• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

InfoSec News

  • Home
  • Subscribe to InfoSec News
  • Contact Us
  • Advertising
  • Privacy
  • About

Hacker

Citrix patches 11 critical bugs

July 8, 2020 By William Knowles

InfoSec News

Citrix patches 11 critical bugs

By William Knowles @c4i
Senior Editor
InfoSec News
July 8, 2020

In a breath of fresh air for this week, software vendor Citrix released patches for 11 vulnerabilities, quickly applying the lesson learned six months ago and not wanting a repeat with malicious hackers looking for ways to exploit the vulnerability.

Citrix Chief Information Security Officer, Fermin J. Serna released a bulletin on Tuesday, July 7, which covered a set of vulnerabilities in Citrix’s products— Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP edition. Standard procedure for most software companies in advising customers of vulnerabilities is limited to the publication of the bulletin and related CVEs.

Serna took the opportunity to explain the following points as it relates to CTX276688.

  • The latest patches fully resolve all the issues.
  • Of the 11 vulnerabilities, there are six possible attack routes; five of those have barriers to exploitation.
  • We are not aware of any exploitation of these issues.
  • Citrix-managed Gateway service is not affected.
  • And finally, these vulnerabilities are not related to CVE-2019-19781.

Barriers to Exploitation

There are barriers to many of these attacks; in particular, for customers where there is no untrustworthy traffic on the management network, the remaining risk reduces to a denial-of-service attack. And in that case, only when Gateway or authentication virtual servers are being used. Other virtual servers, for example, load balancing and content switching virtual servers, are not affected by the issue.

Three of the six possible attacks in CTX276688 occur in the management interface of a vulnerable device. Systems deployed in line with Citrix recommendations will already have this interface separated from the network and protected by a firewall. That configuration greatly diminishes the risk.

Further, while I am not discounting the risk of privilege escalation, two of the remaining three possible attacks additionally require some form of existing access. That effectively means an external malicious actor would first need to gain unauthorized access to a vulnerable device to be able to conduct an attack.

While these barriers reduce the risk of these vulnerabilities, Citrix strongly recommends quick application of the supplied patches.

To help our customers and the industry understand these vulnerabilities, I have included a brief summary of the vulnerabilities, the affected products, and the attack vector in the table form below. The security bulletin and CVEs provide much greater detail and should be used for technical guidance.

CVE-2019-19781

There is no technical link between CVE-2019-19781 and CTX276688. Further, with CVE-2019-19781, we took the unusual step of publishing temporary mitigations in December, with subsequent permanent patches being available in January 2020. We took that step because of a high likelihood an exploit was “in the wild” and temporary mitigations gave our customers a chance to protect themselves. That is in stark contrast to the current situation: with the vulnerabilities in CTX276688, at the time of this publication, we know of no malicious exploits and have published patches that fully resolve the issues.

Citrix SD-WAN WANOP

Customers on Citrix SD-WAN WANOP should also pay heed to the advisory just released as ADC is a component within the SD-WAN WANOP deployment. Fixes are available at https://www.citrix.com/downloads/citrix-sd-wan/

Protecting Our Customers

We are limiting the public disclosure of many of the technical details of the vulnerabilities and the patches to further protect our customers. Across the industry, today’s sophisticated malicious actors are using the details and patches to reverse engineer exploits. As such, we are taking steps to advise and help our customers but also do what we can to shield intelligence from malicious actors.

Related, we have added staff to our technical support call centers and are prepared to assist our customers. We’ve built and tested our patches to high standards, both to ensure effectiveness but also with the ease of implementation in mind.

Bottom line: patches are available, and we encourage our customers to apply them to reduce risk.

You can use Citrix ADM Service for simplified and bulk upgrade of all your Citrix ADC instances. Please refer to this documentation to learn more. Citrix ADM Service is a SaaS solution available on Citrix Cloud to help manage, monitor, analyze, and troubleshoot your global hybrid multi-cloud application delivery infrastructure from a single touchpoint. It helps with faster time to value and brings in operational efficiency. Here is a video to help get you onboarded to Citrix ADM Service. You can also view our documentation here.

