Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality of protected information

The Linux-modules-2.6.18-4-xen-vserver-686 package of the Debian GNU/Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to violations of the confidentiality of protected information. These vulnerabilities can be exploited remotely...

Mandriva Linux Security Advisory : perl-Module-Signature (MDVSA-2015:207)

Updated perl-Module-Signature package fixes the following security vulnerabilities reported by John Lightsey : Module::Signature could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries. When verifying...

Vulnerabilities in the Debian GNU/Linux operating system that allow a local malicious individual to compromise the confidentiality, integrity, and accessibility of protected information

The ipw3945-modules-2.6.18-6-vserver-k7 package for the Debian GNU/Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to violations of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploite...

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information

The kernel-pcmcia-modules-2.4.27-3-k6 package in the Debian GNU/Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information

The multiple vulnerabilities in the hostap-modules-2.4.27-4-686 package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...

SevDesk v1.1 iOS - Persistent Dashboard Vulnerability

Document Title: =============== SevDesk v1.1 iOS - Persistent Dashboard Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1311 Release Date: ============= 2015-04-23 Vulnerability Laboratory ID VL-ID: ==================================== 1311...

Scientific Linux Security Update : kvm on SL5.x x86_64 (20150422)

It was found that KVM's Write to Model Specific Register WRMSR instruction emulation would write non-canonical values passed in by the guest to certain MSRs in the host's context. A privileged guest user could use this flaw to crash the host. CVE-2014-3610 A race condition flaw was found in the w...

[SECURITY] Fedora 20 Update: python-2.7.5-16.fc20

Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as t...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 enable or 2 disable modules or 3 change variables via unspecified vectors...

KLA10563 Multiple vulnerabilities in Drupal modules

Multiple serious vulnerabilities have been found in Drupal modules. Malicious users can exploit these vulnerabilities to bypass security restrictions, inject arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. Open redirect vulnerabilities in Commerce...

Fedora 20 : perl-Module-Signature-0.78-1.fc20 / perl-Test-Signature-1.11-1.fc20 (2015-5840)

This update addresses various security issues in perl-Module-Signature as described below. The default behavior is also changed so as to ignore any MANIFEST.SKIP files unless a 'skip' parameter is specified. An updated version of perl-Test-Signature that accounts for the changed default behavior ...

Fedora 21 : perl-Module-Signature-0.78-1.fc21 / perl-Test-Signature-1.11-1.fc21 (2015-5833)

This update addresses various security issues in perl-Module-Signature as described below. The default behavior is also changed so as to ignore any MANIFEST.SKIP files unless a 'skip' parameter is specified. An updated version of perl-Test-Signature that accounts for the changed default behavior ...

Updated perl-Module-Signature packages fix security vulnerabilities

Updated perl-Module-Signature package fixes the following security vulnerabilities reported by John Lightsey: Module::Signature could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries. When verifying t...

Important: Red Hat Security Advisory: openstack-packstack and openstack-puppet-modules update

Updated openstack-packstack and openstack-puppet-modules packages that fix one security issue and adds one enhancement are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security...

openstack-puppet-modules: pacemaker configured with default password

It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root...

openstack-puppet-modules: pacemaker configured with default password

It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root...

Red Hat openstack-puppet-modules trust management vulnerability

Red Hat openstack-puppet-modules is a Red Hat implementation of Puppet a configuration management tool based on a client/server architecture capable of configuring core OpenStack services. A security vulnerability in the puppet manifests in Red Hat openstack-puppet-modules versions prior to...

CVE-2015-1842

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors...

Default credentials

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors...

CVE-2015-1842

CVE-2015-1842 relates to Red Hat OpenStack modules where the puppet manifests in the openstack-puppet-modules package were configured with a known default password for the pcsd daemon (CHANGEME). If this password is not changed and an attacker can access pcsd remotely, they could execute arbitrar...