Tuesday, January 28, 2020
F5 Networks

Apache Tomcat vulnerability CVE-2018-1336

Apache Tomcat vulnerability CVE-2018-1336 Security Advisory Security Advisory Description An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite ...
Cisco

Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections...
F5 Networks

Bash vulnerability CVE-2019-18276

Bash vulnerability CVE-2019-18276 Security Advisory Security Advisory Description An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is ...
F5 Networks

Linux kernel vulnerability CVE-2019-19069

Linux kernel vulnerability CVE-2019-19069 Security Advisory Security Advisory Description A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel ...

Vulnerability Summary for the Week of January 20, 2020

Original release date: January 27, 2020The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated...
Have I Been Pwned

Tout – 652,683 breached accounts

In approximately September 2014, the now defunct social networking service Tout suffered a data breach. The breach subsequently appeared years later and included 653k unique email addresses, names, IP addresses, the location of the user, their bio and passwords...
Cisco

Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join Vulnerability

A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile...
Cisco

Cisco IOS XR Software BGP EVPN Operational Routes Denial of Service Vulnerability

A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing...

Cisco Releases Security Updates

Original release date: January 24, 2020Cisco has released security updates to address a vulnerability affecting Cisco Webex Meetings Suite and Cisco Webex Meetings Online. A remote attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security...

NSA Releases Guidance on Mitigating Cloud Vulnerabilities

Original release date: January 24, 2020The National Security Agency (NSA) has released an information sheet with guidance on mitigating cloud vulnerabilities. NSA identifies cloud security components and discusses threat actors, cloud vulnerabilities, and potential mitigation measures. The Cybersecurity and Infrastructure...
Cisco

Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation...

Citrix Releases Security Updates for SD-WAN WANOP

Original release date: January 23, 2020Citrix has released security updates to address the CVE-2019-19781 vulnerability in Citrix SD-WAN WANOP. An attacker could exploit this vulnerability to take control of an affected system. Citrix has also released an Indicators of...
F5 Networks

Linux kernel vulnerability CVE-2019-19057

Linux kernel vulnerability CVE-2019-19057 Security Advisory Security Advisory Description Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie ...
F5 Networks

Apache Tomcat vulnerability CVE-2019-17563

Apache Tomcat vulnerability CVE-2019-17563 Security Advisory Security Advisory Description When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 ...

Cisco Releases Security Updates

Original release date: January 23, 2020Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the...
DHS

GE CARESCAPE, ApexPro, and Clinical Information Center systems

This advisory contains mitigations for multiple vulnerabilities in the GE CARESCAPE ApexPro and Clinical Information Center (CIC) healthcare monitoring platforms.
F5 Networks

Linux kernel vulnerability CVE-2019-19058

Linux kernel vulnerability CVE-2019-19058 Security Advisory Security Advisory Description A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux ...
F5 Networks

Linux kernel vulnerability CVE-2019-14896

Linux kernel vulnerability CVE-2019-14896 Security Advisory Security Advisory Description A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in ...
F5 Networks

Linux kernel vulnerabilities CVE-2019-19061 CVE-2019-19077 CVE-2019-19078 CVE-2019-19080 CVE-2019-19082

Linux kernel vulnerabilities CVE-2019-19061 CVE-2019-19077 CVE-2019-19078 CVE-2019-19080 CVE-2019-19082 Security Advisory Security Advisory Description CVE-2019-19061 A memory leak in the adis_ ...
Cisco

Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due...
ZDNet

DEF CON China conference put on hold due to coronavirus outbreak

DEF CON team is hoping that the 2019-nCoV outbreak will improve and they can go on as planned, or reschedule.
The Register

Remember the Clipper chip? NSA’s botched backdoor-for-Feds from 1993 still influences today’s encryption debates

We'll laugh at today's mandated holes in the same way we laugh at those from 25 years ago Enigma  More than a quarter century after its introduction, the failed rollout of hardware deliberately backdoored by the NSA is still...

Average Ransomware Payments More Than Doubled in Q4 2019

Ransomware attackers collected an average of around $84,000 from victim organizations, up from $41,000 in Q3 of 2018, Coveware says.
The Security Ledger

Seven Years Later, Scores of EAS Systems sit Un-patched, Vulnerable

Two years after a false EAS alert about an incoming ICBM sowed terror in Hawaii, and seven years after security researchers warned about insecure, Internet connected Emergency Alert System (EAS) hardware, scores of the devices across the U.S. remain...

One Small Fix Would Curb Stingray Surveillance

The technology needed to limit stingrays is clear—but good luck getting telecoms on board.