Month: mayo 2023

Security Advisory Description When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. (CVE-2023-28742) Impact This vulnerability may allow an ... More info: https://my.f5.com/manage/s/article/K000132972?utm_source=f5support&utm_medium=RSS

Security Advisory Description Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility that allow an attacker to run JavaScript ... More info: https://my.f5.com/manage/s/article/K000132726?utm_source=f5support&utm_medium=RSS

Security Advisory Description When an SSL profile is configured on a virtual server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. (CVE-2023-24594) Impact More info: https://my.f5.com/manage/s/article/K000133132?utm_source=f5support&utm_medium=RSS

Security Advisory Description A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that may allow an authenticated attacker to read files with an . ... More info: https://my.f5.com/manage/s/article/K000132768?utm_source=f5support&utm_medium=RSS

Security Advisory Description In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. (CVE-2023-22372) Impact More info: https://my.f5.com/manage/s/article/K000132522?utm_source=f5support&utm_medium=RSS

Security Advisory Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and ... More info: https://my.f5.com/manage/s/article/K000133753?utm_source=f5support&utm_medium=RSS

Security Advisory Description Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. More info: https://my.f5.com/manage/s/article/K000133752?utm_source=f5support&utm_medium=RSS

by Michael Hawkins. Insufficient sanitizing of loaders used by TinyMCE resulted in an arbitrary folder creation risk.Severity/Risk:SeriousVersions affected:4.1 to 4.1.2Versions fixed:4.1.3Reported by:Yaniv Nizry (SonarSource)CVE identifier:CVE-2023-30943Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77718Tracker issue:MDL-77718 TinyMCE loaders susceptible to Arbitrary Folder Creation More info: https://moodle.org/mod/forum/discuss.php?d=446285&parent=1793613

by Michael Hawkins. A limited SQL injection risk was identified in functionality used by the Wiki activity when listing pages.Severity/Risk:MinorVersions affected:4.1 to 4.1.2, 4.0 to 4.0.7, 3.11 to 3.11.13, 3.9 to 3.9.20 and earlier unsupported versionsVersions fixed:4.1.3, 4.0.8, 3.11.14 and 3.9.21Reported by:Paul HoldenCVE identifier:CVE-2023-30944Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77187Tracker issue:MDL-77187 Minor SQL More info: https://moodle.org/mod/forum/discuss.php?d=446286&parent=1793614