OPENSSL_LH_flush() function vulnerability CVE-2022-1473 Security Advisory Security Advisory Description The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks ...
More info:
https://support.f5.com/csp/article/K00053434?utm_source=f5support&utm_medium=RSS
OpenSSL vulnerability CVE-2022-1343 Security Advisory Security Advisory Description The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non ...
More info:
https://support.f5.com/csp/article/K68013105?utm_source=f5support&utm_medium=RSS
OpenSSL vulnerability CVE-2022-1434 Security Advisory Security Advisory Description The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This ...
More info:
https://support.f5.com/csp/article/K09413574?utm_source=f5support&utm_medium=RSS
Multiple Java vulnerabilities CVE-2022-0778, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21449, CVE-2022-21476 and CVE-2022-21496 Security Advisory Security Advisory Description CVE- ...
More info:
https://support.f5.com/csp/article/K32172755?utm_source=f5support&utm_medium=RSS
Intel CPU vulnerability CVE-2022-0004 Security Advisory Security Advisory Description Hardware debug modes and processor INIT setting that allow override of locks for some Intel(R) Processors in ...
More info:
https://support.f5.com/csp/article/K23435400?utm_source=f5support&utm_medium=RSS
Linux kernel vulnerability CVE-2022-0812 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when ...
More info:
https://support.f5.com/csp/article/K12132951?utm_source=f5support&utm_medium=RSS
This article was authored by Oleg Boyarchuk and Stefano Ortolani. Introduction It is no mystery that Emotet’s development recently picked up. After its resurrection (some researchers pointing to TrickBot as the threat actor responsible), it bootstrapped two new botnets (Epoch 4 and Epoch 5), and it recently looked at replacing its own modules with native … ContinuedThe post Emotet Config Redux appeared first on VMware Security Blog.
More info:
https://blogs.vmware.com/security/2022/05/emotet-config-redux.html?utm_source=rss&utm_medium=rss&utm_campaign=emotet-config-redux
Linux kernel vulnerability CVE-2022-0492 Security Advisory Security Advisory Description A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/ ...
More info:
https://support.f5.com/csp/article/K54724312?utm_source=f5support&utm_medium=RSS
Project: Drupal coreDate: 2022-April-20Security risk: Moderately critical 12∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Improper input validationCVE IDs: CVE-2022-25273Description: Drupal cores form API has a vulnerability where certain contributed or custom modules forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker
More info:
https://www.drupal.org/sa-core-2022-008
Project: Drupal coreDate: 2022-April-20Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Access bypassCVE IDs: CVE-2022-25274Description: Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to
More info:
https://www.drupal.org/sa-core-2022-009