OpenSSL vulnerability CVE-2021-23839
OpenSSL vulnerability CVE-2021-23839 Security Advisory Security Advisory Description OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to ...
OpenSSL vulnerability CVE-2021-23840
OpenSSL vulnerability CVE-2021-23840 Security Advisory Security Advisory Description Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in ...
OpenSSL vulnerability CVE-2021-23841
OpenSSL vulnerability CVE-2021-23841 Security Advisory Security Advisory Description The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on ...
Linux NFS kernel vulnerablity CVE-2020-25212
Linux NFS kernel vulnerablity CVE-2020-25212 Security Advisory Security Advisory Description A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local ...
Intel Ethernet Adapter Driver vulnerabilities CVE-2020-24502, CVE-2020-24503 and CVE-2020-24504
Intel Ethernet Adapter Driver vulnerabilities CVE-2020-24502, CVE-2020-24503 and CVE-2020-24504 Security Advisory Security Advisory Description CVE-2020-24502 Improper input validation in some ...
NTP vulnerabilities CVE-2020-13817
NTP vulnerabilities CVE-2020-13817 Security Advisory Security Advisory Description The ntpd in the network time protocol (NTP) before 4.2.8p14, and in 4.3.x before 4.3.100, allows remote attackers ...
BIG-IP APM CTU vulnerability CVE-2021-22980
BIG-IP APM CTU vulnerability CVE-2021-22980 Security Advisory Security Advisory Description An untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for ...
The BIG-IP system may not interpret an HTTP request the same way the target web server interprets it
The BIG-IP system may not interpret an HTTP request the same way the target web server interprets it Security Advisory Security Advisory Description This issue occurs when all of the following ...
F5 SSL Orchestrator may fail to stop an attacker from exfiltrating data on a compromised client system (SNIcat)
F5 SSL Orchestrator may fail to stop an attacker from exfiltrating data on a compromised client system (SNIcat) Security Advisory Security Advisory Description An attacker may be able to ...
BIG-IQ system interface vulnerability CVE-2020-5944
BIG-IQ system interface vulnerability CVE-2020-5944 Security Advisory Security Advisory Description Accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns ...
Excess resource consumption due to low MSS values vulnerability CVE-2019-11479
Excess resource consumption due to low MSS values vulnerability CVE-2019-11479 Security Advisory Security Advisory Description Jonathan Looney discovered that the Linux kernel default MSS is hard- ...
iControl REST and tmsh vulnerability CVE-2019-6621
iControl REST and tmsh vulnerability CVE-2019-6621 Security Advisory Security Advisory Description On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, ...
NodeJS vulnerability CVE-2018-12120
NodeJS vulnerability CVE-2018-12120 Security Advisory Security Advisory Description Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the ...
OpenSSH vulnerability CVE-2016-10708
OpenSSH vulnerability CVE-2016-10708 Security Advisory Security Advisory Description sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and ...
Oracle Java SE vulnerability CVE-2018-2783
Oracle Java SE vulnerability CVE-2018-2783 Security Advisory Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: ...
Oracle Java SE vulnerability CVE-2018-2815
Oracle Java SE vulnerability CVE-2018-2815 Security Advisory Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: ...
Oracle Java SE vulnerability CVE-2018-2795
Oracle Java SE vulnerability CVE-2018-2795 Security Advisory Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: ...
Oracle Java SE vulnerability CVE-2018-2799
Oracle Java SE vulnerability CVE-2018-2799 Security Advisory Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP).
OpenSSL vulnerability CVE-2017-3735
OpenSSL vulnerability CVE-2017-3735 Security Advisory Security Advisory Description While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread.
cURL vulnerability CVE-2020-8286
cURL vulnerability CVE-2020-8286 Security Advisory Security Advisory Description curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient ...
Attacker Expands Use of Malicious SEO Techniques to Distribute Malware
The operators of REvil and Gootkit have begun using a tried and tested technique to distribute additional malware, Sophos says.
Quarter of Healthcare Apps Contain High Severity Bugs
Quarter of Healthcare Apps Contain High Severity Bugs A quarter (25%) of healthcare apps contain high severity flaws, but healthcare organizations (HCOs) are relatively quick to fix them, according to new data from Veracode.
The security vendor broke out sector-specific...
‘Clear and Present Danger’: Why Cybersecurity Risk Management Needs to Keep Evolving
The phrase ‘future-proof’ is seductive. We want to believe technology prepares us for the future. But with threat actors and developers in an arms race to breach and protect, cybersecurity risk — and cybersecurity risk management — are always...
Microsoft's Dream of Decentralized IDs Enters the Real World
The company will launch a public preview of its identification platform this spring—and has already tested it at the UK's National Health Service.
Microsoft Teams Issues Major Blow To Zoom With Game-Changing New Security Features
Microsoft Teams has just issued a massive blow to Zoom with the launch of multiple new security features, including the game-changing security feature it was previously lacking.
