Month: febrero 2022

Project: Drupal coreDate: 2022-February-16Security risk: Moderately critical 14∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Improper input validationDescription: Drupal cores form API has a vulnerability where certain contributed or custom modules forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical More info: https://www.drupal.org/sa-core-2022-003

Project: Drupal coreDate: 2022-February-16Security risk: Moderately critical 12∕25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Information disclosureDescription: The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access.Sites are only affected if the QuickEdit module (which comes with the Standard More info: https://www.drupal.org/sa-core-2022-004

Project: Drupal coreDate: 2022-February-16Security risk: Moderately critical 14∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Improper input validationDescription: Drupal cores form API has a vulnerability where certain contributed or custom modules forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical More info: https://www.drupal.org/sa-core-2022-003

Project: Drupal coreDate: 2022-February-16Security risk: Moderately critical 12∕25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Information disclosureDescription: The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access.Sites are only affected if the QuickEdit module (which comes with the Standard More info: https://www.drupal.org/sa-core-2022-004

Multiple BIOS / EFI vulnerabilities Security Advisory Security Advisory Description CVE-2020-5953 A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware ... More info: https://support.f5.com/csp/article/K45810018?utm_source=f5support&utm_medium=RSS

Multiple Insyde BIOS/EFI vulnerabilities Security Advisory Security Advisory Description CVE-2020-5953 A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI ... More info: https://support.f5.com/csp/article/K45810018?utm_source=f5support&utm_medium=RSS

libxml2 vulnerabilities CVE-2015-8035 CVE-2016-5131 CVE-2017-15412 CVE-2017-18258 CVE-2018-14404 CVE-2018-14567 Security Advisory Security Advisory Description CVE-2015-8035 The xz_decomp function ... More info: https://support.f5.com/csp/article/K76678525?utm_source=f5support&utm_medium=RSS

ImageMagick vulnerabilities CVE-2017-1000476 CVE-2017-11166 CVE-2017-12805 CVE-2017-12806 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2017-18271 CVE-2017-18273 CVE-2018-10804 Security Advisory More info: https://support.f5.com/csp/article/K45139744?utm_source=f5support&utm_medium=RSS

Linux kernel vulnerability CVE-2017-7261 Security Advisory Security Advisory Description The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel ... More info: https://support.f5.com/csp/article/K63771715?utm_source=f5support&utm_medium=RSS

NGINX Plus and Open Source vulnerability CVE-2021-23017 Security Advisory Security Advisory Description An issue in NGINX resolver may allow an attacker who is able to forge UDP packets from the ... More info: https://support.f5.com/csp/article/K12331123?utm_source=f5support&utm_medium=RSS