Month: abril 2022

Qt vulnerabilities CVE-2018-19869, CVE-2018-19870, CVE-2018-19871, and CVE-2018-19873 Security Advisory Security Advisory Description CVE-2018-19869 An issue was discovered in Qt before 5.11.3. A ... More info: https://support.f5.com/csp/article/K08037765?utm_source=f5support&utm_medium=RSS

Multiple Ruby vulnerabilities Security Advisory Security Advisory Description CVE-2018-1000073 RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 ... More info: https://support.f5.com/csp/article/K84262603?utm_source=f5support&utm_medium=RSS

389-ds-base vulnerability CVE-2021-4091 Security Advisory Security Advisory Description A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An ... More info: https://support.f5.com/csp/article/K15244523?utm_source=f5support&utm_medium=RSS

Project: Drupal coreDate: 2022-April-20Security risk: Moderately critical 12∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Improper input validationDescription: Drupal cores form API has a vulnerability where certain contributed or custom modules forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or More info: https://www.drupal.org/sa-core-2022-008

Project: Drupal coreDate: 2022-April-20Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Access bypassDescription: Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and More info: https://www.drupal.org/sa-core-2022-009

BIG-IP LTM HTTP/2 desync attacks: request line injection Security Advisory Security Advisory Description Multiple desync attacks have been discovered. For more information refer to the following ... More info: https://support.f5.com/csp/article/K63312282?utm_source=f5support&utm_medium=RSS

The BIG-IP ASM system may not properly perform attack signature checks Security Advisory Security Advisory Description The BIG-IP ASM system may not properly perform attack signature checks on ... More info: https://support.f5.com/csp/article/K05391775?utm_source=f5support&utm_medium=RSS

Bash vulnerability CVE-2012-6711 Security Advisory Security Advisory Description A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current ... More info: https://support.f5.com/csp/article/K05122252?utm_source=f5support&utm_medium=RSS

Linux kernel vulnerabilities CVE-2021-3564, CVE-2021-3573, and CVE-2021-3752 Security Advisory Security Advisory Description CVE-2021-3564 A flaw double-free memory corruption in the Linux kernel ... More info: https://support.f5.com/csp/article/K25511825?utm_source=f5support&utm_medium=RSS

Python vulnerabilities CVE-2019-9636 and CVE-2019-10160 Security Advisory Security Advisory Description Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of ... More info: https://support.f5.com/csp/article/K57542514?utm_source=f5support&utm_medium=RSS