Citrix Application Delivery Management (ADM) Agent Security Update
CTX247738 NewApplicable Products : Citrix Application Delivery ManagementA vulnerability has been identified in Citrix Application Delivery Management Agent that could allow an unauthenticated attacker with network access to the management agent interface to obtain sensitive information. Disclosed information could be...
Citrix XenServer Multiple Security Updates
CTX246572 NewApplicable Products : XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.1 LTSR Cumulative Update 2, XenServer 7.5, XenServer 7.6A number of security vulnerabilities have been identified in Citrix XenServer that, depending on configuration, may allow a malicious user of a PV...
TLS Padding Oracle Vulnerability in Citrix Application Delivery Controller (ADC) and NetScaler Gateway
CTX240139 NewApplicable Products : NetScaler 10.5, NetScaler 11.0, NetScaler 11.1, NetScaler 12.0, NetScaler 12.1, NetScaler Gateway 10.5, NetScaler Gateway 11.0, NetScaler Gateway 11.1, NetScaler Gateway 12.0A vulnerability has been identified in the Citrix Application Delivery Controller (ADC) formally known as NetScaler ADC and NetScaler Gateway platforms using hardware...
Citrix XenServer Security Update
CTX239432 NewApplicable Products : XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.5, XenServer 7.6A number of security vulnerabilities have been identified in Citrix XenServer that have deployment-dependent impacts.These issues affect the following supported versions of Citrix XenServer:Citrix XenServer 7.6 Citrix XenServer...
Citrix XenServer Security Update
CTX239100 NewApplicable Products : XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.5, XenServer 7.6A security issue has been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to crash the host.This issue affects the following versions...
Cross-Site Scripting Vulnerability in Citrix NetScaler
CTX239002 NewApplicable Products : NetScaler 10.1, NetScaler 10.5, NetScaler 11.0, NetScaler 11.1, NetScaler 12.0, NetScaler 12.1A Cross-Site Scripting (XSS) vulnerability has been identified in Citrix NetScaler Gateway, formerly known as Citrix Access Gateway Enterprise Edition. This vulnerability could potentially be used to execute malicious client-side script...
Citrix ShareFile StorageZones Controller Multiple Security Updates
CTX238022 UpdatedApplicable Products : ShareFileTwo security issues have been identified within Citrix ShareFile StorageZones Controller that, if exploited, could allow a compromised or malicious ShareFile user to write arbitrary files as that Active Directory user to the local file system,...
XenServer Multiple Security Updates
CTX236548 NewApplicable Products : XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.4, XenServer 7.5Several security issues have been identified that impact XenServer. Customers should consider these issues and determine possible impact to their own systems. These updates provide a mitigation for recently...
Citrix XenServer Multiple Security Updates
CTX235748 UpdatedApplicable Products : XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.3, XenServer 7.4, XenServer 7.5Two issues have been identified within Citrix XenServer, which could, if exploited, allow unprivileged code in a PV guest VM to cause the host to crash or...
Citrix XenServer Security Update for CVE-2018-3665
CTX235745 NewApplicable Products : XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.3, XenServer 7.4, XenServer 7.5An issue has been identified in certain CPUs that may allow code running in a guest VM to read data from another process in the same VM...
Citrix XenServer Security Update for CVE-2018-3639
CTX235225 NewApplicable Products : XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.3, XenServer 7.4CVE-2018-3639 Speculative Store Bypass Disable is an issue that may affect third-party software that runs in guest VMs on Citrix XenServer. This is not an issue caused by...
Citrix XenMobile 10.x Multiple Security Updates
CTX234879 NewApplicable Products : XenMobile 10.7, XenMobile 10.8A number of security vulnerabilities have been identified in Citrix XenMobile Server. The vulnerabilities have been assigned the following CVE numbers. Affecting XenMobile Server 10.7 and 10.8:CVE-2018-10653 (High): XML External Entity (XXE) Processing Vulnerability in...
Vulnerability in Citrix NetScaler Application Delivery Controller and NetScaler Gateway leading to arbitrary code execution and host compromise
CTX234869 UpdatedApplicable Products : NetScaler Gateway 10.5, NetScaler Gateway 11.0, NetScaler Gateway 11.1, NetScaler Gateway 12.0A flaw has been identified in the AppFirewall feature of Citrix NetScaler Application Delivery Controller (ADC) and Citrix NetScaler Gateway that could result in arbitrary code execution and...
Citrix XenServer Multiple Security Updates
CTX231390 UpdatedApplicable Products : XenServer 6.0.2, XenServer 6.2.0, XenServer 6.5, XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.2, XenServer 7.3Due to concerns about the robustness of some of the Intel microcode updates included in the earlier hotfixes for these issues (XS71ECU1009, XS72E013 and XS73E001),...
Citrix XenServer Multiple Security Updates
CTX234679 UpdatedApplicable Products : XenServer 6.0.2, XenServer 6.2.0, XenServer 6.5, XenServer 7.0, XenServer 7.1, XenServer 7.2, XenServer 7.3, XenServer 7.4A number of security vulnerabilities have been identified in Citrix XenServer that may allow malicious code running in a PV guest VM to compromise the host and malicious...
Norwegian aluminum producer Norsk Hydro hit by an unspecified cyberattack
Norwegian aluminum producer Norsk Hydro was hit by a cyber attack which began Monday evening and escalated into the night.
The Norwegian National Security Authority (NSM) declined to comment on what type of attack it was but said the extent...
Glitch exposes Sprint customer data to other users
A bug
has allowed some Sprint customers to see the personal data of other customers from
their online accounts.
The information visible includes names, cell phone numbers as well as calls made by other users and, and a Tech Crunch report cited...
6 Ways Mature DevOps Teams Are Killing It in Security
New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled
Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…
Old Tech Spills Digital Dirt on Past Owners
Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.
