Peter Winter-Smith of NCC Group discovered that libssh, a tiny C SSHlibrary, contains an authentication bypass vulnerability in the servercode. An attacker can take advantage of this flaw to successfullyauthenticate without any credentials by presenting the server anSSH2_MSG_USERAUTH_SUCCESS message in place of theSSH2_MSG_USERAUTH_REQUEST message which the server would expect toinitiate authentication.
More info:
https://www.debian.org/security/2018/dsa-4322
libssh vulnerability CVE-2018-10933. Security Advisory. Security Advisory Description. A vulnerability was found in libsshs ...
More info:
https://support.f5.com/csp/article/K52868493
Cross-site scripting (XSS) vulnerability in undisclosed TMUI page CVE-2018-15313. Security Advisory. Security Advisory Description. ...
More info:
https://support.f5.com/csp/article/K21042153
TL;DR: Firefox Nightly now supports encrypting the TLS Server Name Indication (SNI) extension, which helps prevent attackers on your network from learning your browsing history. You can enable encrypted SNI today and it will automatically work with any site that … Continue readingThe post Encrypted SNI Comes to Firefox Nightly appeared first on Mozilla Security Blog.
More info:
https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/
Cross-site scripting (XSS) vulnerability in undisclosed TMUI page CVE-2018-15314. Security Advisory. Security Advisory Description. ...
More info:
https://support.f5.com/csp/article/K04524282
