Skip to content

Home Early Warning System Issues
Issues
Vulnerabilities in DHCP Client and NTP Affect F5 Products
Wednesday, 21 March 2018 11:00

K08306700: DHCP client vulnerability (CVE-2018-5732)
An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client machines via a crafted DHCP response packet. An attacker can cause a denial of service (DoS) of DHCP functionality on the F5 product management interface. No upgrade was available at the time of this entry.

K82570157: NTP vulnerability (CVE-2018-7170)
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. An attacker can make adjustments to the system time of the F5 product, disrupting time-sensitive functionality of the F5 product. Only F5 products configured to use symmetric key authentication when synchronizing time with an NTP server are vulnerable. No upgrade was available at the time of this entry.

 
Apache Solr Zero-Day Vulnerability
Tuesday, 17 October 2017 12:00

A vulnerability was reported in Apache Solr. No security update was available at the time of this entry. It is advised that users follow the mitigations provided in the report.

 
Microsoft Windows WAV File Uninitialized Pointer Denial of Service Vulnerability
Tuesday, 10 October 2017 12:00

A vulnerability was reported in Microsoft Windows when processing WAV audio files. Attackers may be able to cause a denial of service condition through a special craft webpage or file. No solution was available at the time of this entry. The only salient mitigation strategy is to restrict interaction with the application to trusted files.

 
iOS Devices Transmit Exchange Server Credentials Without Any Encryption
Monday, 18 September 2017 12:00

A vulnerability has been found in iOS. An attack may be able to perform man-in-the-middle attack and obtain user credentials.
No update was available at the time of this entry. Before an update is released, users can temporarily block port 80 on the firewall to prevent exchange client on iOS from sending their credentials in clear text.

 
Dlink 850L and MyDlink Cloud Protocol Multiple Vulnerabilities
Tuesday, 12 September 2017 12:00

Multiple vulnerabilities have been found in Dlink 850L and MyDlink Cloud Protocol. Attackers may be able to forged the firmware images, conduct XSS attacks, and obtain admin password. No solution was available at the time of this entry.

 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 3 of 141
[YOUR IP : 34.204.52.4: 43672] ...   [YOUR BROWSER: CCBot/2.0 (https://commoncrawl.org/faq/)] ...