Skip to content

Home Early Warning System Issues
Issues
Multiple Vulnerabilities in Wireshark Affect F5 BIG-IP Products
Tuesday, 27 March 2018 12:00

K34035645: Multiple Wireshark vulnerabilities
A remote attacker can transmit crafted packets while a BIG-IP administrator account runs the tshark utility with the affected protocol parsers via Advanced Shell (bash). This causes the tshark utility to stop responding and may allow remote code execution from the BIG-IP administrator account. No upgrade was available at the time of this entry. To mitigate this vulnerability, you can use the tshark utility to perform a traffic capture to a file instead of using the affected protocol parsers.

 
Vulnerabilities in DHCP Client and NTP Affect F5 Products
Wednesday, 21 March 2018 11:00

K08306700: DHCP client vulnerability (CVE-2018-5732)
An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client machines via a crafted DHCP response packet. An attacker can cause a denial of service (DoS) of DHCP functionality on the F5 product management interface. No upgrade was available at the time of this entry.

K82570157: NTP vulnerability (CVE-2018-7170)
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. An attacker can make adjustments to the system time of the F5 product, disrupting time-sensitive functionality of the F5 product. Only F5 products configured to use symmetric key authentication when synchronizing time with an NTP server are vulnerable. No upgrade was available at the time of this entry.

 
Apache Solr Zero-Day Vulnerability
Tuesday, 17 October 2017 12:00

A vulnerability was reported in Apache Solr. No security update was available at the time of this entry. It is advised that users follow the mitigations provided in the report.

 
Microsoft Windows WAV File Uninitialized Pointer Denial of Service Vulnerability
Tuesday, 10 October 2017 12:00

A vulnerability was reported in Microsoft Windows when processing WAV audio files. Attackers may be able to cause a denial of service condition through a special craft webpage or file. No solution was available at the time of this entry. The only salient mitigation strategy is to restrict interaction with the application to trusted files.

 
iOS Devices Transmit Exchange Server Credentials Without Any Encryption
Monday, 18 September 2017 12:00

A vulnerability has been found in iOS. An attack may be able to perform man-in-the-middle attack and obtain user credentials.
No update was available at the time of this entry. Before an update is released, users can temporarily block port 80 on the firewall to prevent exchange client on iOS from sending their credentials in clear text.

 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 140
[YOUR IP : 54.81.166.196: 56930] ...   [YOUR BROWSER: CCBot/2.0 (http://commoncrawl.org/faq/)] ...