Linux kernel vulnerabilities CVE-2019-14815, CVE-2019-14895, CVE-2019-14901, CVE-2019-19055 Security Advisory Security Advisory Description CVE-2019-14815 A vulnerability was found in Linux Kernel ...
More info:
https://support.f5.com/csp/article/K54811521?utm_source=f5support&utm_medium=RSS
Linux kernel vulnerability CVE-2017-1000364 Security Advisory Security Advisory Description An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page ...
More info:
https://support.f5.com/csp/article/K51931024?utm_source=f5support&utm_medium=RSS
Apache vulnerability CVE-2016-8743 Security Advisory Security Advisory Description Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from ...
More info:
https://support.f5.com/csp/article/K00373024?utm_source=f5support&utm_medium=RSS
PHP vulnerability CVE-2019-9020 Security Advisory Security Advisory Description An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1.
More info:
https://support.f5.com/csp/article/K37681312?utm_source=f5support&utm_medium=RSS
Linux kernel SCTP vulnerability CVE-2015-5283 Security Advisory Security Advisory Description The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect ...
More info:
https://support.f5.com/csp/article/K37510383?utm_source=f5support&utm_medium=RSS
BIG-IP Edge Client for macOS vulnerability CVE-2019-6668 Security Advisory Security Advisory Description BIG-IP Edge Client for macOS may allow unprivileged users to access files owned by the root ...
More info:
https://support.f5.com/csp/article/K49827114?utm_source=f5support&utm_medium=RSS
by Michael Hawkins. Users viewing the grade history report without the access all groups capability were not restricted to viewing grades of users within their own groups.Severity/Risk:MinorVersions affected:3.8 to 3.8.1, 3.7 to 3.7.4, 3.6 to 3.6.8, 3.5 to 3.5.10 and earlier unsupported versionsVersions fixed:3.8.2, 3.7.5, 3.6.9 and 3.5.11Reported by:Tim HuntCVE identifier:CVE-2020-1754Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=398350&parent=1606854
Apache Tomcat 6.x vulnerability CVE-2015-5174 Security Advisory Security Advisory Description Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7 ...
More info:
https://support.f5.com/csp/article/K30971148?utm_source=f5support&utm_medium=RSS
Apache Tomcat 6.x vulnerability CVE-2015-5174 Security Advisory Security Advisory Description Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7 ...
More info:
https://support.f5.com/csp/article/K30971148?utm_source=f5support&utm_medium=RSS
by Michael Hawkins. X-Forwarded-For headers could be used to spoof a users IP, in order to bypass remote address checks.PATCH NOTE: For user IPs to be checked (and logged) accurately after this patch is applied, sites using multiple levels of reverse proxies/balancers that append to the X-Forwarded-For header will need to configure the new "reverseproxyignore" setting. This ensures the IPs of the later proxies are ignored in favour of the users IP. Severity/Risk: Serious Versions
More info:
https://moodle.org/mod/forum/discuss.php?d=398351&parent=1606855
