Python Pillow vulnerabilities CVE-2020-5312 and CVE-2020-5313 Security Advisory Security Advisory Description CVE-2020-5312 libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer ...
More info:
https://support.f5.com/csp/article/K16213320?utm_source=f5support&utm_medium=RSS
Resource Administrator or Administrator role authenticated local command execution vulnerability CVE-2021-23012 Security Advisory Security Advisory Description Lack of input validation for items ...
More info:
https://support.f5.com/csp/article/K04234247?utm_source=f5support&utm_medium=RSS
TMM vulnerability CVE-2021-23011 Security Advisory Security Advisory Description When the BIG-IP system is buffering packet fragments for reassembly, the Traffic Management Microkernel (TMM) may ...
More info:
https://support.f5.com/csp/article/K10751325?utm_source=f5support&utm_medium=RSS
BIG-IP Advanced WAF and ASM Brute Force Protection feature may not properly support the Post-Redirect-Get application flow Security Advisory Security Advisory Description The Advanced WAF and BIG- ...
More info:
https://support.f5.com/csp/article/K91414704?utm_source=f5support&utm_medium=RSS
BIG-IP Advanced WAF and ASM REST API vulnerability CVE-2021-23014 Security Advisory Security Advisory Description BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a ...
More info:
https://support.f5.com/csp/article/K23203045?utm_source=f5support&utm_medium=RSS
BIG-IP APM AD authentication vulnerability CVE-2021-23008 Security Advisory Security Advisory Description BIG-IP APM AD (Active Directory) authentication can be bypassed using a spoofed AS-REP ( ...
More info:
https://support.f5.com/csp/article/K51213246?utm_source=f5support&utm_medium=RSS
BIG-IP ASM and Advanced WAF WebSocket vulnerability CVE-2021-23010 Security Advisory Security Advisory Description When the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON ...
More info:
https://support.f5.com/csp/article/K18570111?utm_source=f5support&utm_medium=RSS
Project: Drupal coreDate: 2021-April-21Security risk: Critical 15∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross-site scriptingCVE IDs: CVE-2020-13672Description: Drupal cores sanitization API fails to properly filter cross-site scripting under certain circumstances.Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this
More info:
https://www.drupal.org/sa-core-2021-002
Initial Publication Date: 2021/04/26 10:20 AM PDT On April 13th, 2021, AWS became aware of an edge case that affected how some Application Load Balancers (ALB) handled key rotation for TLS/SSL session ticket encryption. This edge case was introduced in September, 2020 and resulted in a small percentage of ALB traffic intermittently using an uninitialized session ticket encryption key. The edge case was triggered primarily during quiet periods of activity. ALBs with a high variation of traffic,
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2021-002/
Individuals’ security and privacy on the internet are fundamental. Living up to that principle we are announcing the following changes to Mozilla’s Root Store Policy (MRSP) which will come into … Read moreThe post Upgrading Mozilla’s Root Store Policy to Version 2.7.1 appeared first on Mozilla Security Blog.
More info:
https://blog.mozilla.org/security/2021/04/26/mrsp-v-2-7-1/