Also of note, we remain committed to incorporating feedback from our customers and adapting our communication and customer support offerings as needed.

As noted in this blog, we recently updated our vulnerability processes, and we published those updates on the Citrix Trust Center website.  These updates include enhancements in our processes around international standard ISO/IEC 29147:2018; an opportunity to apply for pre-notification of security bulletins; and the Hall of Fame honoring those third parties that work collaboratively and responsibly with us to improve the security of our products.

CVE ID Vulnerability Type Affected Products Attacker Privileges Pre-conditions
CVE-2019-18177 Information disclosure Citrix ADC, Citrix Gateway Authenticated VPN user Requires a configured SSL VPN endpoint
CVE-2020-8187 Denial of service Citrix ADC, Citrix Gateway 12.0 and 11.1 only Unauthenticated remote user Requires a configured SSL VPN or AAA endpoint
CVE-2020-8190 Local elevation of privileges Citrix ADC, Citrix Gateway Authenticated user on the NSIP This issue cannot be exploited directly. An attacker must first obtain nobody privileges using another exploit
CVE-2020-8191 Reflected Cross Site Scripting (XSS) Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated remote user Requires a victim who must open an attacker-controlled link in the browser while being on a network with connectivity to the NSIP
CVE-2020-8193 Authorization bypass Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated user with access to the NSIP Attacker must be able to access the NSIP
CVE-2020-8194 Code Injection Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated remote user Requires a victim who must download and execute a malicious binary from the NSIP
CVE-2020-8195 Information disclosure Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP Authenticated user on the NSIP –
CVE-2020-8196 Information disclosure Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP Authenticated user on the NSIP –
CVE-2020-8197 Elevation of privileges Citrix ADC, Citrix Gateway Authenticated user on the NSIP –
CVE-2020-8198 Stored Cross Site Scripting (XSS) Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated remote user Requires a victim who must be logged in as an administrator (nsroot) on the NSIP
CVE-2020-8199 Local elevation of privileges Citrix Gateway Plug-in for Linux Local user on the Linux computer running Citrix Gateway Plug-in A pre-installed version of Citrix Gateway Plug-in for Linux must be running

Filed Under: News Tagged With: CISO, Citrix, Cybercrime, Data Breach, DoS, Exploits, F5, Fermin Serna, financial, Fortune 500, Hacker, Hackers, Hacking, InfoSec, Netscaler, proof of concept attack, Ransomware, Security, virtual private network, VPN, vulnerability disclosure, XSS

USCYBERCOM urgently recommends F5 customers to patch CVE-2020-5902 and 5903 NOW

July 6, 2020 By William Knowles

InfoSec News

By William Knowles @c4i
Senior Editor
InfoSec News
July 6, 2020

Just in case you accidentally had your work phone and duty pager in a Faraday bag all July 4th holiday weekend long, you have one heckuva surprise waiting for you!

As F5 reminds everyone that 48 of Fortune 50 companies are F5 customers, F5 has published a security advisory warning to their customers to patch a critical flaw in their BIG-IP product and proof-of-concept attacks are already starting to show up on Twitter.

The Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. (CVE-2020-5902)

Impact

This vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the TMUI, through the BIG-IP management port and/or Self IPs, to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code. This vulnerability may result in complete system compromise. The BIG-IP system in Appliance mode is also vulnerable. This issue is not exposed on the data plane; only the control plane is affected.

Security Advisory Status

F5 Product Development has assigned IDs 895525, 900757, 895981, and 895993 (BIG-IP) to this vulnerability. To determine if your product and version have been evaluated for this vulnerability, refer to the Applies to (see versions) box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to K51812227: Understanding Security Advisory versioning.

Product Branch Versions known to be vulnerable Fixes introduced in Severity CVSSv3 score1 Vulnerable component or feature
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) 15.x 15.1.0 15.1.0.4 Critical 10.0 TMUI/Configuration utility
15.0.0 None
14.x 14.1.0 – 14.1.2 14.1.2.6
13.x 13.1.0 – 13.1.3 13.1.3.4
12.x 12.1.0 – 12.1.5 12.1.5.2
11.x 11.6.1 – 11.6.5 11.6.5.2
BIG-IQ Centralized Management 7.x None Not applicable Not vulnerable None None
6.x None Not applicable
5.x None Not applicable
Traffix SDC 5.x None Not applicable Not vulnerable None None

1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.

