Intel AMT vulnerabilities CVE-2020-0537, CVE-2020-0538, and CVE-2020-0540 Security Advisory Security Advisory Description CVE-2020-0537 Improper input validation in subsystem for Intel(R) AMT ...
More info:
https://support.f5.com/csp/article/K29814751?utm_source=f5support&utm_medium=RSS
Intel CSME vulnerabilities CVE-2020-0541, CVE-2020-0542, CVE-2020-0545 Security Advisory Security Advisory Description CVE-2020-0541 Out-of-bounds write in subsystem for Intel(R) CSME versions ...
More info:
https://support.f5.com/csp/article/K12445504?utm_source=f5support&utm_medium=RSS
Intel AMT / ISM multiple vulnerabilities Security Advisory Security Advisory Description CVE-2020-0594 Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77 ...
More info:
https://support.f5.com/csp/article/K12265377?utm_source=f5support&utm_medium=RSS
Intel TXE / SPS vulnerabilities CVE-2020-0566, CVE-2020-0586 Security Advisory Security Advisory Description CVE-2020-0566 Improper Access Control in subsystem for Intel(R) TXE versions before 3. ...
More info:
https://support.f5.com/csp/article/K44691188?utm_source=f5support&utm_medium=RSS
BIND vulnerability CVE-2020-8618 Security Advisory Security Advisory Description An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally ...
More info:
https://support.f5.com/csp/article/K62210928?utm_source=f5support&utm_medium=RSS
Project: Drupal coreDate: 2020-June-17Security risk: Critical 15∕25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site Request ForgeryCVE IDs: CVE-2020-13663Description: The Drupal core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.Solution: If you are using Drupal 7.x, upgrade to Drupal 7.72.If you are using Drupal 8.8.x, upgrade to Drupal 8.8.8.If you are using Drupal 8.9.x, upgrade to
More info:
https://www.drupal.org/sa-core-2020-004
Project: Drupal coreDate: 2020-June-17Security risk: Critical 15∕25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site Request ForgeryCVE IDs: CVE-2020-13663Description: The Drupal core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.Solution: If you are using Drupal 7.x, upgrade to Drupal 7.72.If you are using Drupal 8.8.x, upgrade to Drupal 8.8.8.If you are using Drupal 8.9.x, upgrade to
More info:
https://www.drupal.org/sa-core-2020-004
Project: Drupal coreDate: 2020-June-17Security risk: Critical 17∕25 AC:Complex/A:None/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Arbitrary PHP code executionCVE IDs: CVE-2020-13664Description: Drupal 8 and 9 have a remote code execution vulnerability under certain circumstances.An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could
More info:
https://www.drupal.org/sa-core-2020-005
Project: Drupal coreDate: 2020-June-17Security risk: Less critical 8∕25 AC:Complex/A:User/CI:None/II:Some/E:Theoretical/TD:UncommonVulnerability: Access bypassCVE IDs: CVE-2020-13665 Description: JSON:API PATCH requests may bypass validation for certain fields.By default, JSON:API works in a read-only mode which makes it impossible to exploit the vulnerability. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable.Solution: Install the latest
More info:
https://www.drupal.org/sa-core-2020-006
libxml2 2.7.8 vulnerability CVE-2010-4494 Security Advisory Security Advisory Description Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 ...
More info:
https://support.f5.com/csp/article/K51182024?utm_source=f5support&utm_medium=RSS
