openstack-nova: Nova instance migration process does not stop when instance is deleted

A denial of service flaw was found in the OpenStack Compute nova instance migration process. Because the migration process does not terminate when an instance is deleted, an authenticated user could bypass user quota and deplete all available disk space by repeatedly re-sizing and deleting an...

Moderate: Red Hat Security Advisory: openstack-nova security update

Updated openstack-nova packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

change fontset 'icons' to html entities to improve security compliance

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-38988. panel It seems that the icons in Confluence are currently rendered using fontset. This can be an issue for organization...

change fontset 'icons' to html entities to improve security compliance

It seems that the icons in Confluence are currently rendered using fontset. This can be an issue for organization especially banks that have strict security constraint fontset cannot be downloaded as a result this will not render on customer instance. I would recommend that we change the current...

CVE-2015-5158

Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAPSYSRAWIO permissions to cause a denial of service instance crash via an invalid opcode in a SCSI command descriptor block...

WordPress wp-instance-rename 'mysqldump_download.php' plugin arbitrary file download vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. The WordPress wp-instance-rename 'mysqldumpdownload.php' plugin has an arbitrary file download vulnerability due to the program failing to adequately filter...

UBUNTU-CVE-2015-1266

content/browser/webui/contentwebuicontrollerfactory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as...

wp-instance-rename <= 1.0 - Arbitrary File Download

The wp-instance-rename WordPress plugin was affected by an Arbitrary File Download security vulnerability. url --data "dbname=wp&dumpfname=/etc/passwd&backupfolder=." http://www.example.com/wp-instance-rename/mysqldumpdownload.php -o p.zip...

wp-instance-rename <= 1.0 - Arbitrary File Download

The wp-instance-rename WordPress plugin was affected by an Arbitrary File Download security vulnerability. PoC url --data "dbname=wp=/etc/passwdfolder=." http://www.example.com/wp-instance-rename/mysqldumpdownload.php -o p.zip...

VMS users please note:Venom vulnerability than Heartbleed also risk-vulnerability warning-the black bar safety net

Data centers are mostly using the host system management program host hypervisior to isolate a single server to run multiple virtual machine instances, but this is the underlying structure, it is found that the presence of the 1 0 years of“virtual environments neglected of business operation”in t...

Moderate: Red Hat Bug Fix Advisory: Red Hat Enterprise Linux OpenStack Platform Bug Fix and Enhancement Advisory

Updated packages that resolve various issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly...

Oracle E-Business Suite suffers from a remote vulnerability (CNVD-2015-02471)

Oracle E-Business Suite is a new generation of e-business suite from Oracle. A remote security vulnerability exists in Oracle E-Business Suite. An attacker is allowed to exploit this vulnerability to compromise the 'Create Item Instance' subcomponent in the 'HTTP' protocol...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Installed Base component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Create Item Instance...

CVE-2015-2565

Unspecified vulnerability in the Oracle Installed Base component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Create Item Instance...

openstack-nova: Nova VMware instance in resize state may leak

A flaw was found in the OpenStack Compute nova VMWare driver, which could allow an authenticated user to delete an instance while it was in the resize state, causing the instance to remain on the back end. A malicious user could use this flaw to cause a denial of service by exhausting all availab...

Ericsson Drutt Mobile Service Delivery Platform Directory Traversal Vulnerability

Ericsson Drutt Mobile Service Delivery Platform MSDP is a business support system from Ericsson, Sweden, that supports Service Delivery Platforms SDPs for on-site and off-portal services. A directory traversal vulnerability exists in Instance Monitor in Ericsson Drutt MSDP. A remote attacker coul...

CVE-2015-2166

Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform MSDP 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the default URI...

CVE-2015-2166

Ericsson Drutt Mobile Service Delivery Platform (MSDP) has a Local File Inclusion vulnerability in the Instance Monitor affecting versions 4–6. The flaw lets remote attackers read arbitrary files via a dot-dot-encoded slash (..%2f) in the default URI, enabling information disclosure. Root cause i...

Phabricator: SSRF vulnerability (access to metadata server on EC2 and OpenStack)

In bug 50537, haquaman reported a SSRF vulnerability in the meme creation section of Phabricator. Ticket T6755 was created and the HackerOne issue was closed as "Won't fix". T6755 states that "attackers can use the machine's ability to access the network, which may allow them to find services and...

ipa security, bug fix, and enhancement update

4.1.0-18.0.1 - Replace login-screen-logo.png 20362818 - Drop subscription-manager requires for OL7 - Drop redhat-access-plugin-ipa requires for OL7 - Blank out header-logo.png product-name.png 4.1.0-18 - Fix ipa-pwd-extop global configuration caching 1187342 - group-detach does not add correct...