Security Advisory Recommended Actions

If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Fixes introduced in column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. Mitigation F5 recommends upgrading to a fixed software version to fully mitigate this vulnerability. If you are leveraging public cloud marketplaces (AWS, Azure, GCP, and Alibaba) to deploy BIG-IP Virtual Edition (VE), F5 recommends upgrading to the latest releases of BIG-IP versions listed in the Fixes introduced in column subject to their availability on those marketplaces. If it is not possible to upgrade at this time, you can use the following sections as temporary mitigations:

  • All network interfaces
  • Self IPs
  • Management interface

All network interfaces To eliminate the ability for unauthenticated attackers to exploit this vulnerability, add a LocationMatch configuration element to httpd. To do so perform the following procedure: Note: Authenticated users will still be able to exploit the vulnerability, independent of their privilege level. Impact of workaround: Performing the following procedure should not have a negative impact on your system.

  1. Log in to the TMOS Shell (tmsh) by entering the following command:tmsh
  2. Edit the httpd properties by entering the following command:edit /sys httpd all-properties
  3. Locate the include section and add the following:include ‘ <LocationMatch “.*\.\.;.*”> Redirect 404 / </LocationMatch> ‘
  4. Write and save the changes to the configuration file by entering the following commands:Esc :wq!
  5. Save the configuration by entering the following command:save /sys config
  6. Restart the httpd service by entering the following command:restart sys service httpd

Self IPs Block all access to the TMUI of your BIG-IP system via Self IPs. To do so, you can change the Port Lockdown setting to Allow None for each Self IP in the system. If you must open any ports, you should use Allow Custom, taking care to disallow access to TMUI. By default, TMUI listens on TCP port 443; however, beginning in BIG-IP 13.0.0, Single-NIC BIG-IP VE deployments use TCP port 8443. Alternatively, a custom port may be configured. Note: This prevents all access to the TMUI/Configuration utility via the Self IP. These changes may also impact other services. Before making changes to the configuration of your Self IPs, refer to the following:

  • K17333: Overview of port lockdown behavior (12.x – 15.x)
  • K13092: Overview of securing access to the BIG-IP system
  • K31003634: The Configuration utility of the Single-NIC BIG-IP Virtual Edition now defaults to TCP port 8443
  • K51358480: The single-NIC BIG-IP VE may erroneously revert to the default management httpd port after a configuration reload

Management interface To mitigate this vulnerability for affected F5 products, you should only permit management access to F5 products over a secure network. For more information about securing access to BIG-IP systems, refer to K13309: Restricting access to the Configuration utility by source IP address (11.x – 15.x) and K13092: Overview of securing access to the BIG-IP system. Note: Authenticated users accessing TMUI will always be able to exploit this vulnerability until a fixed release is installed.

Acknowledgements

F5 would like to acknowledge Mikhail Klyuchnikov of Positive Technologies for bringing this issue to our attention and for following the highest standards of coordinated disclosure.

Supplemental Information

  • K41942608: Overview of Security Advisory articles
  • K4602: Overview of the F5 security vulnerability response policy
  • K4918: Overview of the F5 critical issue hotfix policy
  • K9502: BIG-IP hotfix and point release matrix
  • K13123: Managing BIG-IP product hotfixes (11.x – 15.x)
  • K167: Downloading software and firmware from F5
  • K9970: Subscribing to email notifications regarding F5 products
  • K9957: Creating a custom RSS feed to view new and updated documents
  • K46122561: Restricting access to the management port using network firewall rules

 

Filed Under: News Tagged With: BIG-IP, China, CVE, Cyberattack, Cybercrime, CyberCyberCyber, Exploit, F5, Fortune 50, Hacker, Hacking, InfoSec, July 4th, NSA, PoC, RCE, Remote Code Execution, Russia, Security, USCYBERCOM, Vulnerability, zero-day

Cyber criminals cook up another data breach of 8 million Home Chef customers

May 21, 2020 By William Knowles

InfoSec NewsBy William Knowles @c4i
Senior Editor
InfoSec News
May 21, 2020

Just as Chicago can’t go a whole week without a gang-related shooting, there’s another data breach in the news, sadly this data breach happened down the road from InfoSec News’ office in Chicago Illinois.

