what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2015-04-17

Debian Security Advisory 3228-1
Posted Apr 17, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3228-1 - Emanuele Rocca discovered that ppp, a daemon implementing the Point-to-Point Protocol, was subject to a buffer overflow when communicating with a RADIUS server. This would allow unauthenticated users to cause a denial-of-service by crashing the daemon.

tags | advisory, overflow, protocol
systems | linux, debian
advisories | CVE-2015-3310
SHA-256 | 3f427866f2b4b74ed9acc0505e613edb072544d44f385fda7f4ca19cbee3d17e
HP Security Bulletin HPSBMU03264 1
Posted Apr 17, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03264 1 - Potential security vulnerabilities have been identified with HP Network Automation. These include Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS), clickjacking and other vulnerabilities which can be used to create remote exploits. Revision 1 of this advisory.

tags | advisory, remote, vulnerability, xss, csrf
advisories | CVE-2014-7886
SHA-256 | 3d2da90d680875607928f6400e98f2c7c082681f345808b204ca5066ab522722
Red Hat Security Advisory 2015-0844-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0844-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. It was discovered that the OpenStack Compute console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3708, CVE-2014-8333, CVE-2015-0259
SHA-256 | 151e0f877c537ca169273ce95093ea6b8d6d0261d15f86f70fa508944ce15b73
Red Hat Security Advisory 2015-0841-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0841-01 - The Red Hat Support plug-in for Red Hat OpenStack is a Technology Preview feature which offers seamless integrated access to Red Hat subscription services from the Red Hat OpenStack administration portal. The plug-in provides automated functionality that enables quicker help, answers, and proactive services. It offers easy and instant access to Red Hat exclusive knowledge, resources, engagement, and diagnostic features. It was found that the local log-viewing function of the redhat-access-plugin for OpenStack Dashboard did not sanitize user input. An authenticated user could use this flaw to read an arbitrary file with the permissions of the web server.

tags | advisory, web, arbitrary, local
systems | linux, redhat
advisories | CVE-2015-0271
SHA-256 | a25ce60fbc1e5270012c54c9b2f809c91915f13b562c47e10cc6a956a8b3e614
Red Hat Security Advisory 2015-0838-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0838-01 - OpenStack Image service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. A storage quota bypass flaw was found in OpenStack Image. If an image was deleted while it was being uploaded, it would not count towards a user's quota. A malicious user could use this flaw to deliberately fill the backing store, and cause a denial of service.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-9623
SHA-256 | ab762a171dbd37a18044a58c9f42a856b163bfd04f4309116ecc2defce0a2e91
Red Hat Security Advisory 2015-0840-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0840-01 - The Red Hat Support plug-in for Red Hat OpenStack is a Technology Preview feature which offers seamless integrated access to Red Hat subscription services from the Red Hat OpenStack administration portal. The plug-in provides automated functionality that enables quicker help, answers, and proactive services. It offers easy and instant access to Red Hat exclusive knowledge, resources, engagement, and diagnostic features. It was found that the local log-viewing function of the redhat-access-plugin for OpenStack Dashboard did not sanitize user input. An authenticated user could use this flaw to read an arbitrary file with the permissions of the web server.

