Tuesday, May 26, 2020
Citrix

Citrix ShareFile storage zones Controller multiple security updates

CTX269106 NewCitrix ShareFile storage zones Controller multiple security updatesApplicable Products :  ShareFileSecurity issues have been identified in customer-managed Citrix ShareFile storage zone controllers. These vulnerabilities, if exploited, would allow an unauthenticated attacker to compromise the storage zones controller potentially giving...
Citrix

Citrix Hypervisor Security Update

CTX272237 NewCitrix Hypervisor Security UpdateApplicable Products :  Citrix_HypervisorXenServerXenServer_7_1_Cumulative_Update_2An issue has been discovered in Citrix Hypervisor that, if exploited, could potentially allow an attacker on the management network to enumerate valid administrative account usernames.  Note that this attack does not disclose...
Citrix

Citrix Hypervisor Multiple Security Updates

CTX270837 NewCitrix Hypervisor Multiple Security UpdatesApplicable Products :  Citrix_Hypervisor_8_0Citrix_Hypervisor_8_1XenServer_7_0XenServer_7_1_Cumulative_Update_2Several issues have been identified within Citrix Hypervisor, which could, if exploited, allow:privileged code in a PV guest VM to read a single uninitialized 4kB page of memory (that may contain data...
Citrix

CVE-2020-6175 – Citrix SD-WAN Security Update

CTX263526 NewApplicable Products :  Citrix SD-WAN, Citrix SD-WAN 10.1, NetScaler SD-WAN 10.0An information disclosure vulnerability has been identified in the Citrix SD-WAN Appliance. This vulnerability could allow an unauthenticated attacker to perform a man-in-the-middle attack against management traffic. The vulnerability has been...
Citrix

CVE-2019-19781 – Vulnerability in Citrix Application Delivery Controller and Citrix Gateway

CTX267027 NewApplicable Products :  Citrix ADC, Citrix Gateway, NetScaler, NetScaler GatewayA vulnerability  has been identified in Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway that, if exploited, could allow an unauthenticated attacker to...
Citrix

Citrix Hypervisor Security Update

CTX266932 NewApplicable Products :  Citrix Hypervisor 8.0, XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 2, XenServer 7.6A number of vulnerabilities have been found in Citrix Hypervisor (formerly Citrix XenServer) that may:i. Allow the host to be compromised by privileged code in a PV...
Citrix

Citrix ADC and Citrix Gateway Security Update (CVE-2019-0140)

CTX263807 NewApplicable Products :  Citrix ADC, Citrix GatewayA vulnerability has been identified affecting Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC, and Citrix Gateway, formerly known as NetScaler Gateway, platforms which could result in privilege escalation via  layer 2...
Citrix

Citrix Hypervisor Security Update

CTX263684 NewApplicable Products :  Citrix Hypervisor 8.0, XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 2, XenServer 7.6A security issue has been identified in certain CPU hardware that may allow unprivileged code running on a CPU core to infer the value of memory data...
Citrix

Hypervisor Security Update

CTX263477 NewApplicable Products :  Citrix Hypervisor 8.0, XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 2, XenServer 7.6A number of vulnerabilities have been found in Citrix Hypervisor (formerly Citrix XenServer) that allow the host to be compromised by:i. Privileged code in a guest VM...
Citrix

Authentication Bypass Vulnerability in Citrix ADC and Citrix Gateway Management Interface

CTX261055 NewApplicable Products :  Citrix ADC, Citrix Gateway, NetScaler GatewayA vulnerability has been identified in the management interface of Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway that, if exploited, could allow...
Citrix

CVE-2019-TBD – Citrix Application Delivery Management (ADM) Console Security Update

CTX261735 NewApplicable Products :  Citrix Application Delivery ManagementAn authorisation bypass vulnerability was discovered in the Citrix Application Delivery Management (ADM) server. The vulnerability allows a Citrix ADM user with read-only privilege to access a managed instances with admin level permissions....
Citrix

Multiple Vulnerabilities in Citrix License Server for Windows and VPX

CTX261963 NewApplicable Products :  LicensingMultiple Denial-of-Service vulnerabilities have been identified in Citrix License Server for Windows and VPX that, when exploited, could result in an attacker being able to force the vendor service to shutdown. These vulnerabilities have been assigned...
Citrix

Citrix SD-WAN Security Update

CTX256918 NewApplicable Products :  Citrix SD-WANMultiple denial of service vulnerabilities have been identified in the Citrix SD-WAN Appliance and Citrix SD-WAN Center Management Console. These vulnerabilities could permit a remote attacker to cause a denial of service by causing a...
Citrix

CVE-2019-13609 – CRLF Vulnerability in Citrix License Server for Windows and VPX

CTX257644 UpdatedApplicable Products :  LicensingA Carriage Return Line Feed (CRLF) injection vulnerability has been identified in Citrix License Server for Windows and VPX that could allow an unauthenticated attacker to bypass authentication and allow a malicious website to read or...
Citrix

CVE-2008-1447 – Vulnerability in NetScaler and Access Gateway Enterprise Edition could result in DNS Cache Poisoning

CTX117991 UpdatedApplicable Products :  Access Gateway 8.0 Enterprise Edition, Access Gateway 8.1 Enterprise Edition, NetScaler 8.0, NetScaler 8.1Description of ProblemA vulnerability has been identified in the Citrix NetScaler and Access Gateway Enterprise Edition appliances that could result in Domain Name System (DNS) cache...

New iOS Jailbreak Tool Works on iPhone Models iOS 11 to iOS 13.5

Latest version of UnC0ver uses unpatched zero-day exploit to take complete control of devices, even those running iOS 13.5.
Bruce Schneier

Bluetooth Vulnerability: BIAS

This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device: Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. The Bluetooth standard includes a legacy authentication...
Tripwire

Updated AnarchyGrabber Steals Passwords, Spreads to Discord Friends

Researchers found an updated version of AnarchyGrabber that steals victims’ plaintext passwords for and infects victims’ friends on Discord. Detected as AnarchyGrabber3, the new trojan variant modified the Discord client’s %AppData%Discordmodulesdiscord_desktop_coreindex.js file upon successful installation. This process gave the...
ZDNet

Forescout files lawsuit against Advent for withdrawal of merger plans due to COVID-19

Advent says the pandemic has resulted in “material” changes at Forescout. The company disagrees.

How To Achieve Balance Between Cybersecurity And The User Experience

Usability and security go hand in hand. If you have usability, then by default, you should have security designed into it.