file boo1140421 TALOS-2019-0841 CVE-2019-5057: code execution vulnerability in the...
RHEL 7 : Red Hat OpenShift Enterprise (RHSA-2016:1605)
An update is now available for Red Hat OpenShift Enterprise 3.1 and Red Hat OpenShift Enterprise 3.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Security Bulletin: IBM Workload Deployer - Proof of Concept exploit code, which uses a flaw in glibc that can allow a local unprivileged user to gain root on Linux machine
Summary Proof of Concept exploit code, which uses a flaw in glibc that can allow a local unprivileged user to gain root on a Linux machine. This affects virtual machines deployed by IBM Workload Deployer using the IBM OS Image for RedHat Linux version 2.0, 2.0.0.1, 2.0.0.2, 2.0.0.3, 2.0.0.4 and...
SUSE-SU-2017:2699-1 Security update for SLES 12 Docker image
The SUSE Linux Enterprise Server 12 container image has been updated to include security and stability fixes. The following issues related to building of the container images have been fixed: - Included krb5 package to avoid the inclusion of krb5-mini which gets selected as a dependency by the...
How to Update Machine Catalog to propagate changes applied to the Master Image
By following the steps provided in this article you will be able to apply changes to the Master Image and propagate those changes to the machines in the Machine Catalogs in question...
CVE-2017-12199
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogueupdateorder list-item, videoupdateorder video-item, imageupdateorder list-item, taggroupupdateorder listitem, categoryproductsupdateorder...
Cisco Desktop Collaboration Experience DX650 Command Injection Vulnerability
Cisco Desktop Collaboration Experience DX650 is a multifunctional endpoint from Cisco replacing Cius targeting the enterprise. The base system is Android. The Cisco Desktop Collaboration Experience DX650 suffers from a command injection vulnerability that allows an attacker to inject shell comman...
OpenStack Glance Denial of Service Vulnerability (CNVD-2015-01203)
Glance provides restful APIs to query the metadata of a virtual machine image, and can obtain the image. A denial of service vulnerability exists in OpenStack Glance, as the OpenStack Glance import task fails to update the image, allowing an attacker to exploit the vulnerability to crash the...
Subject: [SECURITY] New version of kernel-image for sparc fixes DoS attack
As is widely known by now the Linux 2.2.x kernels had a problem with parsing IP options, which made them susceptible to a DoS attack. The Debian GNU/Linux 2.1 release for the Sun sparc architecture uses such a kernel. If you are using such a system and havent upgraded the kernel yourself, we...