tags | advisory, web, arbitrary, local
systems | linux, redhat
advisories | CVE-2015-0271
SHA-256 | b1d68aaef80aeb02daac54d15c3df339026c7c2140cce6a5224795abd26f2cf9
Red Hat Security Advisory 2015-0843-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0843-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. It was discovered that the OpenStack Compute console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3708, CVE-2014-8333, CVE-2015-0259
SHA-256 | f2b184d98b9de9d4e2a7dc8a1db6b1770436a3e1e82ce7a8b3d69c7b38659ce5
Red Hat Security Advisory 2015-0845-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0845-01 - OpenStack Dashboard provides administrators and users a graphical interface to access, provision and automate cloud-based resources. The dashboard allows cloud administrators to get an overall view of the size and state of the cloud and it provides end-users a self-service portal to provision their own resources within the limits set by administrators. A denial of service flaw was found in the OpenStack Dashboard when using the db or memcached session engine. An attacker could make repeated requests to the login page, which would result in a large number of unwanted backend session entries, possibly leading to a denial of service.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-8124
SHA-256 | 30a4c4d985b5b54b8d412d63d8b97a60009d8ca15c084352ac502411675ccdc1
Red Hat Security Advisory 2015-0837-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0837-01 - OpenStack Image service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. A storage quota bypass flaw was found in OpenStack Image. If an image was deleted while it was being uploaded, it would not count towards a user's quota. A malicious user could use this flaw to deliberately fill the backing store, and cause a denial of service.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-9623
SHA-256 | 39c59fd933042cf7eb4339004da2bcb47b20ff7d345d6bab73562d0643d3c3b9
Red Hat Security Advisory 2015-0839-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0839-01 - OpenStack Dashboard provides administrators and users a graphical interface to access, provision and automate cloud-based resources. The dashboard allows cloud administrators to get an overall view of the size and state of the cloud and it provides end-users a self-service portal to provision their own resources within the limits set by administrators. A denial of service flaw was found in the OpenStack Dashboard when using the db or memcached session engine. An attacker could make repeated requests to the login page, which would result in a large number of unwanted backend session entries, possibly leading to a denial of service.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-8124
SHA-256 | 071e89abeea4e32a552176b1335794caf73208c69831ee258b4e0fe2f68b7fc7
Red Hat Security Advisory 2015-0833-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0833-01 - The novnc package provides a VNC client that uses HTML5 and includes encryption support. It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack. All novnc users are advised to upgrade to this updated package, which corrects this issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-7436
SHA-256 | 6d30c80129f8a6c1a7cefed0426c7604ab809f48a22e682319e62fc6c18ebe2f
Red Hat Security Advisory 2015-0836-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0836-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A flaw was found in the metadata constraints in OpenStack Object Storage. By adding metadata in several separate calls, a malicious user could bypass the max_meta_count constraint, and store more metadata than allowed by the configuration.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-7960
SHA-256 | b77fd20861995bfda334b9ffbfe7e1cb064b7648fbf5798845c00561bbcb1191
Red Hat Security Advisory 2015-0835-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0835-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A flaw was found in the metadata constraints in OpenStack Object Storage. By adding metadata in several separate calls, a malicious user could bypass the max_meta_count constraint, and store more metadata than allowed by the configuration.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-7960
SHA-256 | 3a6180ccf7be16f2cf337e2015cc2ba9095c2a4130f7d49215412e20a6d43efb
Red Hat Security Advisory 2015-0834-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0834-01 - The novnc package provides a VNC client that uses HTML5 and includes encryption support. It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack. All novnc users are advised to upgrade to this updated package, which corrects this issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-7436
SHA-256 | d95bdb4d25de4a94eb71ab13a803dcde0dc0d9541edf35ca7b68d2325c1dacdf
Red Hat Security Advisory 2015-0831-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0831-01 - PackStack is a command-line utility for deploying OpenStack on existing servers over an SSH connection. Deployment options are provided either interactively, using the command line, or non-interactively by means of a text file containing a set of preconfigured values for OpenStack parameters. PackStack is suitable for deploying proof-of-concept installations. It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root.

tags | advisory, shell, root
systems | linux, redhat
advisories | CVE-2015-1842
SHA-256 | 5e2aa27da080e83e07b8a31210c1f4901b2283641141bb8b5826b49f5e785e51
Red Hat Security Advisory 2015-0832-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0832-01 - PackStack is a command-line utility for deploying OpenStack on existing servers over an SSH connection. Deployment options are provided either interactively, using the command line, or non-interactively by means of a text file containing a set of preconfigured values for OpenStack parameters. PackStack is suitable for deploying proof-of-concept installations. It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root.

tags | advisory, shell, root
systems | linux, redhat
advisories | CVE-2015-1842
SHA-256 | b796fe1352f44436456a03ca7f29384d9e16b45e14797847bb753f446f835d66
Red Hat Security Advisory 2015-0830-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0830-01 - Red Hat Enterprise OpenStack Platform Installer is a deployment management tool. It provides a web user interface for managing the installation and configuration of remote systems. Deployment of changes is performed using Puppet. Additionally, Dynamic Host Configuration Protocol, Domain Name System, Preboot Execution Environment, and Trivial File Transfer Protocol services can be provided. Controlling these services also enables provisioning of physical systems that do not yet have an operating system installed. It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root.

