Friday, May 20, 2022
F5 Networks

K48127735: Apache log4net Vulnerability CVE-2018-1285

Apache log4net Vulnerability CVE-2018-1285 Security Advisory Security Advisory Description Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net ...
F5 Networks

K05328500: MySQL vulnerability CVE-2022-21490

MySQL vulnerability CVE-2022-21490 Security Advisory Security Advisory Description Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that ...
F5 Networks

K04665443: OpenSSH vulnerability CVE-2021-36368

OpenSSH vulnerability CVE-2021-36368 Security Advisory Security Advisory Description ** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication ...
F5 Networks

K31323265: OpenSSL vulnerability CVE-2022-0778

OpenSSL vulnerability CVE-2022-0778 Security Advisory Security Advisory Description The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop ...
F5 Networks

K03007515: Linux kernel vulnerabilities CVE-2018-7755 and CVE-2019-14283

Linux kernel vulnerabilities CVE-2018-7755 and CVE-2019-14283 Security Advisory Security Advisory Description CVE-2018-7755 An issue was discovered in the fd_locked_ioctl function in drivers/block ...
MSRC

Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards

“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased: His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking Companion: His two cats. They’re always by his side...
DHS

Mitsubishi Electric MELSEC iQ-F Series

This advisory contains mitigations for Improper Input Validation vulnerabilities in Mitsubishi Electric MELSEC iQ-F Series CPU modules.
F5 Networks

K11414891: Linux Kernel vulnerability CVE-2018-13053

Linux Kernel vulnerability CVE-2018-13053 Security Advisory Security Advisory Description The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an ...
F5 Networks

K27003374: Linux Kernel vulnerability CVE-2018-14734

Linux Kernel vulnerability CVE-2018-14734 Security Advisory Security Advisory Description drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a ...
F5 Networks

K57454331: Linux Kernel vulnerability CVE-2018-10853

Linux Kernel vulnerability CVE-2018-10853 Security Advisory Security Advisory Description A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/ ...
F5 Networks

K21548854: zlib vulnerability CVE-2018-25032

zlib vulnerability CVE-2018-25032 Security Advisory Security Advisory Description zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant ...
F5 Networks

K83120834: Diffie-Hellman key agreement protocol vulnerability CVE-2002-20001

Diffie-Hellman key agreement protocol vulnerability CVE-2002-20001 Security Advisory Security Advisory Description The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the ...
F5 Networks

K82896488: Cyrus SASL vulnerability CVE-2022-24407

Cyrus SASL vulnerability CVE-2022-24407 Security Advisory Security Advisory Description In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL ...
F5 Networks

K91589041: Expat vulnerabilities CVE-2021-45960, CVE-2022-22825, CVE-2022-22826, and CVE-2022-22827

Expat vulnerabilities CVE-2021-45960, CVE-2022-22825, CVE-2022-22826, and CVE-2022-22827 Security Advisory Security Advisory Description CVE-2021-45960 In Expat (aka libexpat) before 2.4.3, a left ...
F5 Networks

K18484125: Eclipse Jetty vulnerability CVE-2020-27216

Eclipse Jetty vulnerability CVE-2020-27216 Security Advisory Security Advisory Description In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 ...
The Register

Microsoft patches the patch that broke Windows authentication

May 10 update addressed serious vulns but also had problems of its own Microsoft has released an out-of-band patch to deal with an authentication issue that was introduced in the May 10 Windows update.…

Closing the Gap Between Application Security and Observability

Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell. 
SecurityWeek

Nikkei Says Customer Data Likely Impacted in Ransomware Attack

Asian media giant Nikkei has disclosed a ransomware attack that might have impacted customer data. read more

New Open Source Project Brings Consistent Identity Access to Multicloud

Hexa and IDQL allows organizations using cloud platforms such as Microsoft Azure, Amazon Web Services, and Google Cloud Platform to apply consistent access policy across all applications, regardless of environment.
SecurityWeek

New Brute Force Attacks Against SQL Servers Use PowerShell Wrapper

Microsoft has warned organizations of a new wave of brute force cyberattacks that target SQL servers and use a rather uncommon living-off-the-land binary (LOLBin). Specifically, the attackers rely on a legitimate utility called sqlps.exe to achieve fileless persistence on SQL...