Tuesday, March 19, 2019
F5 Networks

OpenSSL vulnerability CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 Security Advisory Security Advisory Description If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_ ...
F5 Networks

PHP vulnerabilities CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, and CVE-2019-9641

PHP vulnerabilities CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, and CVE-2019-9641 Security Advisory Security Advisory Description CVE-2019-9638 An issue was discovered in the EXIF component in ...
F5 Networks

BIND vulnerability CVE-2018-5745

BIND vulnerability CVE-2018-5745 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a ...
F5 Networks

BIG-IP ARM BGP vulnerability CVE-2018-17539

BIG-IP ARM BGP vulnerability CVE-2018-17539 Security Advisory Security Advisory Description The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 ...
F5 Networks

Linux kernel vulnerability CVE-2017-9077

Linux kernel vulnerability CVE-2017-9077 Security Advisory Security Advisory Description The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles ...
F5 Networks

Linux kernel vulnerability CVE-2018-5390

Linux kernel vulnerability CVE-2018-5390 Security Advisory Security Advisory Description Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_ ...
F5 Networks

Linux kernel vulnerability CVE-2017-9075

Linux kernel vulnerability CVE-2017-9075 Security Advisory Security Advisory Description The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles ...
F5 Networks

Linux kernel vulnerability CVE-2017-9076

Linux kernel vulnerability CVE-2017-9076 Security Advisory Security Advisory Description The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles ...
F5 Networks

Linux kernel vulnerability CVE-2018-20784

Linux kernel vulnerability CVE-2018-20784 Security Advisory Security Advisory Description In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to ...
F5 Networks

BIG-IP Configuration utility vulnerability CVE-2019-6599

BIG-IP Configuration utility vulnerability CVE-2019-6599 Security Advisory Security Advisory Description Improper escaping of values in an undisclosed page of the BIG-IP Configuration utility may ...
F5 Networks

BIG-IP APM DTLS vulnerability CVE-2019-6596

BIG-IP APM DTLS vulnerability CVE-2019-6596 Security Advisory Security Advisory Description When processing fragmented ClientHello messages in a DTLS session TMM may corrupt memory eventually ...
F5 Networks

F5 BIG-IP AAM security vulnerability CVE-2019-6601

F5 BIG-IP AAM security vulnerability CVE-2019-6601 Security Advisory Security Advisory Description The BIG-IP AAM wamd process used in the processing of images and PDFs fails to drop group ...
F5 Networks

BIG-IP Configuration utility vulnerability CVE-2019-6598

BIG-IP Configuration utility vulnerability CVE-2019-6598 Security Advisory Security Advisory Description Malformed requests to the Traffic Management User Interface (TMUI), also referred to as the ...
F5 Networks

BIG-IP Configuration utility vulnerability CVE-2019-6597

BIG-IP Configuration utility vulnerability CVE-2019-6597 Security Advisory Security Advisory Description When authenticated administrative users run commands in the Traffic Management User ...
F5 Networks

BIG-IP Configuration utility vulnerability CVE-2019-6600

BIG-IP Configuration utility vulnerability CVE-2019-6600 Security Advisory Security Advisory Description When remote authentication is enabled for administrative users and all external users are ...
F5 Networks

glibc vulnerability CVE-2016-10739

glibc vulnerability CVE-2016-10739 Security Advisory Security Advisory Description In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a ...
F5 Networks

QEMU vulnerability CVE-2015-4037

QEMU vulnerability CVE-2015-4037 Security Advisory Security Advisory Description The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, ...
F5 Networks

APT remote code injection vulnerability CVE-2019-3462

APT remote code injection vulnerability CVE-2019-3462 Security Advisory Security Advisory Description Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 ...
F5 Networks

BIND vulnerability CVE-2018-5744

BIND vulnerability CVE-2018-5744 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a ...
F5 Networks

Kernel vulnerability CVE-2016-8106

Kernel vulnerability CVE-2016-8106 Security Advisory Security Advisory Description A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 ...
SC Magazine

Norwegian aluminum producer Norsk Hydro hit by an unspecified cyberattack

Norwegian aluminum producer Norsk Hydro was hit by a cyber attack which began Monday evening and escalated into the night. The Norwegian National Security Authority (NSM) declined to comment on what type of attack it was but said the extent...
SC Magazine

Glitch exposes Sprint customer data to other users

A bug has allowed some Sprint customers to see the personal data of other customers from their online accounts. The information visible includes names, cell phone numbers as well as calls made by other users and, and a Tech Crunch report cited...

6 Ways Mature DevOps Teams Are Killing It in Security

New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
The Register

Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled

Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…

Old Tech Spills Digital Dirt on Past Owners

Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.