tags | advisory, remote, web, shell, root, protocol
systems | linux, redhat
advisories | CVE-2015-1842
SHA-256 | 7882ab5d8eda4159985b3225dda5d859f5970ed0dd138b9e2d1a7357effb762a
Red Hat Security Advisory 2015-0816-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0816-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromium users should upgrade to these updated packages, which contain Chromium version 42.0.2311.90, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-1235, CVE-2015-1236, CVE-2015-1237, CVE-2015-1238, CVE-2015-1240, CVE-2015-1241, CVE-2015-1242, CVE-2015-1244, CVE-2015-1245, CVE-2015-1246, CVE-2015-1247, CVE-2015-1248, CVE-2015-1249
SHA-256 | ba911dd5e15e3cf31f94775ed64f5e95571481e8215d4e9155b15ff4f092a4f2
Ubuntu Security Notice USN-2569-2
Posted Apr 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2569-2 - USN-2569-1 fixed a vulnerability in Apport. Tavis Ormandy discovered that the fixed packages were still vulnerable to a privilege escalation attack. This update completely disables crash report handling for containers until a more complete solution is available. Stephane Graber and Tavis Ormandy independently discovered that Apport incorrectly handled the crash reporting feature. A local attacker could use this issue to gain elevated privileges. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
SHA-256 | 497cafe9f560d796997e720a42d60252c6603636886e973d8cb00ff1805cd8ee
Red Hat Security Advisory 2015-0849-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0849-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. A flaw was found in the way PicketLink's Service Provider and Identity Provider handled certain requests. A remote attacker could use this flaw to log to a victim's account via PicketLink.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2014-3570, CVE-2014-3586, CVE-2014-8111, CVE-2015-0204, CVE-2015-0226, CVE-2015-0227, CVE-2015-0277
SHA-256 | ba394fc4325fb91428de25b9326aa19d04a780c919afb4991bbaf15e3d05a16c
Red Hat Security Advisory 2015-0851-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0851-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.1.0 serves as a replacement for Red Hat JBoss BPM Suite 6.0.3, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-2133, CVE-2013-4517, CVE-2013-7397, CVE-2013-7398, CVE-2014-0034, CVE-2014-0035, CVE-2014-0059, CVE-2014-0109, CVE-2014-0110, CVE-2014-3577, CVE-2014-3623, CVE-2014-7827, CVE-2014-7839, CVE-2014-8122, CVE-2014-8125
SHA-256 | 9c35a2e3da753f782421c5fae6cc800fdd2198541a72b87ddbb7e26976fb351a
Red Hat Security Advisory 2015-0850-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0850-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.1.0 serves as a replacement for Red Hat JBoss BRMS 6.0.3, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-2133, CVE-2013-4517, CVE-2013-7397, CVE-2013-7398, CVE-2014-0034, CVE-2014-0035, CVE-2014-0059, CVE-2014-0109, CVE-2014-0110, CVE-2014-3577, CVE-2014-3623, CVE-2014-7827, CVE-2014-7839, CVE-2014-8122, CVE-2014-8125
SHA-256 | 290b4f0a91f99c1bf88abbdb829b7cd88cf73b3f112a40d00f3e02cb6d9adc8c
Red Hat Security Advisory 2015-0846-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0846-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2014-3586, CVE-2014-8111, CVE-2015-0226, CVE-2015-0227, CVE-2015-0277
SHA-256 | 007c30d1032917d88f831b90ee1b776f422fc055a9966bc6afdf4a0f8adb9efc
Red Hat Security Advisory 2015-0848-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0848-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. A flaw was found in the way PicketLink's Service Provider and Identity Provider handled certain requests. A remote attacker could use this flaw to log to a victim's account via PicketLink.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2014-3586, CVE-2014-8111, CVE-2015-0226, CVE-2015-0227, CVE-2015-0277
SHA-256 | d508b12d1e65d1ca12274e01b7846a3fcb61ca9075e2787500de0a34e7a0db5e
Red Hat Security Advisory 2015-0847-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0847-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2014-3586, CVE-2014-8111, CVE-2015-0226, CVE-2015-0227, CVE-2015-0277
SHA-256 | b103d846644536060b8020b4372d90cf6216364da3fcf9087a816626005dbdf4
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close