Day: 21 diciembre, 2019

Project: Drupal coreVersion: 8.8.x-dev8.7.x-dev7.x-devDate: 2019-December-18Security risk: Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Proof/TD:UncommonVulnerability: Multiple vulnerabilitiesDescription: The Drupal project uses the third-party library Archive_Tar, which has released a security-related feature that impacts some Drupal configurations.Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them.The More info: https://www.drupal.org/sa-core-2019-012

F5 iRules vulnerability CVE-2019-6685 Security Advisory Security Advisory Description Users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, ... More info: https://support.f5.com/csp/article/K30215839?utm_source=f5support&utm_medium=RSS

BIG-IP TMM vulnerability CVE-2019-6678 Security Advisory Security Advisory Description The Traffic Management Microkernel (TMM) process may restart when the packet filter feature is enabled. (CVE- ... More info: https://support.f5.com/csp/article/K04897373?utm_source=f5support&utm_medium=RSS

BIG-IP TMM vulnerability CVE-2019-6683 Security Advisory Security Advisory Description BIG-IP virtual servers with Loose Initiation enabled on a FastL4 profile may be subject to excessive flow ... More info: https://support.f5.com/csp/article/K76328112?utm_source=f5support&utm_medium=RSS

BIG-IP vulnerability CVE-2019-6688 Security Advisory Security Advisory Description A user can obtain the secret used to encrypt a BIG-IP UCS backup file while sending an SNMP query to the BIG-IP ... More info: https://support.f5.com/csp/article/K25607522?utm_source=f5support&utm_medium=RSS

TMM vulnerability CVE-2019-6677 Security Advisory Security Advisory Description Under certain conditions, when using custom TCP congestion control settings in a TCP profile, TMM stops processing ... More info: https://support.f5.com/csp/article/K06747393?utm_source=f5support&utm_medium=RSS

BIG-IP APM logging disclosure vulnerability CVE-2019-19150 Security Advisory Security Advisory Description The BIG-IP APM system logs the client-session-id when a per-session policy is attached to ... More info: https://support.f5.com/csp/article/K37890841?utm_source=f5support&utm_medium=RSS

TMM FastL4 vulnerability CVE-2019-6680 Security Advisory Security Advisory Description While processing traffic through a standard virtual server that targets a FastL4 virtual server (VIP on VIP), ... More info: https://support.f5.com/csp/article/K53183580?utm_source=f5support&utm_medium=RSS

TMM vulnerability CVE-2019-6676 Security Advisory Security Advisory Description Traffic Management Microkernel (TMM) may restart on BIG-IP Virtual Edition (VE) when using virtio direct descriptors ... More info: https://support.f5.com/csp/article/K92002212?utm_source=f5support&utm_medium=RSS

MFC vulnerability CVE-2019-6681 Security Advisory Security Advisory Description Memory leak in Multicast Forwarding Cache (MFC) handling in tmrouted. (CVE-2019-6681) Impact A BIG-IP system ... More info: https://support.f5.com/csp/article/K93417064?utm_source=f5support&utm_medium=RSS