enero 2022 – Página 4 – Javier García

15 enero, 2022

K31616043: Linux kernel vulnerability CVE-2021-28660

Linux kernel vulnerability CVE-2021-28660 Security Advisory Security Advisory Description rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 ... More info: https://support.f5.com/csp/article/K31616043?utm_source=f5support&utm_medium=RSS

15 enero, 2022

K73459626: Linux kernel vulnerability CVE-2021-3506

Linux kernel vulnerability CVE-2021-3506 Security Advisory Security Advisory Description An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux ... More info: https://support.f5.com/csp/article/K73459626?utm_source=f5support&utm_medium=RSS

15 enero, 2022

K10771536: MySQL vulnerabilities CVE-2017-3309, CVE-2017-3453, and CVE-2019-2974

MySQL vulnerabilities CVE-2017-3309, CVE-2017-3453, and CVE-2019-2974 Security Advisory Security Advisory Description CVE-2017-3309 Vulnerability in the MySQL Server component of Oracle MySQL ( ... More info: https://support.f5.com/csp/article/K10771536?utm_source=f5support&utm_medium=RSS

14 enero, 2022

Reported AWS Glue Issue

Initial Publication Date: 2022/01/13 13:00 PST A security researcher recently reported an issue that allowed them to take actions as the AWS Glue service. Utilizing an AWS Glue feature, researchers obtained credentials specific to the service itself, and an AWS-internal misconfiguration permitted the researchers to use these credentials as the AWS Glue service. There is no way that this could have been used to affect customers who do not use the AWS Glue service. No customer action is required. More info: https://aws.amazon.com/security/security-bulletins/AWS-2022-002/

14 enero, 2022

Reported AWS CloudFormation Issue

Initial Publication Date: 2022/01/13 13:00 PST Security researchers recently identified and reported an issue in AWS CloudFormation. Specifically, the reported issue was in the AWS CloudFormation service itself, which allowed viewing of some local configuration files on an AWS-internal host or attempted unauthenticated HTTP GET requests from the same host. The researchers utilized the HTTP GET capability to obtain a set of locally accessible credentials specific to the host. Neither the local More info: https://aws.amazon.com/security/security-bulletins/AWS-2022-001/

14 enero, 2022

JSA11283 – 2022-01 Security Bulletin: Junos OS and Junos OS Evolved: After receiving a specific number of crafted packets snmpd will segmentation fault (SIGSEGV) requiring a manual restart. (CVE-2022-

More info: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11283&actp=RSS

14 enero, 2022

K95275140: OS Kernel and SMM mode L1 Terminal Fault vulnerability CVE-2018-3620

OS Kernel and SMM mode L1 Terminal Fault vulnerability CVE-2018-3620 Security Advisory Security Advisory Description Systems with microprocessors utilizing speculative execution and address ... More info: https://support.f5.com/csp/article/K95275140?utm_source=f5support&utm_medium=RSS

14 enero, 2022

K33522171: Multiple MySQL vulnerabilities

Multiple MySQL vulnerabilities Security Advisory Security Advisory Description CVE-2020-14550 Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that ... More info: https://support.f5.com/csp/article/K33522171?utm_source=f5support&utm_medium=RSS

13 enero, 2022

JSA11270 – 2022-01 Security Bulletin: Junos OS: A low privileged user can elevate their privileges to the ones of the highest privileged j-web user logged in (CVE-2022-22162)

More info: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11270&actp=RSS

13 enero, 2022

JSA11269 – 2022-01 Security Bulletin: Junos OS: MX104 might become unresponsive if the out-of-band management port receives a flood of traffic (CVE-2022-22161)

More info: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11269&actp=RSS