iOS, OS X Library AFNetwork Patches MiTM Vulnerability

Until yesterday, a popular networking library for iOS and OS X used in apps such as Pinterest and Simple was susceptible to SSL man-in-the-middle MiTM attacks. The developer behind the framework AFNetworking on Thursday pushed a fix for the issue, a logic flaw. The flaw had lingered in the wild f...

Spybot Search & Destroy 1.6.2 Security Center Service - Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits Spybot Search & Destroy 1.6.2 Security Center Service Privilege Escalation Vendor: Safer-Networking Ltd. Product web page: http://www.safer-networking.org Affected version: 1.6.2 Summary: Spybot – Search & Destroy S&D is a spyware and adware...

Design/Logic Flaw

The Autonomic Networking Infrastructure ANI implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service disrupted domain access via spoofed AN messages that reset a finite state machine,...

Design/Logic Flaw

The Autonomic Networking Infrastructure ANI implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service device reload via spoofed AN messages, aka Bug ID CSCup62315...

Design/Logic Flaw

The Autonomic Networking Infrastructure ANI implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority ANRA responses, and consequently bypass intended device and...

CVE-2015-0637

The Autonomic Networking Infrastructure ANI implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service device reload via spoofed AN messages, aka Bug ID CSCup62315...

CVE-2015-0636

The Autonomic Networking Infrastructure ANI implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service disrupted domain access via spoofed AN messages that reset a finite state machine,...

CVE-2015-0635

CVE-2015-0635 affects Cisco IOS and IOS XE ANI (Autonomic Networking Infrastructure). Affected: IOS 12.2, 12.4, 15.0–15.4 and IOS XE 3.10.xS–3.13.xS before 3.13.1S. Vulnerable component: ANI implementation handling Autonomic Networking (AN) messages/ANRA responses. Root cause: improper validation...

Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure

The Autonomic Networking Infrastructure ANI feature of Cisco IOS Software and IOS XE Software has multiple vulnerabilities which could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or gain limited command and control of the device. Autonomic Networking...

Cisco IOS Autonomic Networking Infrastructure Denial of Service Vulnerability

Cisco IOS is an operating system developed by Cisco for its network devices. A security vulnerability exists in the Autonomic Networking Infrastructure ANI implementation of Cisco IOS Release 15.4S and Release 15.43S. A remote attacker could exploit this vulnerability by sending specially crafted...

OpenDaylight Helium Authentication Bypass Vulnerability

Opendaylight, a project of the Linux Foundation in the United States, is a community-driven, open-source, software-defined networking framework that contains an ensemble of modules capable of performing networking tasks that need to be done quickly. An authentication bypass vulnerability exists i...

CVE-2015-0669

The Autonomic Networking Infrastructure ANI implementation in Cisco IOS 15.4S and 15.43S allows remote attackers to modify configuration settings or cause a denial of service partial service outage by sending crafted Autonomic Networking AN messages on an intranet network, aka Bug ID CSCup62167...

Cisco IOS Software Autonomic Networking Infrastructure Overwrite Vulnerability

A vulnerability in the Autonomic Networking Infrastructure ANI feature of Cisco IOS software could allow an unauthenticated, remote attacker to overwrite some configuration values received via ANI. The vulnerability is due to insufficient validation of received Autonomic Networking AN messages. A...

Citrix Command Center - Credential Disclosure

Abstract It was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this folder, decode passwords stored in these files...

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2015:0290 Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the first regul...

Spybot Search And Destroy 1.6.2 Privilege Escalation

Spybot Search & Destroy 1.6.2 Security Center Service Privilege Escalation Vendor: Safer-Networking Ltd. Product web page: http://www.safer-networking.org Affected version: 1.6.2 Summary: Spybot – Search & Destroy S&D is a spyware and adware removal computer program compatible with Microsoft...

Spybot Search Destroy 1.6.2 Security Center Service - Local Privilege Escalation

Spybot Search Destroy 1.6.2 Security Center Service - Local Privilege Escalation Spybot Search & Destroy 1.6.2 Security Center Service Privilege Escalation Vendor: Safer-Networking Ltd. Product web page: http://www.safer-networking.org Affected version: 1.6.2 Summary: Spybot – Search & Destroy...

Spybot Search & Destroy 1.6.2 Security Center Service - Local Privilege Escalation

Spybot Search & Destroy 1.6.2 Security Center Service Privilege Escalation Vendor: Safer-Networking Ltd. Product web page: http://www.safer-networking.org Affected version: 1.6.2 Summary: Spybot – Search & Destroy S&D is a spyware and adware removal computer program compatible with Microsoft...

Code injection

The Autonomic Networking Infrastructure ANI implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking AN message, aka Bug ID CSCup62157...

CVE-2015-0659

CVE-2015-0659 concerns Cisco IOS Autonomic Networking Infrastructure (ANI). The ANI implementation allows remote attackers to trigger self-referential adjacencies by sending crafted Autonomic Networking (AN) messages (Bug ID CSCup62157). Affected: ANI component of Cisco IOS. Reported impact indic...