Friday, June 5, 2020
F5 Networks

jackson-databind vulnerabilities CVE-2019-16943 and CVE-2019-17531

jackson-databind vulnerabilities CVE-2019-16943 and CVE-2019-17531 Security Advisory Security Advisory Description CVE-2019-16943 A Polymorphic Typing issue was discovered in FasterXML jackson- ...
F5 Networks

Unbound DNS Cache vulnerabilities CVE-2020-12662 and CVE-2020-12663

Unbound DNS Cache vulnerabilities CVE-2020-12662 and CVE-2020-12663 Security Advisory Security Advisory Description CVE-2020-12662 Unbound before 1.10.1 has Insufficient Control of Network Message ...
F5 Networks

Linux kernel vulnerability CVE-2020-11565

Linux kernel vulnerability CVE-2020-11565 Security Advisory Security Advisory Description ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c ...
F5 Networks

The BIG-IP AFM ACL and IPI features may not function as designed

The BIG-IP AFM ACL and IPI features may not function as designed Security Advisory Security Advisory Description This issue occurs when all of the following conditions are met: You have ...
F5 Networks

Apache Traffic Server vulnerability CVE-2020-1944

Apache Traffic Server vulnerability CVE-2020-1944 Security Advisory Security Advisory Description There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0 ...
F5 Networks

NTP vulnerability CVE-2020-11868

NTP vulnerability CVE-2020-11868 Security Advisory Security Advisory Description The ntpd daemon in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block ...
F5 Networks

BIND vulnerability CVE-2020-8616

BIND vulnerability CVE-2020-8616 Security Advisory Security Advisory Description A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed ...
F5 Networks

BIND vulnerability CVE-2020-8617

BIND vulnerability CVE-2020-8617 Security Advisory Security Advisory Description Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state ...
F5 Networks

Apache Tomcat vulnerability CVE-2020-9484

Apache Tomcat vulnerability CVE-2020-9484 Security Advisory Security Advisory Description When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to ...
F5 Networks

OpenSSH vulnerability CVE-2019-6111

OpenSSH vulnerability CVE-2019-6111 Security Advisory Security Advisory Description An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server ...
F5 Networks

OpenSSH vulnerability CVE-2019-6110

OpenSSH vulnerability CVE-2019-6110 Security Advisory Security Advisory Description In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or ...
F5 Networks

OpenSSH vulnerability CVE-2018-20685

OpenSSH vulnerability CVE-2018-20685 Security Advisory Security Advisory Description In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via ...
F5 Networks

Linux kernel vulnerability CVE-2019-19062

Linux kernel vulnerability CVE-2019-19062 Security Advisory Security Advisory Description A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3 ...
F5 Networks

Linux kernel vulnerability CVE-2019-19059

Linux kernel vulnerability CVE-2019-19059 Security Advisory Security Advisory Description Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi ...
F5 Networks

Xilinix Starbleed FPGA vulnerability

Xilinix Starbleed FPGA vulnerability Security Advisory Security Advisory Description Design Advisory for 7 Series/Virtex-6 FPGAs: Defeating Bitstream Encryption (AR# 73541) Impact There is no ...
F5 Networks

jackson-mapper-asl vulnerability CVE-2019-10172

jackson-mapper-asl vulnerability CVE-2019-10172 Security Advisory Security Advisory Description A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity ...
F5 Networks

Rowhammer hardware vulnerability CVE-2020-10255

Rowhammer hardware vulnerability CVE-2020-10255 Security Advisory Security Advisory Description Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of ...
F5 Networks

BIG-IP network failover vulnerability CVE-2020-5860

BIG-IP network failover vulnerability CVE-2020-5860 Security Advisory Security Advisory Description In a High Availability (HA) network failover in Device Service Cluster (DSC), the failover ...
F5 Networks

Linux kernel vulnerability CVE-2019-20636

Linux kernel vulnerability CVE-2019-20636 Security Advisory Security Advisory Description In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode ...
F5 Networks

lodash library vulnerability CVE-2019-10744

lodash library vulnerability CVE-2019-10744 Security Advisory Security Advisory Description Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep ...
The Register

British Army pulls up its SOC: New regiment to do infosec work even civvies will recognise

That's Systems Operating Centre to you. Chuffed with that, says Royal Signals brigadier The British Army has raised a new regiment that will take charge of its in-house security operations centre, a move calculated to make cyber defence a...

FTC Slams Children’s App Developer for COPPA Violations

Children's app developer HyperBeard must pay $150,000 after the FTC claimed it violated privacy laws.
SecurityWeek

Business Services Provider Conduent Hit by Ransomware

Business process services provider Conduent has been the victim of a ransomware attack that appears to be the work of Maze operators. Formed in 2017 as a divestiture from Xerox and headquartered in New Jersey, the company offers digital platforms...
SC Magazine

Cisco security advisories address 47 flaws, three critical

Cisco Systems on Wednesday, June 3 released a series of security advisories addressing a total of 47 vulnerabilities, including three critical bugs that were found and fixed in IOS or IOS EX software. Among the most series flaws is a...

Electrolux, Others Conned Out of Big Money by BEC Scammer

Kenenty Hwan Kim has pleaded guilty to swindling the appliance giant and other companies in a set of elaborate schemes.