CVE-2014-3404

Cisco IOS XE's Autonomic Networking Infrastructure (ANI) has a certificate validation vulnerability (CVE-2014-3404) due to incomplete certificate validation in the ANI component. A remote attacker could send crafted messages to the ANI device and cause acceptance of an invalid message. The Cisco ...

CVE-2014-3403

The CVE-2014-3403 issue affects Cisco IOS XE Autonomic Networking Infrastructure (ANI). The vulnerability arises from incomplete certificate validation in ANI, enabling a remote attacker to spoof devices by sending crafted messages. The Cisco security advisory describes this as a certificate-vali...

F5 Networks BIG-IP : HTTP cookie vulnerability (SOL15406)

The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server. CVE-2004-0462 C Tenable Network Security, Inc. The...

F5 Networks BIG-IP : Linux kernel TCP ISN vulnerability (K15301)

The 1 IPv4 and 2 IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service disrupted networking or hijack network sessions by predicting...

Low: Red Hat Security Advisory: openstack-neutron security and bug fix update

Updated openstack-neutron packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System...

The relevant departments repair. Instagram can be accessed vulnerability-vulnerability warning-the black bar safety net

Today the Facebook-owned photo-sharing service Instagram be blocked in social networking sites such as Sina Weibo, Instagram search is also shielded. As early as this year 7 month, Instagram application from the main domestic third-party Android stores disappear. It is not possible to determine...

Dhclient Bash Environment Variable Injection Exploit

When bash is started with an environment variable that begins with the string " ", that variable is treated as a function definition and parsed as code. If extra commands are added after the function definition, they will be executed immediately. When dhclient receives an ACK that contains a doma...

[SECURITY] Fedora 20 Update: kdenetwork-4.14.1-1.fc20

Networking applications, including: kdenetwork-filesharing: Network filesharing kdnssd: Network Monitor for DNS-SD services Zeroconf kget: Downloade manager kopete: Chat client kppp: Dialer and front end for pppd krdc: Remote desktop client krfb: Desktop sharing...

Dhclient Bash Environment Variable Injection (Shellshock)

This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets dhclient by responding to DHCP requests with a malicious hostname, domainname, and URL which are then passed to the configuration scripts as environment...

CVE-2014-4752

IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM fo...

Hardcoded credentials

IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM fo...

CVE-2014-4752

CVE-2014-4752 affects IBM System Networking Switches and related components with hardcoded, non-changeable credentials in firmware, enabling remote access via unspecified attack vectors. Affected products include IBM Flex System Fabric EN4093/EN4093R 10Gb switches (<7.8.6.0), CN4093, SI4093, E...

Information disclosure

The Social Networking aka com.wSocialNetworkingSites application 0.33.13320.99980 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5937

The Social Networking aka com.wSocialNetworkingSites application 0.33.13320.99980 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5937

CVE-2014-5937 concerns the Android app “Social Networking” (package com.wSocialNetworkingSites) version 0.33.13320.99980. The root cause is that the application does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and obtain sensitive informat...

Input validation

VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security vCNS 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors...

CVE-2014-3796

VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security vCNS 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors...

CVE-2014-3796

CVE-2014-3796 concerns an input-validation vulnerability in VMware NSX and vCNS that could disclose sensitive information. Affected versions: NSX Edge 6.0.x prior to 6.0.6; vCNS Edge 5.5 prior to 5.5.3; vCNS Edge 5.1 prior to 5.1.4.2. Root cause is improper input validation, enabling information ...

CentOS 6 : kernel (CESA-2014:1167)

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20140909)

A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futexwait. A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could...