Initial Publication Date: 2022/01/13 13:00 PST A security researcher recently reported an issue that allowed them to take actions as the AWS Glue service. Utilizing an AWS Glue feature, researchers obtained credentials specific to the service itself, and an AWS-internal misconfiguration permitted the researchers to use these credentials as the AWS Glue service. There is no way that this could have been used to affect customers who do not use the AWS Glue service. No customer action is required.
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2022-002/
Initial Publication Date: 2022/01/13 13:00 PST Security researchers recently identified and reported an issue in AWS CloudFormation. Specifically, the reported issue was in the AWS CloudFormation service itself, which allowed viewing of some local configuration files on an AWS-internal host or attempted unauthenticated HTTP GET requests from the same host. The researchers utilized the HTTP GET capability to obtain a set of locally accessible credentials specific to the host. Neither the local
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2022-001/
More info:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11283&actp=RSS
OS Kernel and SMM mode L1 Terminal Fault vulnerability CVE-2018-3620 Security Advisory Security Advisory Description Systems with microprocessors utilizing speculative execution and address ...
More info:
https://support.f5.com/csp/article/K95275140?utm_source=f5support&utm_medium=RSS
Multiple MySQL vulnerabilities Security Advisory Security Advisory Description CVE-2020-14550 Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that ...
More info:
https://support.f5.com/csp/article/K33522171?utm_source=f5support&utm_medium=RSS
