Drupal core – Moderately critical – Improper input validation – SA-CORE-2022-008

Project: Drupal coreDate: 2022-April-20Security risk: Moderately critical 12∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Improper input validationDescription: Drupal cores form API has a vulnerability where certain contributed or custom modules forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or More info: https://www.drupal.org/sa-core-2022-008

Drupal core – Moderately critical – Access bypass – SA-CORE-2022-009

Project: Drupal coreDate: 2022-April-20Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Access bypassDescription: Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and More info: https://www.drupal.org/sa-core-2022-009

K05122252: Bash vulnerability CVE-2012-6711

Bash vulnerability CVE-2012-6711 Security Advisory Security Advisory Description A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current ... More info: https://support.f5.com/csp/article/K05122252?utm_source=f5support&utm_medium=RSS

Reported Apache Log4j Hotpatch Issues

Initial Publication Date: 2022/04/19 14:30 PST CVE IDs: CVE-2021-3100, CVE-2021-3101, CVE-2022-0070, CVE-2022-0071 On December 12, 2021, Amazon publicly released a hotpatch for running Java VMs which disables the loading of the Java Naming and Directory Interface (JNDI) class. This hotpatch provides an immediate mitigation for critical issues within the open-source Apache “Log4j2" utility (CVE-2021-44228 and CVE-2021-45046) while allowing system administrators sufficient time to More info: https://aws.amazon.com/security/security-bulletins/AWS-2022-006/
Translate »