K68013105: OpenSSL vulnerability CVE-2022-1343

OpenSSL vulnerability CVE-2022-1343 Security Advisory Security Advisory Description The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non ... More info: https://support.f5.com/csp/article/K68013105?utm_source=f5support&utm_medium=RSS

K09413574: OpenSSL vulnerability CVE-2022-1434

OpenSSL vulnerability CVE-2022-1434 Security Advisory Security Advisory Description The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This ... More info: https://support.f5.com/csp/article/K09413574?utm_source=f5support&utm_medium=RSS

K23435400: Intel CPU vulnerability CVE-2022-0004

Intel CPU vulnerability CVE-2022-0004 Security Advisory Security Advisory Description Hardware debug modes and processor INIT setting that allow override of locks for some Intel(R) Processors in ... More info: https://support.f5.com/csp/article/K23435400?utm_source=f5support&utm_medium=RSS

K12132951: Linux kernel vulnerability CVE-2022-0812

Linux kernel vulnerability CVE-2022-0812 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when ... More info: https://support.f5.com/csp/article/K12132951?utm_source=f5support&utm_medium=RSS

Emotet Config Redux

This article was authored by Oleg Boyarchuk and Stefano Ortolani. Introduction It is no mystery that Emotet’s development recently picked up. After its resurrection (some researchers pointing to TrickBot as the threat actor responsible), it bootstrapped two new botnets (Epoch 4 and Epoch 5), and it recently looked at replacing its own modules with native … ContinuedThe post Emotet Config Redux appeared first on VMware Security Blog. More info: https://blogs.vmware.com/security/2022/05/emotet-config-redux.html?utm_source=rss&utm_medium=rss&utm_campaign=emotet-config-redux

K54724312: Linux kernel vulnerability CVE-2022-0492

Linux kernel vulnerability CVE-2022-0492 Security Advisory Security Advisory Description A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/ ... More info: https://support.f5.com/csp/article/K54724312?utm_source=f5support&utm_medium=RSS

Drupal core – Moderately critical – Improper input validation – SA-CORE-2022-008

Project: Drupal coreDate: 2022-April-20Security risk: Moderately critical 12∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Improper input validationCVE IDs: CVE-2022-25273Description: Drupal cores form API has a vulnerability where certain contributed or custom modules forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker More info: https://www.drupal.org/sa-core-2022-008

Drupal core – Moderately critical – Access bypass – SA-CORE-2022-009

Project: Drupal coreDate: 2022-April-20Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Access bypassCVE IDs: CVE-2022-25274Description: Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to More info: https://www.drupal.org/sa-core-2022-009
Translate »