In a security alert posted on Home Chef’s website on Wednesday, May 20th, the Chicago-based, Kroger owned meal company had learned of a data breach and the following was stolen, email address, name and phone number, encrypted passwords, The last four digits of credit card numbers and other account information such as frequency of deliveries and mailing address may also have been compromised in the data breach.

Home Chef reports that it does not store complete credit or debit card information and “Protection of customer data is a top priority for Home Chef, and we work hard to safeguard our customers’ information”

The Home Chef data breach statement continues “We are taking action to investigate this situation and to strengthen our information security defenses to prevent similar incidents from happening in the future.”

In early May 2020, BleepingComputer reported a hacking group known as Shiny Hunters were selling over 70 million user records from eleven different companies on a dark web hacking marketplace which included eight million records for Home Chef, the asking price for Home Chef’s list was a mere $2,500.00

While the Home Chef passwords were encrypted, Home Chef recommends their users to change their password in an abundance of caution. InfoSec News recommends all users to seriously consider purchasing and using a password manager like KeePass, LassPass or 1Password to both safely store and create long, complex, hard to crack passwords.

Home Chef was founded in the summer of 2013 by Pat Vihtelic (Now Home Chef’s CEO) who taught himself to code, built a website, and quit his job as an investment banker. Last year, Home Chef delivered over 10 million meals and expanded its delivery to cover more than 97% of the U.S. population.

In May 2018, Cincinnati-based Kroger (NYSE: KR), the nation’s largest operator of traditional supermarkets, agreed to buy Chicago-based Home Chef in a deal worth as much as $700 million.

Filed Under: News Tagged With: 1Password, Chicago, Credit Monitoring, Cyber Crime, Data Breach, Email, Hacker, Hackers, Hacking, Home Chef, Illinois, InfoSec News, InfoSecNews, KeePass, Kroger, LassPass, Passwords, Pat Vihtelic, Security, Shiny Hunters, The Dark Web

DEF CON 28 in-person conference is CANCELLED

May 8, 2020 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
May 8, 2020

(Via Jeff Moss / The Dark Tangent)

Why? It is not safe for people to gather in large groups for conferences, sports ball events, or clubbing now or in the foreseeable future this year.

To commemorate this (hopefully) once in a lifetime event we, of course, made shirts.

When I wrote my DEF CON vs. COVID-19 blog post-March 12th 2020 I was optimistic that social distancing, sheltering, a robust medical response with wide-scale testing would make it safe to gather in early August. I no longer believe that.

Even if a vaccine were to be discovered tomorrow it would not be soon enough to test, manufacture, distribute, and administer in time for people to safely travel by August.

Too many States have stayed open or are re-opening, people partied for far too long, and the lack of Federal coordination gives me no hope that things will get back to normal this year. I also worry that the conferences that postponed to later this year will be caught up in the “second wave” after restrictions start to ease and they will end up having to cancel. Because of this, postponing for DEF CON was not an option.

The theme for DEF CON 28 is “Discovery,” and 2020 has not disappointed.

While I made the decision to cancel the in-person conference almost a month ago on April 11th, the delay in announcing has been due to learning how to actually cancel. It has taken weeks of working with staff, lawyers, accountants, and Caesars. I didn’t want to endanger the future of the con by tweeting that we were canceling before we understood and were confident we could navigate the process.

Even though our in-person Las Vegas event is canceled, we will run DEF CON 28 Safe Mode August 7-9 (Friday through Sunday) with 101 orientation Thursday – all of it remote. We will use the DEF CON Forums to coordinate all the various ways you to participate. That is where everyone can announce their plans, do signups, post pictures, and videos, and get people involved.

