Month: agosto 2022

Application programming interfaces (APIs) are critical to modern applications. APIs are used to communicate information between users and applications, between the different components of a composite application, and to communicate with a rapidly increasing variety of devices. Initially, they mainly existed in the background, hidden from end-users and bad actors. However, as microservices, containers, and cloud-based services … ContinuedThe post Extending the Zero Trust Architecture More info: https://blogs.vmware.com/security/2022/08/extending-the-zero-trust-architecture-concept-to-apis.html?utm_source=rss&utm_medium=rss&utm_campaign=extending-the-zero-trust-architecture-concept-to-apis

BIG-IP iRules vulnerability CVE-2022-33962 Security Advisory Security Advisory Description The node iRules command may allow an attacker to bypass the access control restrictions for a self IP ... More info: https://support.f5.com/csp/article/K80970653?utm_source=f5support&utm_medium=RSS

OpenJDK vulnerabilities CVE-2021-2341, CVE-2021-2369, CVE-2021-2388, CVE-2021-2432 Security Advisory Security Advisory Description CVE-2021-2341 Vulnerability in the Java SE, Oracle GraalVM ... More info: https://support.f5.com/csp/article/K55354030?utm_source=f5support&utm_medium=RSS

Project: Drupal coreDate: 2021-September-15Security risk: Moderately critical 10∕25 AC:Basic/A:User/CI:None/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site Request ForgeryAffected versions: >= 8.0.0 = 9.1.0 =9.2.0 CVE IDs: CVE-2020-13673Description: The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user More info: https://www.drupal.org/sa-core-2021-006

Project: Drupal coreDate: 2021-September-15Security risk: Moderately critical 14∕25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site Request ForgeryAffected versions: >= 8.0.0 = 9.1.0 =9.2.0 CVE IDs: CVE-2020-13674Description: The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues.Sites are only affected if the QuickEdit module More info: https://www.drupal.org/sa-core-2021-007

Project: Drupal coreDate: 2021-September-15Security risk: Moderately critical 11∕25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:UncommonVulnerability: Access bypassAffected versions: >= 8.0.0 = 9.1.0 =9.2.0 CVE IDs: CVE-2020-13675Description: Drupals JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the More info: https://www.drupal.org/sa-core-2021-008

Project: Drupal coreDate: 2021-September-15Security risk: Moderately critical 10∕25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassAffected versions: >= 8.0.0 = 9.1.0 =9.2.0 CVE IDs: CVE-2020-13676Description: The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data.Sites are only affected if the QuickEdit module (which comes with the Standard profile) is More info: https://www.drupal.org/sa-core-2021-009

Project: Drupal coreDate: 2021-September-15Security risk: Moderately critical 12∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access BypassAffected versions: >= 8.0.0 = 9.1.0 =9.2.0 CVE IDs: CVE-2020-13677Description: Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass.Sites that do not have the JSON:API module enabled are not affected.This advisory is More info: https://www.drupal.org/sa-core-2021-010

Project: Drupal coreDate: 2021-November-17Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingAffected versions: >= 8.0.0 = 9.1.0 =9.2.0 Description: The Drupal project uses the CKEditor library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal, along with a hotfix for that update.Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for More info: https://www.drupal.org/sa-core-2021-011

Project: Drupal coreDate: 2022-January-19Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Cross Site ScriptingAffected versions: >=7.0 = 8.0.0 = 9.3.0 Description: jQuery UI is a third-party library used by Drupal. This library was previously thought to be end-of-life. Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. As part of this 1.13.0 update, they More info: https://www.drupal.org/sa-core-2022-001