Security Advisories

  • User Documentation

Security Advisories

  • Security Advisory RSS

    Security Advisory RSSSecurity RSS link

    Report a Vulnerability

    If you have information about a security issue or vulnerability with a Silver Peak product or technology, please send an e-mail to sirt@silver-peak.com. Encrypt sensitive information using our PGP public key
    Please provide as much information as possible, including:
    • The products and versions affected

    • Detailed description of the vulnerability

    • Information on known exploits

    A member of the Silver Peak Product Security Team will review your e-mail and contact you to collaborate on resolving the issue.

    Contact Support

    North America (USA/CAN)

    T: +1 877 210 7325

    Australia

    T: 1800 859 651

    France

    T: 0800-913757

    Hong Kong

    T: 800-901193

    India

    T: 000-800-9190024

    United Kingdom

    T: 0-8000969372

    Global

    T: +1 408 935 1850

    • Authentication bypass in server mode-CVE-2018-10933

      Published by libssh on October 19, 2018

    • L1 Terminal Fault - INTEL-SA-00161

      Published by Intel on August 14, 2018

    • The Dangers of Key Reuse: Practical Attacks on IPsec IKE

      Published at the Usenix Symposium on August 15, 2018

    • Meltdown and Spectre Vulnerabilities

      VU#584653 originally published by CERT on January 3, 2018

    • Return of Bleichenbacher's Oracle Threat (ROBOT Attack) -- A TLS Vulnerability

      VU#144389 originally published by CERT on December 12, 2017

    • Intel Q3’17 ME 11.x, SPS 4.0, and TXE 3.0 Security Review Cumulative Update, Escalation of Privilege

      INTEL-SA-00086 published by Intel on November 20, 2017

       

    • DOS Security Vulnerability, Published by node.js on October 24, 2017

      CVE-2017-14919

    • INTEL-SA-00075, CVE-2017-5689 published by Intel on May 1, 2017
    • Dirty COW Vulnerability, Published by dirtycow.ninja on October 21, 2016

      CVE-2016-5195

    • OCSP Status Request extension unbounded memory growth, Published by OpenSSL on 9/22/2016

      CVE-2016-6304

      Paired with:

      CVE-2016-6309, Fix Use Free for large message sizes

    • Multiple OpenSSL Vulnerabilities

      CVE-2016-2108, CVE-2016-2107

    • Drown attack vulnerability, Published by NIST on 03/01/2016

      CVE-2016-0800

    • glibc getaddrinfo stack-based buffer overflow, Published by NIST on 02/18/2016

      CVE-2015-7547

    • RC4 algorithm vulnerability to ‘plain-text recovery’ attacks as used in TLS/SSL, Published by NIST on 03/15/2013

      CVE-2013-2566

    • RFC 5469 Compliance
    • Mass Assignment Vulnerability, Published by seclists.org on 09/09/2015
    • Unauthenticated File Read Vulnerability, Published by seclists.org on 09/09/2015
    • Command Injection Vulnerability, Published by seclists.org on 09/09/2015
    • Shell Upload Vulnerability, Published by seclists.org on 09/09/2015
    • Cross-Site Reflect Forgery (CSRF) Vulnerability through hardcoded account, Published by NIST on 07/28/2014

      CVE-2014-2974

    • Cross-Site Scripting (XSS) Vulnerability, Published by NIST on 07/28/14

      CVE-2014-2975

    • OpenSSH Keyboard-Interactive Authentication Brute Force Vulnerability, Published by NIST on 08-02-2015

      CVE-2015-5600

    • Logjam Vulnerability, Published by NIST on 05-20-2015

      CVE-2015-4000

    • GHOST Vulnerability, Published by NIST on 01-28-2015

      glibc:__nss_hostname_digits_dots() heap-based buffer overflow

      CVE-2015-0235

    • libpng Exploit Vulnerability, Published by NIST on 02-27-2014

      CVE-2014-0333

    • SSL 3.0 Vulnerability, a.k.a. "Poodle", Published by NIST on 10-16-2014

      CVE-2014-3566, CVE-2014-3568

    • GNU Bash Vulnerability, a.k.a. "Shellshock", Published by NIST on 09-24-2014

      CVE-2014-7169, CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7186, CVE-2014-7187

    • Open SSL Vulnerability, a.k.a. "Heartbleed Bug", Published on 04-09-2014

      CVE-2014-0160

    • Multiple Open SSL Vulnerabilities, Published by OpenSSL.org on 10-15-2014

      CVE-2014-3513, CVE-2014-3567