Cisco Security Advisory – Cisco Identity Services Engine (ISE) contains the arbitrary command execution and authentication bypass vulnerabilities. Successful exploitation of Cisco ISE Authenticated arbitrary command execution vulnerability may allow an authenticated remote attacker to execute arbitrary code on the underlying operating system. Successful exploitation of Cisco ISE Support Information download authentication bypass vulnerability could…
Cisco Security Advisory 20131023-struts2
Cisco Security Advisory – Multiple Cisco products include an implementation of Apache Struts 2 component that is affected by a remote command execution vulnerability. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests consisting of Object-Graph Navigation Language (OGNL) expressions to an affected system….
Ubuntu Security Notice USN-2002-1
Ubuntu Security Notice 2002-1 – Chmouel Boudjnah discovered that Keystone did not properly invalidate user tokens when a tenant was disabled which allowed an authenticated user to retain access via the token. Kieran Spear discovered that Keystone did not properly verify PKI tokens when performing revocation when using the memcache and KVS backends. An authenticated…
Ubuntu Security Notice USN-2004-1
Ubuntu Security Notice 2004-1 – Thomas Leaman discovered that the Python client library for Glance did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack…….
Ubuntu Security Notice USN-2005-1
Ubuntu Security Notice 2005-1 – Rongze Zhu discovered that the Cinder LVM driver did not zero out data when deleting snapshots. This could expose sensitive information to authenticated users when subsequent servers use the volume. Grant Murphy discovered that Cinder would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Cinder…
Red Hat Security Advisory 2013-1456-01
Red Hat Security Advisory 2013-1456-01 – This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.5. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM…
Ubuntu Security Notice USN-2000-1
Ubuntu Security Notice 2000-1 – It was discovered that Nova did not properly enforce the is_public property when determining flavor access. An authenticated attacker could exploit this to obtain sensitive information in private flavors. This issue only affected Ubuntu 12.10 and 13.10. Grant Murphy discovered that Nova would allow XML entity processing. A remote unauthenticated…
Ubuntu Security Notice USN-2001-1
Ubuntu Security Notice 2001-1 – Peter Portante discovered that Swift did not properly handle requests with old X-Timestamp values. An authenticated attacker could exploit this to cause a denial of service via disk consumption…….
Ubuntu Security Notice USN-2003-1
Ubuntu Security Notice 2003-1 – Stuart McLaren discovered that Glance did not properly enforce the ‘download_image’ policy for cached images. An authenticated user could exploit this to obtain sensitive information in an image protected by this setting…….
Mandriva Linux Security Advisory 2013-257
Mandriva Linux Security Advisory 2013-257 – Mozilla Network Security Services before 3.15.2 does not ensure that data structures are initialized before read operations, which allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. The updated mozilla NSS and NSPR packages have been…
Categories
Archives
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- August 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- March 2018
- February 2018
- November 2013
- October 2013
- September 2013
- August 2013
- March 2013
- March 2010
- February 2010
- January 2010
- December 2009
- June 2008
- May 2008
- February 2008
- June 2007
- May 2007
- February 2007
- December 2006
- June 2006
- April 2006
- March 2006
- January 2006
- December 2001