Design/Logic Flaw

Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.03N22, Nexus 3000 devices 5.x before 5.03U32, and Unified Computing System UCS 6200 devices before 2.01w allows remote attackers to cause a denial of service device reload by sending a jumbo packet to the management interface, aka Bug IDs...

CVE-2013-1181

Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.03N22, Nexus 3000 devices 5.x before 5.03U32, and Unified Computing System UCS 6200 devices before 2.01w allows remote attackers to cause a denial of service device reload by sending a jumbo packet to the management interface, aka Bug IDs...

CVE-2013-1184

CVE-2013-1184 affects Cisco UCS Manager (XML API management service) in UCS 1.x before 1.2(1b). The Management API can be triggered by a malformed request to cause a denial-of-service (service outage). Affected component: XML API management service in the Manager. Root cause: malformed request ha...

CVE-2013-1182

The CVE-2013-1182 issue affects Cisco UCS: the login page of the UCS Manager Web Console allows remote LDAP authentication bypass via a malformed request in versions prior to 1.0(2h), 1.1 prior to 1.1(1j), and 1.3(x). Root cause is an LDAP authentication bypass in the Web Console login flow. Impa...

CVE-2013-1181

Cisco NX-OS-based products (Nexus 5500, Nexus 3000, UCS 6200) are affected by CVE-2013-1181. The issue allows remote attackers to trigger a denial-of-service (device reload) by sending a jumbo packet to the management interface. Affected ranges noted as Nexus 5500 4.x/5.x before 5.0(3)N2(2), Nexu...

CVE-2013-1186

CVE-2013-1186 concerns Cisco UCS: versions 1.x before 1.4(4) and 2.x before 2.0(2m) are affected by a KVM authentication bypass via a crafted IMC authentication request. The issue is part of a Cisco UCS multi-vulnerability set; other CVEs (1182–1185) accompany it. Affected component is the Cisco ...

Oracle Delays Java 8 Features for Security Overhaul

It’s not quite the development freeze Microsoft underwent during the Trustworthy Computing push, but it’s a start for Oracle, which will delay the release of Java 8 until Q1 of next year, largely because the platform and browser plug-in is such a security disaster. This year has done nothing but...

Cisco Releases Security Advisories

Cisco has released three security advisories to address vulnerabilities affecting Cisco NX-OS-based products, Cisco Device Manager, and Cisco Unified Computing System. These vulnerabilities may allow an attacker to bypass authentication controls, execute arbitrary code, obtain sensitive...

The PCI DSS Cloud Computing Guidelines: An Executive Summary

The PCI SSC and its Cloud Special Interest Group has released its Cloud Computing Guidelines after a year of collaboration and input from SIG members. Coalfire was a big contributor to this document, and we think it is required reading for anyone who has front-line responsibility for managing...

DoD Inspector General Calls Out Army CIO For Poor Mobile Device Security

The CIO of the U.S. Army failed to put in place a comprehensive security program capable of protecting data stored on commercial mobile devices such as iPhones and Androids, leaving sensitive information in key Army installations exposed. The Inspector General of the Department of Defense took th...

Fedora Update for eucalyptus FEDORA-2013-3498

Check for the Version of eucalyptus OpenVAS Vulnerability Test Fedora Update for eucalyptus FEDORA-2013-3498 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

[SECURITY] Fedora 18 Update: eucalyptus-3.2.1-2.fc18

Eucalyptus is a service overlay that implements elastic computing using existing resources. The goal of Eucalyptus is to allow sites with existing clusters and server infrastructure to co-host an elastic computing service that is interface-compatible with Amazon AWS. This package contains the...

Smartphones cache poses huge risk for Cloud Storage Security

A couple of years ago, the tech world was abuzz about the cloud. Cloud computing refers to computing where the processing or storage takes place on a networked series of computers rather than on the device that you're using. Whether you're using a PC, laptop, tablet, smartphone, television, or...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise 1.1.2 update

Red Hat OpenShift Enterprise 1.1.2, which fixes several security issues, is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for eac...

[SECURITY] Fedora 17 Update: openstack-nova-2012.1.3-3.fc17

OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...

Fedora Update for jakarta-commons-httpclient FEDORA-2013-1203

Check for the Version of jakarta-commons-httpclient OpenVAS Vulnerability Test Fedora Update for jakarta-commons-httpclient FEDORA-2013-1203 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

Fedora Update for jakarta-commons-httpclient FEDORA-2013-1189

Check for the Version of jakarta-commons-httpclient OpenVAS Vulnerability Test Fedora Update for jakarta-commons-httpclient FEDORA-2013-1189 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

[SECURITY] Fedora 17 Update: jakarta-commons-httpclient-3.1-12.fc17

The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of...

[SECURITY] Fedora 18 Update: jakarta-commons-httpclient-3.1-12.fc18

The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of...

[SECURITY] Fedora 18 Update: openstack-nova-2012.2.2-1.fc18

OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...