7 matches found
EUVD-2015-0175
Malware in sbrugna...
Security Bulletin: PowerVC is impacted by an Openstack Nova vulnerability which could leak consoleauth tokens into log files (CVE-2015-9543)
Summary An issue discovered in Openstack Nova can leak consoleauth tokens into log files which can be used by an attacker with access to service's log files to gain additional access in to the Openstack based deployment. Vulnerability Details CVEID: CVE-2015-9543 DESCRIPTION: OpenStack Nova could...
Security Bulletin: PowerVC is impacted by an OpenStack Neutron vulnerability related to security group rules (CVE-2019-10876)
Summary OpenStack Neutron is vulnerable to a denial of service, caused by a flaw in the neutron-openvswitch-agent. By creating two security groups with separate/overlapping port ranges, a remote authenticated attacker could exploit this vulnerability to prevent Neutron from being able to configur...
Security Bulletin: IBM PowerVC is impacted by OpenStack Compute denial of service vulnerability (CVE-2016-7498)
Summary If an authenticated user deletes an instance while it is in resize state, it will cause the original instance to not be deleted from the compute node it was running on. An attacker can use this to launch a denial of service attack. All Nova setups are affected. Vulnerability Details CVEID...
Security Bulletin: IBM PowerVC is impacted by python oslo.middleware package information disclosure (CVE-2017-2592)
Summary IBM PowerVC may disclose some sensitive values in an error message. Vulnerability Details CVEID: CVE-2017-2592 DESCRIPTION: The OpenStack python oslo.middleware package could allow a local authenticated attacker to obtain sensitive information by including sensitive data in the CatchError...
Security Bulletin: IBM PowerVC is impacted by OpenStack Nova information disclosure vulnerabilities (CVE-2015-1850, CVE-2015-7548)
Summary IBM PowerVC is impacted by OpenStack Nova information disclosure vulnerailities CVE-2015-1850, CVE-2015-7548 Vulnerability Details CVEID: CVE-2015-1850 DESCRIPTION: OpenStack Nova could allow a local attacker to obtain sensitive information, caused by the failure to provide input format t...
CVE-2015-0137
IBM PowerVC Standard 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 validates Hardware Management Console HMC certificates only during the pre-login stage, which allows man-in-the-middle attackers to spoof devices via a crafted certificate...