Insecure Direct Object Reference

The following URL is vulnerable to Insecure Direct Object Reference, allowing any authenticated user to read configuration files from the application such as the content of webapp directory in confluence. http:///spaces/viewdefaultdecorator.action?decoratorName=...

Where can I download the MIB files for Monitoring CloudBridge Linux-based appliances?

QUESTION: Where can I download the MIB files for Monitoring CloudBridge Linux-based appliances? ANSWER: -On version 7.4.x and later you can download the MIB files from Configuration Appliance Settings SNMP -On versions prior 7.4.x you can download the MIB files from CloudBridge Configuration...

CVE-2015-3280

OpenStack Compute nova before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service disk consumption by deleting instances while in the resize state...

Important: Red Hat Security Advisory: qemu-kvm security update

Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Google Chrome ServiceWorker Memory Misreference Vulnerability

Google Chrome is an open source WEB browser. Google Chrome contains a memory misreference vulnerability in the content/browser/serviceworker/embeddedworkerinstance.cc file in the ServiceWorker implementation that allows attackers to construct malicious WEB pages that can be tricked into parsing t...

EAP: CSRF vulnerability in EAP & WildFly Web Console

It was discovered that when uploading a file using a multipart/form-data submission to the EAP Web Console, the Console was vulnerable to Cross-Site Request Forgery CSRF. This meant that an attacker could use the flaw together with a forgery attack to make changes to an authenticated instance...

EAP: CSRF vulnerability in EAP & WildFly Web Console

It was discovered that when uploading a file using a multipart/form-data submission to the EAP Web Console, the Console was vulnerable to Cross-Site Request Forgery CSRF. This meant that an attacker could use the flaw together with a forgery attack to make changes to an authenticated instance...

EAP: CSRF vulnerability in EAP & WildFly Web Console

It was discovered that when uploading a file using a multipart/form-data submission to the EAP Web Console, the Console was vulnerable to Cross-Site Request Forgery CSRF. This meant that an attacker could use the flaw together with a forgery attack to make changes to an authenticated instance...

CVE-2015-6039

Cross-site scripting XSS vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content in an Office Marketplace instance, aka "Microsoft SharePoint Security Feature Bypass...

SUSE-SU-2015:1666-1 Security update for Cloud Compute 12

This collective update for the Cloud Compute 12 Module provides several fixes and enhancements. openstack-suse: - Do not copy upstream Python requirements to the package. bsc920573 openstack-nova: - Fix metadata not returning just instance private IP. bsc934523 - Enable tenant/user specific...

QEMU ne2000_receive() buffer overflow vulnerability

QEMU is an open source emulator software. A buffer overflow vulnerability exists in QEMU's ne2000receive, which allows a privileged user on a local Guest system to crash a QEMU instance or possibly execute arbitrary code...

CVE-2015-3241

OpenStack Compute nova 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service disk, network, and other resource consumption by resizing and then deleting an instance...

DEBIAN-CVE-2015-3241

OpenStack Compute nova 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service disk, network, and other resource consumption by resizing and then deleting an instance...

CVE-2015-3241

OpenStack Compute nova 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service disk, network, and other resource consumption by resizing and then deleting an instance...

CVE-2015-3241

OpenStack Compute nova 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service disk, network, and other resource consumption by resizing and then deleting an instance...

UBUNTU-CVE-2015-3241

OpenStack Compute nova 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service disk, network, and other resource consumption by resizing and then deleting an instance...

openstack-nova: Nova instance migration process does not stop when instance is deleted

A denial of service flaw was found in the OpenStack Compute nova instance migration process. Because the migration process does not terminate when an instance is deleted, an authenticated user could bypass user quota and deplete all available disk space by repeatedly re-sizing and deleting an...

Moderate: Red Hat Security Advisory: openstack-nova security update

Updated openstack-nova packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

change fontset 'icons' to html entities to improve security compliance

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-38988. panel It seems that the icons in Confluence are currently rendered using fontset. This can be an issue for organization...

change fontset 'icons' to html entities to improve security compliance

It seems that the icons in Confluence are currently rendered using fontset. This can be an issue for organization especially banks that have strict security constraint fontset cannot be downloaded as a result this will not render on customer instance. I would recommend that we change the current...