F5 SSL Intercept iApp version 1.5.0 – 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic.
Monthly Archives: April 2017
CVE-2017-5887
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function).
CVE-2017-6130
F5 SSL Intercept iApp 1.5.0 – 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic.
python-django-1.9.13-1.fc25
update to 1.9.13, fix for CVE-2017-7233
mupdf-1.10a-5.fc25
Fix stack consumption CVE-2016-10221 (#1439643)
Sathurbot: Distributed WordPress password attack
This article sheds light on the current ecosystem of the Sathurbot backdoor trojan, in particular exposing its use of torrents as a delivery medium and its distributed brute-forcing of weak WordPress administrator accounts.
The post Sathurbot: Distributed WordPress password attack appeared first on WeLiveSecurity
python-django-1.10.7-1.fc26
fix CVE-2017-7233
tnef-1.4.14-1.el7
Release 1.4.14 includes security bug fixes introduced in 1.4.13 and a further bug fix.
tnef-1.4.14-1.el6
Release 1.4.14 includes security bug fixes introduced in 1.4.13 and a further bug fix.
tnef-1.4.14-1.fc25
Release 1.4.14 includes security bug fixes introduced in 1.4.13 and a further bug fix.