Day: 21 abril, 2022

Project: Drupal coreDate: 2022-April-20Security risk: Moderately critical 12∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Improper input validationDescription: Drupal cores form API has a vulnerability where certain contributed or custom modules forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or More info: https://www.drupal.org/sa-core-2022-008

Project: Drupal coreDate: 2022-April-20Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Access bypassDescription: Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and More info: https://www.drupal.org/sa-core-2022-009

BIG-IP LTM HTTP/2 desync attacks: request line injection Security Advisory Security Advisory Description Multiple desync attacks have been discovered. For more information refer to the following ... More info: https://support.f5.com/csp/article/K63312282?utm_source=f5support&utm_medium=RSS

The BIG-IP ASM system may not properly perform attack signature checks Security Advisory Security Advisory Description The BIG-IP ASM system may not properly perform attack signature checks on ... More info: https://support.f5.com/csp/article/K05391775?utm_source=f5support&utm_medium=RSS

Bash vulnerability CVE-2012-6711 Security Advisory Security Advisory Description A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current ... More info: https://support.f5.com/csp/article/K05122252?utm_source=f5support&utm_medium=RSS

Linux kernel vulnerabilities CVE-2021-3564, CVE-2021-3573, and CVE-2021-3752 Security Advisory Security Advisory Description CVE-2021-3564 A flaw double-free memory corruption in the Linux kernel ... More info: https://support.f5.com/csp/article/K25511825?utm_source=f5support&utm_medium=RSS

Python vulnerabilities CVE-2019-9636 and CVE-2019-10160 Security Advisory Security Advisory Description Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of ... More info: https://support.f5.com/csp/article/K57542514?utm_source=f5support&utm_medium=RSS

Initial Publication Date: 2022/04/19 14:30 PST CVE IDs: CVE-2021-3100, CVE-2021-3101, CVE-2022-0070, CVE-2022-0071 On December 12, 2021, Amazon publicly released a hotpatch for running Java VMs which disables the loading of the Java Naming and Directory Interface (JNDI) class. This hotpatch provides an immediate mitigation for critical issues within the open-source Apache “Log4j2" utility (CVE-2021-44228 and CVE-2021-45046) while allowing system administrators sufficient time to More info: https://aws.amazon.com/security/security-bulletins/AWS-2022-006/

Linux vulnerabilities CVE-2022-0330 and CVE-2022-22942 Security Advisory Security Advisory Description CVE-2022-0330 A random memory access flaw was found in the Linux kernels GPU i915 kernel ... More info: https://support.f5.com/csp/article/K30914425?utm_source=f5support&utm_medium=RSS

More info: https://www.oracle.com/security-alerts/cpuapr2022.html