Security Bulletin: Vulnerabilities in Network Time Protocol (NTP) affect IBM Storwize V7000 Unified (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, and CVE-2014-9296)

Summary A fix is available for IBM Storwize V7000 Unified, for the security vulnerabilities in Network Time Protocol NTP being used. Vulnerability Details Network Time Protocol NTP is used in IBM Storwize V7000 Unified for synchronizing time. CVEID: CVE-2014-9293 DESCRIPTION: Network Time Protoco...

Security Bulletin: IBM Security Access Manager for Mobile is affected by multiple NTP vulnerabilities

Summary The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. IBM Security Access Manager for Mobile uses NTP and is affected by multiple NTP vulnerabilities. Vulnerability Details CVEID: CVE-2014-9297 DESCRIPTION: Network Time Protocol NTP...

Security Bulletin: privilege escalation in IBM Business Process Manager (BPM) - CVE-2017-1539

Summary Synchronization between the user registry and the IBM BPM database lead to invalid memberships in case there is an internal group in the IBM BPM database and a group in the user registry with the same name. Vulnerability Details CVEID: CVE-2017-1539 DESCRIPTION: IBM Business Process Manag...

CVE-2018-5152

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firef...

Important: kernel

Issue Overview: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code...

CVE-2018-1120

A flaw was found affecting the Linux kernel before version 4.17. By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other program which makes a read call to the...

Citrix License Server system clocks is not synchronized with the Delivery Controller

If the system clock time difference between Delivery Controller and License Server is is greater than maximum allowed 5 minutes, License Server might not work properly...

CVE-2018-5152

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firef...

PCI Scan Accuracy cannot be verified through Load Balancer with non-identically configured or non-synced systems

The remote has is behind a load balancer either with a non-identical configurations to its peers, or is not synced with its peers. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid109582; scriptversion"1.2"; scriptcvsdate"Date: 2019/04/04 10:19:47";...

CVE-2018-5512

On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload LRO and SYN cookies are enabled default settings, undisclosed traffic patterns may cause TMM to restart...

Denial of Service Vulnerability in Multiple F5 Products (CNVD-2018-10113)

F5 BIG-IP LTM, etc. are products of F5 Corporation, U.S.A. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. A security vulnerability exists in several F5 products. When Large Receive Offload and SYN cookies are turned on, an attacker can exploit the...

[SECURITY] Fedora 27 Update: ntp-4.2.8p11-1.fc27

The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which continuously adjusts system time and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in...

[SECURITY] Fedora 26 Update: ntp-4.2.8p11-1.fc26

The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which continuously adjusts system time and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in...

Important: java-1.7.0-openjdk

Issue Overview: DerValue unbounded memory allocation: It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive...

EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2018-1059)

According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java...

The vulnerability of the Linux operating system’s TCP stack allows a hacker to induce a service failure.

The vulnerability of the Linux operating system’s TCP stack exists due to errors in the SYN cookie mechanism. Exploiting this vulnerability allows a remote attacker to cause a service failure resulting in increased computational resources usage through the use of specially crafted SYN packets...

FreeBSD-SA-18:02.ntp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:02.ntp Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities of ntp Category: contrib Module: ntp Announced: 2018-03-07 Credits: Network Time...

OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525)

It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out...

Microsoft Teams help & learning

None Microsoft Teams help & learning Meetings Chat Notifications & settings Teams & channels Calls & devices Files Troubleshoot New to Microsoft Teams? Learn all about Teams' essential features here.MeetingsChatNotificationsTeamsChannelsCalls Meet Microsoft 365 Copilot Copilot works alongside you...

Cisco Prime Network Denial of Service Vulnerability

Cisco Prime Network is the United States Cisco Cisco company's set of network administrators for network usage, operational status and other management and configuration and fault management network analysis software. A denial of service vulnerability exists in the TCP throttling process in Cisco...