Month: agosto 2020

iControl REST CSRF vulnerability CVE-2020-5922 Security Advisory Security Advisory Description iControl REST does not implement cross-site request forgery (CSRF) protections for users applying ... More info: https://support.f5.com/csp/article/K20606443?utm_source=f5support&utm_medium=RSS

BIG-IP VIPRION MCPD vulnerability CVE-2020-5921 Security Advisory Security Advisory Description SYN flood causes a large number of MCPD context messages destined to secondary blades consuming ... More info: https://support.f5.com/csp/article/K00103216?utm_source=f5support&utm_medium=RSS

TMM SCTP vulnerability CVE-2020-5918 Security Advisory Security Advisory Description The Traffic Management Microkernel (TMM) may stop responding when processing Stream Control Transmission ... More info: https://support.f5.com/csp/article/K26464312?utm_source=f5support&utm_medium=RSS

BIG-IP self IP vulnerability CVE-2020-5923 Security Advisory Security Advisory Description Self-IP port-lockdown bypass by way of IPv6 link-local addresses. (CVE-2020-5923) Impact Port lockdowns ... More info: https://support.f5.com/csp/article/K05975972?utm_source=f5support&utm_medium=RSS

BIG-IP SIP ALG profile vulnerability CVE-2020-5926 Security Advisory Security Advisory Description A BIG-IP virtual server with a Session Initiation Protocol (SIP) ALG profile, parsing SIP ... More info: https://support.f5.com/csp/article/K42830212?utm_source=f5support&utm_medium=RSS

F5 SSH server key size vulnerability CVE-2020-5917 Security Advisory Security Advisory Description The BIG-IP and BIG-IQ host OpenSSH servers use keys less than 2048 bits that are no longer ... More info: https://support.f5.com/csp/article/K43404629?utm_source=f5support&utm_medium=RSS

cURL and libcurl vulnerability CVE-2016-8619 Security Advisory Security Advisory Description The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double ... More info: https://support.f5.com/csp/article/K46123931?utm_source=f5support&utm_medium=RSS

BIND vulnerability CVE-2020-8623 Security Advisory Security Advisory Description If BIND is built with "--enable-native-pkcs11" then a specially crafted query for a zone signed with RSA can ... More info: https://support.f5.com/csp/article/K82252291?utm_source=f5support&utm_medium=RSS

BIND vulnerability CVE-2020-8624 Security Advisory Security Advisory Description Change 4885 inadvertently caused "update-policy" rules of type "subdomain" to be treated as if they were of type " ... More info: https://support.f5.com/csp/article/K91090139?utm_source=f5support&utm_medium=RSS

On August 13, 2020, the Wordfence Threat Intelligence team finished investigating two vulnerabilities in Advanced Access Manager, a WordPress plugin with over 100,000 installations, including a high-severity Authorization Bypass vulnerability that could lead to privilege escalation and site takeover. We reached out to the plugin’s author the next day, on August 14, 2020, and received […] More info: https://www.wordfence.com/blog/2020/08/high-severity-vulnerability-patched-in-advanced-access-manager/