569 matches found
OpenAFS Denial of Service Vulnerability (CNVD-2015-05292)
OpenAFS is a distributed file system that allows sharing of archives and resources between systems over LANs and WANs. A security vulnerability exists in the pioctl support for the OSD FS command in IBM OpenAFS 1.6.12 and earlier versions, which stems from a program writing the result of an RPC...
Important: Red Hat Security Advisory: Red Hat Gluster Storage 3.1 update
Red Hat Gluster Storage 3.1, which fixes multiple security issues, several bugs, and adds various enhancements, is now available. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
OpenStack Object Storage Information Disclosure Vulnerability
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration in collaboration with Rackspace in the U.S. OpenStack Object Storage a.k.a. Swift is one of these programs used to storage project for storing permanent static data. A security...
CVE-2015-1856
OpenStack Object Storage Swift before 2.3.0, when allowversion is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container...
DEBIAN-CVE-2015-1856
OpenStack Object Storage Swift before 2.3.0, when allowversion is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container...
Design/Logic Flaw
OpenStack Object Storage Swift before 2.3.0, when allowversion is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container...
CVE-2015-1856
Summary: CVE-2015-1856 affects OpenStack Object Storage (Swift) where, if allow_version is configured, an authenticated user who has listing access to the x-versions-location container can delete the latest version of a versioned object. This relies on Swift’s versioned-object handling and access...
CVE-2015-1856
OpenStack Object Storage Swift before 2.3.0, when allowversion is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container...
Moderate: Red Hat Security Advisory: openstack-swift security update
Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base...
Moderate: Red Hat Security Advisory: openstack-swift security update
Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base...
Wireshark SCSI OSD Dissector 'packet-scsi-osd.c' Denial of Service Vulnerability
Wireshark is an open source network protocol analysis tool. An integer overflow in the dissectosd2cdbcontinuation function in the Wireshark SCSI OSD parser epan/dissectors/packet-scsi-osd.c allows attackers to exploit a vulnerability by submitting a special message to crash the application...
php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw
A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute...
php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw
A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute...
CVE-2014-7960
OpenStack Object Storage Swift before 2.2.0 allows remote authenticated users to bypass the maxmetacount and other metadata constraints via multiple crafted requests which exceed the limit when combined...
CVE-2014-7960
OpenStack Object Storage Swift before 2.2.0 allows remote authenticated users to bypass the maxmetacount and other metadata constraints via multiple crafted requests which exceed the limit when combined...
CVE-2014-7960
CVE-2014-7960 affects OpenStack Object Storage (Swift) before 2.2.0. A vulnerability in metadata constraints allows remote authenticated users to bypass max_meta_count and related limits by issuing multiple crafted requests that exceed the configured threshold. The issue is confirmed in multiple ...
CVE-2014-7960
OpenStack Object Storage Swift before 2.2.0 allows remote authenticated users to bypass the maxmetacount and other metadata constraints via multiple crafted requests which exceed the limit when combined...
php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw
A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute...
Moderate: Red Hat Security Advisory: openstack-swift security update
Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring...
UBUNTU-CVE-2014-3515
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, relate...