Then on August 6th, we will open the DEF CON discord.io/dc server up for everyone to join and start their con experience!

Expect events like a new on-line Mystery Challenge, a DEF CON is Canceled music album, remote CTFs like Hack-a-Sat, Villages like the Packet Hacking Village, contests like the TeleChallenge, Ham Exams, and more. We are also planning a remote movie night and drink-up.

There are too many different platforms for “one size fits all” so instead of us picking a winner we will act as the coordinator pointing everyone where to go with a planning calendar, links, descriptions, and music.

The good news is DEF CON will survive, and DEF CON 29 is planned for August 5-8 2021, you can reserve your rooms now.

On a personal level this has been the most stressful few months I can remember, between being on home lock-down and having to navigate the future of DEF CON it has felt like there were land mines all around me and the lights were turned off. While cancellation negotiations are still ongoing I’ve been lucky that the DEF CON Goons and community writ large have been amazing, helping me to navigate in a safe direction. I am proud that over the years we have all gotten better at self-care and supporting each other outside of Con and I can’t wait to see everyone when it is less chaotic and uncertain. Hackers do like security.

Thank you for your support and understanding,

The Dark Tangent

Filed Under: News Tagged With: Coronavirus, COVID-19, COVID19, Cyber Crime, Cybercrime, CyberCyberCyber, DEF CON, DEF CON 28, DEFCON, DEFCON 28, Hacker, Hacker Convention, Hacker Summercamp, Hackers, Hacking, InfoSec, InfoSecNews, Las Vegas, NSA, Spot The Fed

Leading privacy and cybersecurity law firm investigates Tandem Diabetes Care data breach

April 20, 2020 By William Knowles

InfoSec News

By William Knowles @c4i
Senior Editor
InfoSec News
April 20, 2020

Its almost cliche at this point.

We take the privacy and confidentiality of our customers’ information very seriously and apologize for any inconvenience or concern this incident may cause our customers.

With the next sentence…

Tandem Diabetes Care, Inc. (“Tandem”) is committed to protecting the confidentiality and security of our customers’ information. Regrettably, this notice is to inform our customers of a recent phishing incident that may have involved some customer information.

Some customer information is “reputational risk management code” for only 140,781 customers.

We are continuing to invest heavily in cyber security and data protection safeguards. We are also implementing additional email security controls, strengthening our user authorization and authentication processes, and limiting the types of data permitted to be transferred via email.

On January 17, 2020, Tandem Diabetes Care learned that an unauthorized person gained access to a Tandem employee’s email account through a security incident commonly known as “phishing.”

Once we learned about the incident, we immediately secured the account and a cyber security firm was engaged to assist in our investigation. Our investigation determined that a limited number of Tandem employee email accounts may have been accessed by an unauthorized user between January 17, 2020 and January 20, 2020.

Through the investigation, Tandem Diabetes Care learned that some customers’ information may have been contained in one or more of the Tandem email accounts affected by the incident. The affected email accounts may have contained customer names, contact information, information related to those customers’ use of Tandem’s products or services, clinical data regarding their diabetes therapy, and in a few limited instances, Social Security numbers.

On LinkedIn, Tandem Diabetes Care lists some 935 employees, but only three security people (understandably some of the security team might have temporarily pulled their profiles offline) and currently Tandem is looking for a Security Analyst II and a VP, Information Technology but neither of the job descriptions mention having knowing how to perform phishing exercises.

While you would think all this bad news is terrible for Tandem Diabetes Care’s stock price, guess again, when the data breach was submitted to the U.S. Department of Health and Human Services on March 13, 2020, TNDM – Tandem Diabetes Care, Inc closed at $46.55 a share and closed on Apri 18, 2020 at $72.94 a share.

So it should come to no surprised that Stueve Siegel Hanson LLP, a small Kansas City law firm known for their eight-figure legal outcomes would explore legal options for this data breach.

KANSAS CITY, Mo., April 1, 2020 /PRNewswire-PRWeb/ — Stueve Siegel Hanson LLP, a national leader in privacy and cybersecurity litigation, is investigating the data breach at Tandem Diabetes Care, Inc. that compromised the sensitive personal information of 140,000 patients, the firm announced today.

