Tuesday, March 2, 2021
F5 Networks

OpenSSL vulnerability CVE-2021-23839

OpenSSL vulnerability CVE-2021-23839 Security Advisory Security Advisory Description OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to ...
F5 Networks

OpenSSL vulnerability CVE-2021-23840

OpenSSL vulnerability CVE-2021-23840 Security Advisory Security Advisory Description Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in ...
F5 Networks

OpenSSL vulnerability CVE-2021-23841

OpenSSL vulnerability CVE-2021-23841 Security Advisory Security Advisory Description The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on ...
F5 Networks

Linux NFS kernel vulnerablity CVE-2020-25212

Linux NFS kernel vulnerablity CVE-2020-25212 Security Advisory Security Advisory Description A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local ...
F5 Networks

Intel Ethernet Adapter Driver vulnerabilities CVE-2020-24502, CVE-2020-24503 and CVE-2020-24504

Intel Ethernet Adapter Driver vulnerabilities CVE-2020-24502, CVE-2020-24503 and CVE-2020-24504 Security Advisory Security Advisory Description CVE-2020-24502 Improper input validation in some ...
F5 Networks

NTP vulnerabilities CVE-2020-13817

NTP vulnerabilities CVE-2020-13817 Security Advisory Security Advisory Description The ntpd in the network time protocol (NTP) before 4.2.8p14, and in 4.3.x before 4.3.100, allows remote attackers ...
F5 Networks

BIG-IP APM CTU vulnerability CVE-2021-22980

BIG-IP APM CTU vulnerability CVE-2021-22980 Security Advisory Security Advisory Description An untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for ...
F5 Networks

The BIG-IP system may not interpret an HTTP request the same way the target web server interprets it

The BIG-IP system may not interpret an HTTP request the same way the target web server interprets it Security Advisory Security Advisory Description This issue occurs when all of the following ...
F5 Networks

F5 SSL Orchestrator may fail to stop an attacker from exfiltrating data on a compromised client system (SNIcat)

F5 SSL Orchestrator may fail to stop an attacker from exfiltrating data on a compromised client system (SNIcat) Security Advisory Security Advisory Description An attacker may be able to ...
F5 Networks

BIG-IQ system interface vulnerability CVE-2020-5944

BIG-IQ system interface vulnerability CVE-2020-5944 Security Advisory Security Advisory Description Accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns ...
F5 Networks

Excess resource consumption due to low MSS values vulnerability CVE-2019-11479

Excess resource consumption due to low MSS values vulnerability CVE-2019-11479 Security Advisory Security Advisory Description Jonathan Looney discovered that the Linux kernel default MSS is hard- ...
F5 Networks

iControl REST and tmsh vulnerability CVE-2019-6621

iControl REST and tmsh vulnerability CVE-2019-6621 Security Advisory Security Advisory Description On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, ...
F5 Networks

NodeJS vulnerability CVE-2018-12120

NodeJS vulnerability CVE-2018-12120 Security Advisory Security Advisory Description Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the ...
F5 Networks

OpenSSH vulnerability CVE-2016-10708

OpenSSH vulnerability CVE-2016-10708 Security Advisory Security Advisory Description sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and ...
F5 Networks

Oracle Java SE vulnerability CVE-2018-2783

Oracle Java SE vulnerability CVE-2018-2783 Security Advisory Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: ...
F5 Networks

Oracle Java SE vulnerability CVE-2018-2815

Oracle Java SE vulnerability CVE-2018-2815 Security Advisory Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: ...
F5 Networks

Oracle Java SE vulnerability CVE-2018-2795

Oracle Java SE vulnerability CVE-2018-2795 Security Advisory Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: ...
F5 Networks

Oracle Java SE vulnerability CVE-2018-2799

Oracle Java SE vulnerability CVE-2018-2799 Security Advisory Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP).
F5 Networks

OpenSSL vulnerability CVE-2017-3735

OpenSSL vulnerability CVE-2017-3735 Security Advisory Security Advisory Description While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread.
F5 Networks

cURL vulnerability CVE-2020-8286

cURL vulnerability CVE-2020-8286 Security Advisory Security Advisory Description curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient ...

Attacker Expands Use of Malicious SEO Techniques to Distribute Malware

The operators of REvil and Gootkit have begun using a tried and tested technique to distribute additional malware, Sophos says.

Quarter of Healthcare Apps Contain High Severity Bugs

Quarter of Healthcare Apps Contain High Severity Bugs A quarter (25%) of healthcare apps contain high severity flaws, but healthcare organizations (HCOs) are relatively quick to fix them, according to new data from Veracode. The security vendor broke out sector-specific...
IBM Security

‘Clear and Present Danger’: Why Cybersecurity Risk Management Needs to Keep Evolving

The phrase ‘future-proof’ is seductive. We want to believe technology prepares us for the future. But with threat actors and developers in an arms race to breach and protect, cybersecurity risk — and cybersecurity risk management — are always...

Microsoft's Dream of Decentralized IDs Enters the Real World

The company will launch a public preview of its identification platform this spring—and has already tested it at the UK's National Health Service.

Microsoft Teams Issues Major Blow To Zoom With Game-Changing New Security Features

Microsoft Teams has just issued a massive blow to Zoom with the launch of multiple new security features, including the game-changing security feature it was previously lacking.