Moderate: Red Hat Security Advisory: jenkins security update

An updated Jenkins package and image that includes security fixes are now available for Red Hat OpenShift Enterprise 3.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2016-1401

Cross-site scripting XSS vulnerability in the management interface in Cisco Unified Computing System UCS Central Software 1.41a allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250...

CVE-2016-1401

Cross-site scripting XSS vulnerability in the management interface in Cisco Unified Computing System UCS Central Software 1.41a allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250...

Protecting Cloud APIs Critical to Mitigating Total Compromise

When it comes to cloud computing, APIs more or less drive everything, but in the eyes of some researchers, existing security controls around them haven’t kept pace. While individual components of a system can be secure, when that system gets deployed in the cloud it can often become insecure – an...

Cisco Unified Computing System Central Cross-Site Scripting Vulnerability

Cisco Unified Computing System UCS Central is a suite of software from Cisco that manages the Cisco UCS server domain. The software provides policy-based automation of servers to improve IT efficiency and centralized fault overview of rapid problem solving and other features. A cross-site scripti...

Moderate: Red Hat Security Advisory: openshift security update

Updated openshift packages that fix one security issue are now available for Red Hat OpenShift Enterprise 3.1. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Want to Use Quantum Computer? IBM launches One for Free

In Brief What would you do if you get access to a Quantum Computer? IBM Scientists launches the world’s first cloud-based quantum computing technology, calling the IBM Quantum Experience, for anyone to use. It is an online simulator that lets anyone run algorithms and experiments on the company's...

Privacy Activists Cheer Passage of Email Privacy Act, Brace for Senate Battle

In a vote of 419-0 on Wednesday, the U.S. House of Representatives passed the Email Privacy Act that would require the government to obtain a warrant in order to access digital communications stored in the cloud. Privacy advocates cheered the victory and said it was a win for U.S. citizens and...

CVE-2016-1339

Cisco Unified Computing System UCS Platform Emulator 2.52TS4, 3.02cA, and 3.02cTS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux68832...

CVE-2016-1340

Cisco UCS Platform Emulator (UCSPE) versions 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 are affected by a heap-based buffer overflow when handling libclimeta.so filename arguments. Root cause: improper validation of the libclimeta.so filename, enabling local privilege escalation. Impact: local users can...

Cisco Unified Computing System Platform Emulator Command Injection Vulnerability

A vulnerability in the Cisco Unified Computing System UCS Platform Emulator could allow an authenticated, local attacker to perform a command injection attack. The vulnerability occurs because the affected system improperly handles ucspe-copy command-line arguments. An attacker could exploit this...

Cisco Unified Computing System Platform Emulator Filename Argument Handling Buffer Overflow Vulnerability

A vulnerability in Cisco Unified Computing System UCS Platform Emulator could allow an authenticated, local attacker to trigger a heap-based buffer overflow on a targeted system. The vulnerability occurs because the affected system improperly handles libclimeta.so filename arguments. An attacker...

CVE-2016-1352

Cisco Unified Computing System UCS Central Software 1.31b and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856...

Cisco UCS Central Software Arbitrary Command Execution Vulnerability

Cisco UCS Central Software is the United States Cisco Cisco company's set of global Cisco UCS Unified Computing System resources for server management and monitoring solutions. A security vulnerability exists in Cisco UCS Central Software version 1.31b and earlier. Due to the program failing to...

Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability

A vulnerability in the web framework of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on a targeted system. The vulnerability is due to improper input validation by the affected software. An attacker could exploit...

samba: crash in dcesrv_auth_bind_ack due to missing error check

Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server high CPU load or a crash or, possibly, execute arbitrary code with the permissions of the user running Samba root. Thi...

samba: crash in dcesrv_auth_bind_ack due to missing error check

Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server high CPU load or a crash or, possibly, execute arbitrary code with the permissions of the user running Samba root. Thi...

UBUNTU-CVE-2015-5370

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service application crash or CPU consumption, or possibly execute arbitrary code on a...

Important: Red Hat Security Advisory: openvswitch security update

Updated openvswitch packages that fix one security issue are now available for Red Hat OpenShift Enterprise 3.1. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Citrix ICA Virtual Channels Overview

This article provides details of the design, functionality, and usage of the Citrix ICA Virtual Channels and focuses on the Citrix XenApp Plug-ins/Receiverfor Windows Target Audience Application developers, Citrixserver administrators, and help desk personnel. What are ICA Virtual Channels? A lar...