The IPTables firewall in OpenStack Neutron 7.0.x through 7.0.4 (Liberty) and 8.0.x through 8.1.0 (Mitaka) allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.
Monthly Archives: June 2016
CVE-2016-5363
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic.
CVE-2016-5433
Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors.
SAP NetWeaver AS JAVA 7.5 Directory Traversal
SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from a directory traversal vulnerability.
Threatpost News Wrap, June 17, 2016
Mike Mimoso and Chris Brook discuss the news of the week, including a password issue at Github, the xDedic marketplace, and another Flash zero day.
Breached Credentials Used to Access Github Repositories
Password reuse strikes GitHub users, some of whom will have to reset their credentials after unauthorized attempts were made to access a large number of GitHub accounts.