299 matches found
CVE-2017-12085
An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability...
Privilege escalation
An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability...
CVE-2017-12085
CVE-2017-12085 is the Circle with Disney cloud routing vulnerability disclosed in TALOS-2017-0437. The issue enables an attacker with Internet connectivity to cause the Circle cloud to route a packet to an arbitrary Circle device via the cloud API and token-based routing mechanism. The attack cha...
Circle with Disney Routing Vulnerability
Circle with Disney is a set of network monitoring and management devices for monitoring children's online behavior from Circle Media, Inc. in the United States. A routing vulnerability exists in the cloud infrastructure in Circle with Disney version 2.0.1. An attacker can exploit this vulnerabili...
Circle with Disney Token Routing Vulnerability
Summary An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability. Tested...
Visit Trend Micro at VMworld 2017
Trend Micro will be at VMworld 2017 in Las Vegas on August 27th – 31st, showing why experience matters when it comes to automated security for your data center and cloud environments. Stop by our booth, 610, to chat with our security experts, and enter our daily draws to win a Phantom 3 Drone! Se...
Remote Access no longer needs to be Complex and Cumbersome
From an IT management perspective, remote access management can be complex. Deployment, administration, testing and compliance is often multifaceted and time consuming, and security is an on-going concern. Granted, I have talked with IT professionals who tell me VPNs - being the primary remote...
First Practical SHA-1 Collision Attack Arrives
Researchers unveiled on Thursday the first practical collision attack for the 22-year old cryptographic hash function SHA-1. While long expected, news of the attack, dubbed ‘SHAttered,’ should further accelerate the urgency of sunsetting of the maligned algorithm. Researchers from Google, Elie...
SQL Injection Vulnerability in ChannelList.aspx Page of Shandong Wave Government Approval Platform
Wave Government Approval Platform is a cloud computing infrastructure platform of Shandong Wave Qilu Software Co. A SQL injection vulnerability exists in the ChannelList.aspx page of the Shandong Wave Government Approval Platform, which can be exploited by attackers to obtain sensitive database...
Protecting Cloud APIs Critical to Mitigating Total Compromise
When it comes to cloud computing, APIs more or less drive everything, but in the eyes of some researchers, existing security controls around them haven’t kept pace. While individual components of a system can be secure, when that system gets deployed in the cloud it can often become insecure – an...
Several Vulnerabilities Found in Google App Engine
A group of security researchers in Poland say they have discovered a long list of vulnerabilities in the Google App Engine, some of which enable an attacker to escape the Java sandbox. The researchers at Security Explorations say that they have found more than 30 vulnerabilities in the App Engine...
USN-1831-1: OpenStack Nova vulnerability
Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk...
[USN-1734-1] OpenStack Nova vulnerability
========================================================================== Ubuntu Security Notice USN-1734-1 February 21, 2013 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[USN-1709-1] OpenStack Nova vulnerability
========================================================================== Ubuntu Security Notice USN-1709-1 January 29, 2013 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
USN-1709-1: OpenStack Nova vulnerability
Phil Day discovered that nova-volume did not validate access to volumes. An authenticated attacker could exploit this to bypass intended access controls and boot from arbitrary volumes...
CVE-2012-4501 : Critical vulnerability warned in Cloudstack
Citrix and the Apache Software Foundation have alerted users to a critical vulnerability in the CloudStack open source cloud infrastructure management software. The vulnerability affects all versions of Cloudstack prior to October 7, including the Citrix commercial version. Vulnerability could...
[USN-1247-1] Nova vulnerability
========================================================================== Ubuntu Security Notice USN-1247-1 October 25, 2011 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
Cyber criminals to be more aggressive in 2011 !
New Delhi: With the growing diversity of operating systems among companies, and the increasing use of mobile devices, cyber criminals will put a new spin on social engineering by 'malware campaign' under which they will bombard recipients with email that drop virus downloaders. According to an...
Azure Stack HCI
Azure Stack HCI and above...