Linux kernel vulnerability CVE-2017-18344 Security Advisory Security Advisory Description The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 ...
More info:
https://support.f5.com/csp/article/K07020416?utm_source=f5support&utm_medium=RSS
Python vulnerability CVE-2019-9636 Security Advisory Security Advisory Description Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an ...
More info:
https://support.f5.com/csp/article/K57542514?utm_source=f5support&utm_medium=RSS
Apache HTTP server vulnerability CVE-2021-44224 Security Advisory Security Advisory Description A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL ...
More info:
https://support.f5.com/csp/article/K16090693?utm_source=f5support&utm_medium=RSS
Between December 21, 2021 at 23:48 UTC and December 22, 2021 at 08:23 UTC, the policy used by AWS Support automated systems - AWSSupportServiceRolePolicy - inadvertently included S3:GetObject permissions. This change has been reverted. While these permissions were temporarily present, they were not and could not be used - only a tightly controlled set of AWS support systems may assume the AWSSupportService role, and these systems do not provide the capability to access S3 objects even if
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2021-007/
This piece was authored by Stijn Vanveerdeghem An initial zero-day vulnerability (CVE-2021-44228), publicly released on 9 December 2021, and known as Log4j or Log4Shell, is actively being targeted in the wild. CVE-2021-44228 was assigned the highest “Critical” severity rating, a maximum risk score of 10. On Tuesday, December 14th, new guidance was issued and a new CVE-2021-45046. Originally scored with a CVSS of 3.7, CVE 2021-45046 was upgrade to a CVSS score of 9.0 on December
More info:
https://blogs.vmware.com/security/2021/12/demo-mitigating-log4shell-cve-2021-44228-with-nsx.html?utm_source=rss&utm_medium=rss&utm_campaign=demo-mitigating-log4shell-cve-2021-44228-with-nsx
Apache log4j2 denial-of-service vulnerability CVE-2021-45105 Security Advisory Security Advisory Description Multiple Apache Log4j vulnerabilities have been discovered. For more information refer ...
More info:
https://support.f5.com/csp/article/K34162192?utm_source=f5support&utm_medium=RSS
Apache Storm vulnerability CVE-2021-40865 Security Advisory Security Advisory Description An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor ...
More info:
https://support.f5.com/csp/article/K44104514?utm_source=f5support&utm_medium=RSS
logback vulnerability CVE-2021-42550 Security Advisory Security Advisory Description In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations ...
More info:
https://support.f5.com/csp/article/K97521840?utm_source=f5support&utm_medium=RSS
The VMware Carbon Black Tech Zone allows you to explore our enterprise-class technical resources (demos, insights, release notes, best practices, overviews and more) that are organized and structured in easy-to-follow activity paths. Check out the latest news and insights in the What’s New in VMware Carbon Black Tech Zone December 2021 edition. Highlights include: Lightboard The post What’s New in the VMware Carbon Black Tech Zone: December 2021 appeared first on VMware Security
More info:
https://blogs.vmware.com/security/2022/01/whats-new-in-the-vmware-carbon-black-tech-zone-december-2021.html?utm_source=rss&utm_medium=rss&utm_campaign=whats-new-in-the-vmware-carbon-black-tech-zone-december-2021
Apache Log4j2 vulnerability CVE-2021-44832 Security Advisory Security Advisory Description Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are ...
More info:
https://support.f5.com/csp/article/K14122652?utm_source=f5support&utm_medium=RSS