On January 17, Tandem discovered its email system had been hacked through a “phishing” scheme. An internal investigation showed several employee email accounts were compromised for three days between January 17 and January 20. The compromised information included names, email addresses, contact information, Social Security numbers and a range of patient data, including details related to customers’ use of Tandem products or services, and clinical data about diabetes therapy.

Tandem announced the data breach on March 16 and said it would notify affected customers. Individuals who receive these notifications can contact Stueve Siegel Hanson at 816.714.7105 or online to discuss their legal options.

Recognized by Law360 as “Cybersecurity & Privacy Group of the Year,” Stueve Siegel Hanson has prosecuted cases involving the largest data breaches in U.S. history, securing billions of dollars for affected customers. In 2019, the firm’s work included:

  • Securing final approval of a $1.5 billion settlement with Equifax in a nationwide class action resulting from its massive 2017 data breach;
  • Obtaining a $3.25 million settlement in a class action by optometrists following a data breach at the national testing organization for new eye doctors;
  • Serving as co-lead counsel against Capital One following a data breach affecting 106 million credit applicants; and
  • Pursuing a consumer lawsuit accusing Facebook of tracking users’ location information even after they opt-out of Location History features.

Filed Under: News Tagged With: CIA Triad, Clinical Data, Confidentiality, Credit Monitoring, Cyber Crime, Cybercrime, CyberCyberCyber, Cybersecurity, Data Breach, Hacker, Hackers, Hacking, HHS, HIPAA, HIPAA HITECH, Identity Protection Services, Identity Restoration Services, Identity Theft, Identity Theft Protection, InfoSec, InfoSecNews, Lawsuit, Lulz, PHI, Phishing, PII, Privacy, Reputational Risk, Security, Social Security Numbers, Spear Phishing, SSN, Tandem, Tandem Diabetes Care

  • Page 1
  • Page 2
  • Page 3
  • …
  • Page 7
  • Next Page »

Primary Sidebar

InfoSec News Stock Ticker

Ticker Tape by TradingView

Latest Tweets from InfoSec News

Tweets by @InfoSecNews_

Popular Tags

Business Continuity CEH China Citizenfour COVID-19 COVID19 Crypto Cryptography Cyberattack Cybercrime Cyber Crime CyberCyberCyber Cybersecurity Data Breach Disaster Recovery DoD EC-Council Edward Snowden Encryption Espionage FBI FISMA Google Hacker Hackers Hacking InfoSec InfoSecNews InfoSec News Intelligence Jay Bavisi Malware Microsoft NSA OPSEC Passwords PII Ransomware Russia Security SnowdenWatch SSN USCYBERCOM Wolfking Awesomefox XSS

Upcoming Events

  1. Black Hat USA 2020

    August 1 - August 6
  2. DEF CON Safe Mode

    August 6 - August 9
  3. THOTCON 0xB

    September 11 - September 12

View All Events

RSS PacketStorm Security Advisories

  • Red Hat Security Advisory 2020-3185-01
  • Red Hat Security Advisory 2020-3078-01
  • Red Hat Security Advisory 2020-3176-01
  • Red Hat Security Advisory 2020-3167-01
  • Ubuntu Security Notice USN-4440-1
  • Ubuntu Security Notice USN-4439-1
  • Red Hat Security Advisory 2020-2992-01
  • Ubuntu Security Notice USN-4435-2
  • Ubuntu Security Notice USN-4436-1
  • Ubuntu Security Notice USN-4435-1

RSS National Vulnerability Database

  • CVE-2020-13919
  • CVE-2020-13917
  • CVE-2020-13915
  • CVE-2020-13916
  • CVE-2020-15408
  • CVE-2020-13913
  • CVE-2020-13918
  • CVE-2020-13914
  • CVE-2020-15713 (rconfig)
  • CVE-2020-15714 (rconfig)

Archives

  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • October 2019
  • September 2019
  • August 2019
  • June 2019
  • April 2019
  • March 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • August 2018
  • July 2018

Copyright © 2020 · News Pro on Genesis Framework · WordPress · Log in