Cisco Unified Computing System Serial over LAN Static Private Key Vulnerability

A vulnerability in the Cisco Unified Computing System Serial over LAN SoL implementation could allow an unauthenticated, remote attacker to perform a man-in-the-middle MITM attack. The vulnerability occurs because the Board Management Controller BMC uses a hard-coded private key. An attacker coul...

Cisco Unified Computing System Smart Call Home Input Validation Vulnerability

A vulnerability in Cisco Unified Computing System UCS Manager could allow an authenticated, local attacker to trigger a denial of service DoS condition. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by configuring an invalid contact address fo...

Cisco Unified Computing System (UCS) Manager Version

Cisco Unified Computing System UCS Manager software is listening on remote Cisco device. It allows for the management of Cisco UCS hardware and software components. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid69919; scriptversion"1.8";...

Multiple Vulnerabilities in Cisco Unified Computing System (cisco-sa-20130424-ucsmulti)

Managed and standalone Cisco Unified Computing System UCS deployments contain one or more of the following vulnerabilities : - Cisco Unified Computing System LDAP User Authentication Bypass Vulnerability CVE-2013-1182 - Cisco Unified Computing System IPMI Buffer Overflow Vulnerability CVE-2013-11...

Default Password (cliuser) for 'cliuser' Account

The account 'cliuser' on the remote host has the password 'cliuser'. An attacker may leverage this issue to gain administrative access to the affected system. Note that Cisco Unified Computing System Platform Emulator is known to use these credentials to provide administrative access to the CLI...

[SECURITY] Fedora 19 Update: openstack-nova-2013.1.2-4.fc19

OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...

Moderate: Red Hat Enhancement Advisory: Red Hat OpenShift Enterprise 1.2 Infrastructure Release Advisory

Red Hat OpenShift Enterprise 1.2 is now available which fixes several bugs and introduces feature enhancements. OpenShift Enterprise is a cloud computing Platform-as-a-Service PaaS solution from Red Hat, and is designed for on-premise or private cloud deployments. The OpenShift Enterprise 1.2...

Important: Red Hat Enhancement Advisory: Red Hat OpenShift Enterprise 1.2 Node Release Advisory

Red Hat OpenShift Enterprise 1.2 is now available which fixes several bugs and introduces feature enhancements. OpenShift Enterprise is a cloud computing Platform-as-a-Service PaaS solution from Red Hat, and is designed for on-premise or private cloud deployments. The OpenShift Enterprise 1.2...

OpenStack python-keystoneclient 安全绕过漏洞(CVE-2013-2167)

Bugtraq ID:60680 CVE ID:CVE-2013-2167 OpenStack是由Rackspace和NASA共同开发的云计算平台，帮助服务商和企业内部实现类似于Amazon EC2和S3的云基础架构。 OpenStack python-keystoneclient客户端中间件memcache加密实现存在安全漏洞，允许可直接对memcache后端或在中间人位置进行写访问的攻击者注入恶意数据来绕过签名安全策略。...

Cracking iPhone Hotspot password in 50 Seconds

The ability to turn your iPhone into a Wi-Fi hotspot is a fantastically useful little tool in and of itself. When setting up a personal hotspot on their iPad or iPhone, users have the option of allowing iOS to automatically generate a password. According to a new study by Researchers at the...

Microsoft is sponsoring the Cyber Security Challenge UK

The global adoption of computing continues to draw attackers toward ever-richer targets. The latest data from the Microsoft Security Intelligence Report shows that although industry-wide vulnerability disclosures are down and computer defenses are improved, exploit activity has actually increased...

Oracle's Java Security Plans Don't Address Sandbox Flaws

For all of Oracle’s bluster last Thursday about Java security enhancements, next to nothing was said about the real issue behind months of misery this year: the Java sandbox. Oracle broke its radio silence late last week with an out-of-the-blue blogpost full of promises about getting Java right...

Researchers, Vendors Await Google Disclosure Fallout

The endless loop that is the disclosure debate got a jolt of energy yesterday when Google said it would support researchers’ disclosure of details on actively exploited critical vulnerabilities just seven days after the researcher has notified the vendor in question. Google hopes the policy...

Privacy in the Age of Ubiquitous Computing

REDMOND, Wash.–If one were to draw up a list of the most challenging jobs in the technology industry, chief privacy officer at Microsoft likely would be pretty near the top of it. For a company with the size and scope of Microsoft, the volume of potential privacy issues is nearly endless, and if...

Indian Government approved National Cyber Security Policy

The IT sector has become one of the most significant growth catalysts for the Indian economy. The government approved the National Cyber Security Policy that aims to create a secure computing environment in the country and build capacities to strengthen the current set up with focus on manpower...

Indian Government approved National Cyber Security Policy

The IT sector has become one of the most significant growth catalysts for the Indian economy. The government approved the National Cyber Security Policy that aims to create a secure computing environment in the country and build capacities to strengthen the current set up with focus on manpower...

Cisco Unified Computing System multiple security vulnerabilities

Buffer overflow, information leakage, authentication bypass, DoS...

Cisco Unified Computing System Central Software DOM-Based Cross-Site Scripting Vulnerability

Cisco Unified Computing System Central Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability exists because the affected software fails to perform sufficient validation and sanitation of user-supplied inpu...

CVE-2013-1178

Multiple buffer overflows in the Cisco Discovery Protocol CDP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.24 and 6.x before 6.11, Nexus 5000 and 5500 devices 4.x and 5.x before 5.13N11, Nexus 4000 devices before 4.12E11h, Nexus 3000 devices 5.x before 5.03U31, Nexus...

Buffer overflow

Multiple buffer overflows in the Cisco Discovery Protocol CDP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.24 and 6.x before 6.11, Nexus 5000 and 5500 devices 4.x and 5.x before 5.13N11, Nexus 4000 devices before 4.12E11h, Nexus 3000 devices 5.x before 5.03U31, Nexus...