Day: 20 enero, 2022

More info: https://www.oracle.com/security-alerts/cpujan2022.html

Project: Drupal coreDate: 2022-January-19Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Cross Site ScriptingDescription: jQuery UI is a third-party library used by Drupal. This library was previously thought to be end-of-life. Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. As part of this 1.13.0 update, they disclosed the following security issue that may More info: https://www.drupal.org/sa-core-2022-001

Project: Drupal coreDate: 2022-January-19Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Cross site scriptingDescription: jQuery UI is a third-party library used by Drupal. This library was previously thought to be end-of-life.Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. In addition to the issue covered by SA-CORE-20220-001, further security vulnerabilities More info: https://www.drupal.org/sa-core-2022-002

BIG-IP ASM and Advanced WAF REST API endpoint vulnerability CVE-2022-23026 Security Advisory Security Advisory Description An authenticated user with low privileges, such as a guest, can upload ... More info: https://support.f5.com/csp/article/K08402414?utm_source=f5support&utm_medium=RSS

BIG-IP SIP ALG vulnerability CVE-2022-23025 Security Advisory Security Advisory Description When a SIP ALG profile is configured on a virtual server, undisclosed requests can cause the Traffic ... More info: https://support.f5.com/csp/article/K44110411?utm_source=f5support&utm_medium=RSS

BIG-IQ vulnerability CVE-2022-23009 Security Advisory Security Advisory Description An authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices ... More info: https://support.f5.com/csp/article/K47592780?utm_source=f5support&utm_medium=RSS

NGINX Controller API Management vulnerability CVE-2020-23008 Security Advisory Security Advisory Description An authenticated attacker with access to the "user" or "admin" role can use undisclosed ... More info: https://support.f5.com/csp/article/K57735782?utm_source=f5support&utm_medium=RSS

BIG-IP TMM vulnerability CVE-2022-23020 Security Advisory Security Advisory Description When the Respond on Error setting is enabled on the Request Logging profile and configured on a virtual ... More info: https://support.f5.com/csp/article/K17514331?utm_source=f5support&utm_medium=RSS

Transparent DNS Cache can consume excessive resources Security Advisory Security Advisory Description When transparent Domain Name System (DNS) cache is configured on a virtual server, undisclosed ... More info: https://support.f5.com/csp/article/K41415626?utm_source=f5support&utm_medium=RSS

Overview of F5 vulnerabilities (January 2022) Security Advisory Security Advisory Description On January 19, 2022, F5 announced the following security issues. This document is intended to serve as ... More info: https://support.f5.com/csp/article/K40084114?utm_source=f5support&utm_medium=RSS