Cisco IOS/IOS XE Malformed ANRA Answer Message Restriction Bypass Denial of Service Vulnerability

Cisco IOS is a popular Internet operating system. A security vulnerability exists in the Cisco IOS and Cisco IOS XE ANI implementations, which allows remote attackers to exploit the vulnerability to bypass device and node access notifications by sending spoofed ANRA response message telegrams or...

DLA-184-1 binutils - security update

Bulletin has no description...

RHEL 7 : kernel (RHSA-2015:0726)

Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

CVE-2015-0637

The Autonomic Networking Infrastructure ANI implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service device reload via spoofed AN messages, aka Bug ID CSCup62315...

CVE-2015-0636

The Autonomic Networking Infrastructure ANI implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service disrupted domain access via spoofed AN messages that reset a finite state machine,...

CVE-2015-0635

The Autonomic Networking Infrastructure ANI implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority ANRA responses, and consequently bypass intended device and...

CVE-2015-0635

The Autonomic Networking Infrastructure ANI implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority ANRA responses, and consequently bypass intended device and...

Debian DLA-37-1 : krb5 security update

Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2014-4341 An unauthenticated remote attacker with the ability to inject packets into a legitimately established GSSAPI...

Wireshark SigComp UDVM Dissector Remote Code Execution - Ver2 (CVE-2010-2287)

A buffer overflow vulnerability has been reported in Wireshark. The vulnerability is due to incorrect implementation of the SigComp UDVM Dissector. An attacker can exploit this issue by sending a malicious sigComp traffic in the internet...

Security Audit Notes: OpenSSL d1_srvr.c Overflow - Advanced Information Security

-= Advanced Information Security Corporation =- ------------------------------------------------------------------------ Author: Nicholas Lemonias Type: Security Audit Notes Date: 17/3/2015 Email: lem.nikolas at gmail dot com Audit: OpenSSL v1.0.2 22nd of January, 2015 Release...

Code injection

The DNS implementation in Cisco Videoscape Distribution Suite for Internet Streaming VDS-IS 3.21 allows remote attackers to cause a denial of service CPU consumption and network-resource consumption via crafted packets, aka Bug ID CSCun15911...

CVE-2015-0293

The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service s2lib.c assertion failure and daemon exit via a crafted CLIENT-MASTER-KEY message...

CVE-2015-0289

The PKCS7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service NULL pointer dereference and application crash by leveraging an applicati...

CVE-2015-0289

The PKCS7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service NULL pointer dereference and application crash by leveraging an applicati...

Mandriva Linux Security Advisory : kernel (MDVSA-2015:058)

Multiple vulnerabilities has been found and corrected in the Linux kernel : The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a module name in the salgname field, a different vulnerability than...

Vulnerability in OpenSSL - Multiblock corrupted pointer

Multiblock corrupted pointer. OpenSSL 1.0.2 introduced the “multiblock” performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of “multiblock” can cause OpenSSL’s internal write buffer to become...

Vulnerability in OpenSSL - Segmentation fault in DTLSv1_listen

Segmentation fault in DTLSv1listen. A defect in the implementation of DTLSv1listen means that state is preserved in the SSL object from one invocation to the next that can lead to a segmentation fault. Errors processing the initial ClientHello can trigger this scenario. An example of such an erro...

CVE-2015-0289

Summary: CVE-2015-0289 is a denial-of-service vulnerability in OpenSSL arising from incorrect handling of PKCS#7 data (NULL pointer dereference) during processing of PKCS#7 structures. The issue exists in the PKCS#7 parsing path and is triggered by malformed PKCS#7 inputs, potentially crashing ap...

CVE-2015-0274

The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service transaction overrun and data corruption or possibly gain privileges by leveraging XFS filesystem access...