Linux kernel KVM subsystem vulnerability CVE-2019-6974
Linux kernel KVM subsystem vulnerability CVE-2019-6974 Security Advisory Security Advisory Description In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles ...
BIG-IP AFM SQL injection vulnerability CVE-2019-6658
BIG-IP AFM SQL injection vulnerability CVE-2019-6658 Security Advisory Security Advisory Description A vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user ...
Excess resource consumption due to low MSS values vulnerability CVE-2019-11479
Excess resource consumption due to low MSS values vulnerability CVE-2019-11479 Security Advisory Security Advisory Description Jonathan Looney discovered that the Linux kernel default MSS is hard- ...
HTTP/2 Settings Flood vulnerability CVE-2019-9515
HTTP/2 Settings Flood vulnerability CVE-2019-9515 Security Advisory Security Advisory Description Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of ...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability
A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due...
Intel CPU vulnerability CVE-2019-11135
Intel CPU vulnerability CVE-2019-11135 Security Advisory Security Advisory Description TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user ...
Trusted Platform Module (TPM) vulnerabilities CVE-2019-11090 and CVE-2019-16863
Trusted Platform Module (TPM) vulnerabilities CVE-2019-11090 and CVE-2019-16863 Security Advisory Security Advisory Description CVE-2019-11090 ** RESERVED ** This candidate has been reserved by an ...
BIG-IP APM apd vulnerability CVE-2019-6661
BIG-IP APM apd vulnerability CVE-2019-6661 Security Advisory Security Advisory Description When the BIG-IP APM system processes certain requests, the apd/apmd process may consume excessive resources.
TMOS vulnerability CVE-2019-6664
TMOS vulnerability CVE-2019-6664 Security Advisory Security Advisory Description Under certain conditions, network protections on the management port do not follow current best practices. (CVE- ...
BIG-IP restjavad vulnerability CVE-2019-6662
BIG-IP restjavad vulnerability CVE-2019-6662 Security Advisory Security Advisory Description Sensitive information is logged into the local log files and/or remote logging targets when restjavad ...
BIG-IP / BIG-IQ / Enterprise Manager / F5 iWorkflow Configuration utility vulnerability CVE-2019-6663
BIG-IP / BIG-IQ / Enterprise Manager / F5 iWorkflow Configuration utility vulnerability CVE-2019-6663 Security Advisory Security Advisory Description The BIG-IP / BIG-IQ / Enterprise Manager / F5 ...
iControl REST logs a plaintext password when the syntax of a cURL request is incorrect
iControl REST logs a plaintext password when the syntax of a cURL request is incorrect Security Advisory Security Advisory Description The BIG-IP system logs the device password in plaintext. This ...
BIG-IP ASM JSON websocket security exposure
BIG-IP ASM JSON websocket security exposure Security Advisory Security Advisory Description The BIG-IP ASM system may fail to block bad JSON websocket requests. This issue occurs when all of the ...
TLS 1.3 vulnerability CVE-2019-6659
TLS 1.3 vulnerability CVE-2019-6659 Security Advisory Security Advisory Description BIG-IP virtual servers with TLS 1.3 enabled may experience a denial-of-service (DoS) due to undisclosed incoming ...
TMM vulnerability CVE-2019-6660
TMM vulnerability CVE-2019-6660 Security Advisory Security Advisory Description Undisclosed HTTP requests may consume excessive amounts of system resources, which may cause a denial-of-service (DoS).
NCSC-NZ Releases Annual Cyber Threat Report
Original release date: November 14, 2019The New Zealand National Cyber Security Centre (NCSC-NZ) has released their annual report detailing cyber threats and incidents affecting New Zealand from July 2018 to June 2019. During this period, NCSC-NZ recorded an increase...
Philips IntelliBridge EC40/80
This advisory contains mitigations for an inadequate encryption strength vulnerability in Philips' IntelliBridge EC 40/80 data hub.
Siemens Mentor Nucleus Networking Module
This advisory includes mitigations for an improper input validation vulnerability in Siemens’ Mentor Nucleus networking modules.
Siemens S7-1200 CPU
This advisory contains information and mitigation recommendations for an exposed dangerous method or function vulnerability in the Siemens S7-1200 CPU.
Siemens Desigo PX Devices
This advisory contains information and mitigation recommendations for an external control of assumed-immutable web parameter vulnerability in Siemens' Desigo PX device web interface.
LINE Launches Public Bug Bounty Program on HackerOne
Japan-based communications company LINE Corporation today announced the launch of a public bug bounty program on hacker-powered pentest and bug bounty platform HackerOne.
Launched in 2011, LINE has grown to become one of the largest social platforms in the world,...
Try as they might, ransomware crooks can’t hide their tells when playing hands
Sophos sees common behavior across various infections Common behaviors shared across all families of ransomware are helping security vendors better spot and isolate attacks.…
Google Chrome experiment crashes browser tabs, impacts companies worldwide
In what looks to be the Chrome team's biggest misstep, companies report massive outages caused by unannounced Chrome experiment.
Threat actor impersonates German, Italian and American gov’t agencies to spread malware
Since October, a threat actor has been impersonating governmental agencies in phishing emails designed to infect American, German and Italian organizations with various forms of malware, including the Cobalt Strike backdoor, Maze ransomware and the IcedID banking trojan.
Business and...
GitHub launches ‘Security Lab’ to help secure open source ecosystem
Fourteen companies unite get together to search, find, and fix security flaws in GitHub-hosted open source projects.
