Month: mayo 2023

Security Advisory Description Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that ... More info: https://my.f5.com/manage/s/article/K000133761?utm_source=f5support&utm_medium=RSS

Security Advisory Description A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and ... More info: https://my.f5.com/manage/s/article/K000132425?utm_source=f5support&utm_medium=RSS

Security Advisory Description Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and ... More info: https://my.f5.com/manage/s/article/K000130509?utm_source=f5support&utm_medium=RSS

Security Advisory Description CVE-2021-39295 In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipmid (IPMI lan+) interface. CVE-2021-39296 More info: https://my.f5.com/manage/s/article/K000133512?utm_source=f5support&utm_medium=RSS

Security Advisory Description CVE-2022-4203 A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after ... More info: https://my.f5.com/manage/s/article/K000132537?utm_source=f5support&utm_medium=RSS

Security Advisory Description Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. (CVE-2020-6950) Impact There is ... More info: https://my.f5.com/manage/s/article/K000134517?utm_source=f5support&utm_medium=RSS

Security Advisory Description jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to ... More info: https://my.f5.com/manage/s/article/K000134507?utm_source=f5support&utm_medium=RSS

Security Advisory Description A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data. (CVE-2022-45685) Impact System performance ... More info: https://my.f5.com/manage/s/article/K000134496?utm_source=f5support&utm_medium=RSS

Security Advisory Description http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP ... More info: https://my.f5.com/manage/s/article/K000133759?utm_source=f5support&utm_medium=RSS

Security Advisory Description Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a ... More info: https://my.f5.com/manage/s/article/K000134500?utm_source=f5support&utm_medium=RSS