Saturday, January 19, 2019
Citrix

Citrix XenServer Security Update

CTX239432 NewApplicable Products :  XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.5, XenServer 7.6A number of security vulnerabilities have been identified in Citrix XenServer that have deployment-dependent impacts.These issues affect the following supported versions of Citrix XenServer:Citrix XenServer 7.6 Citrix XenServer...
Citrix

Citrix XenServer Security Update

CTX239100 NewApplicable Products :  XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.5, XenServer 7.6A security issue has been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to crash the host.This issue affects the following versions...
Citrix

Cross-Site Scripting Vulnerability in Citrix NetScaler

CTX239002 NewApplicable Products :  NetScaler 10.1, NetScaler 10.5, NetScaler 11.0, NetScaler 11.1, NetScaler 12.0, NetScaler 12.1A Cross-Site Scripting (XSS) vulnerability has been identified in Citrix NetScaler Gateway, formerly known as Citrix Access Gateway Enterprise Edition.  This vulnerability could potentially be used to execute malicious client-side script...
Citrix

Citrix ShareFile StorageZones Controller Multiple Security Updates

CTX238022 UpdatedApplicable Products :  ShareFileTwo security issues have been identified within Citrix ShareFile StorageZones Controller that, if exploited, could allow a compromised or malicious ShareFile user to write arbitrary files as that Active Directory user to the local file system,...
Citrix

XenServer Multiple Security Updates

CTX236548 NewApplicable Products :  XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.4, XenServer 7.5Several security issues have been identified that impact XenServer. Customers should consider these issues and determine possible impact to their own systems. These updates provide a mitigation for recently...
Citrix

Citrix XenServer Multiple Security Updates

CTX235748 UpdatedApplicable Products :  XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.3, XenServer 7.4, XenServer 7.5Two issues have been identified within Citrix XenServer, which could, if exploited, allow unprivileged code in a PV guest VM to cause the host to crash or...
Citrix

Citrix XenServer Security Update for CVE-2018-3665

CTX235745 NewApplicable Products :  XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.3, XenServer 7.4, XenServer 7.5An issue has been identified in certain CPUs that may allow code running in a guest VM to read data from another process in the same VM...
Citrix

Citrix XenServer Security Update for CVE-2018-3639

CTX235225 NewApplicable Products :  XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.3, XenServer 7.4CVE-2018-3639 Speculative Store Bypass Disable is an issue that may affect third-party software that runs in guest VMs on Citrix XenServer.  This is not an issue caused by...
Citrix

Citrix XenMobile 10.x Multiple Security Updates

CTX234879 NewApplicable Products :  XenMobile 10.7, XenMobile 10.8A number of security vulnerabilities have been identified in Citrix XenMobile Server.  The vulnerabilities have been assigned the following CVE numbers. Affecting XenMobile Server 10.7 and 10.8:CVE-2018-10653 (High): XML External Entity (XXE) Processing Vulnerability in...
Citrix

Vulnerability in Citrix NetScaler Application Delivery Controller and NetScaler Gateway leading to arbitrary code execution and host compromise

CTX234869 UpdatedApplicable Products :  NetScaler Gateway 10.5, NetScaler Gateway 11.0, NetScaler Gateway 11.1, NetScaler Gateway 12.0A flaw has been identified in the AppFirewall feature of Citrix NetScaler Application Delivery Controller (ADC) and Citrix NetScaler Gateway that could result in arbitrary code execution and...
Citrix

Citrix XenServer Multiple Security Updates

CTX231390 UpdatedApplicable Products :  XenServer 6.0.2, XenServer 6.2.0, XenServer 6.5, XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.2, XenServer 7.3Due to concerns about the robustness of some of the Intel microcode updates included in the earlier hotfixes for these issues (XS71ECU1009, XS72E013 and XS73E001),...
Citrix

Citrix XenServer Multiple Security Updates

CTX234679 UpdatedApplicable Products :  XenServer 6.0.2, XenServer 6.2.0, XenServer 6.5, XenServer 7.0, XenServer 7.1, XenServer 7.2, XenServer 7.3, XenServer 7.4A number of security vulnerabilities have been identified in Citrix XenServer that may allow malicious code running in a PV guest VM to compromise the host and malicious...
Citrix

Citrix XenServer Multiple Security Updates

CTX232096 NewApplicable Products :  XenServer 6.0.2, XenServer 6.2.0, XenServer 6.5A number of vulnerabilities have been identified within Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host. The following vulnerabilities have been addressed:CVE-2017-17563: broken...
Citrix

Citrix XenServer 7.2 Multiple Security Updates

CTX233832 NewApplicable Products :  XenServer 7.2A number of security issues have been identified within Citrix XenServer 7.2 which could, if exploited, allow a malicious man-in-the-middle (MiTM) attacker on the management network to decrypt management traffic. Collectively, this has been rated...
Citrix

Citrix XenServer Multiple Security Updates

CTX232655 NewApplicable Products :  XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.2, XenServer 7.3A number of vulnerabilities have been identified within Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host and, for...
ZDNet

Websites can steal browser data via extensions APIs

Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
Security Affairs

6 Reasons We Need to Boost Cybersecurity Focus in 2019

Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals,...
isBuzz

Fortnite Vulnerabilities Allow Hackers To Take Over Gamers’ Accounts, Data And In-Game Currency

Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information  as well...

DNC Accuses Russia, ACLU Sues ICE, and More Security News This Week

Trump dominated security headlines this week, but there's plenty of other news to catch up on.
SecurityWeek

Bulgaria Extradites Russian Hacker to US: Embassy

Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday. read more