Month: abril 2023

Security Advisory Description urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first ... More info: https://my.f5.com/manage/s/article/K000133547?utm_source=f5support&utm_medium=RSS

Security Advisory Description The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some ... More info: https://my.f5.com/manage/s/article/K000133390?utm_source=f5support&utm_medium=RSS

More info: https://www.oracle.com/security-alerts/cpuapr2023.html

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=SNMP%20Remote%20Code%20Execution%20Vulnerabilities%20in%20Cisco%20IOS%20and%20IOS%20XE%20Software&vs_k=1

Security Advisory Description Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole ... More info: https://my.f5.com/manage/s/article/K000133522?utm_source=f5support&utm_medium=RSS

Security Advisory Description ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. (CVE-2023- ... More info: https://my.f5.com/manage/s/article/K000133517?utm_source=f5support&utm_medium=RSS

Security Advisory Description A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the ... More info: https://my.f5.com/manage/s/article/K000133511?utm_source=f5support&utm_medium=RSS

Security Advisory Description CVE-2021-39295 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the ... More info: https://my.f5.com/manage/s/article/K000133512?utm_source=f5support&utm_medium=RSS

Security Advisory Description In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is ... More info: https://my.f5.com/manage/s/article/K11315080?utm_source=f5support&utm_medium=RSS

Security Advisory Description A crafted request uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and ... More info: https://my.f5.com/manage/s/article/K01552024?utm_source=f5support&utm_medium=RSS