Day: 2 junio, 2023

Security Advisory Description This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the ... More info: https://my.f5.com/manage/s/article/K000132893?utm_source=f5support&utm_medium=RSS

Security Advisory Description This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the ... More info: https://my.f5.com/manage/s/article/K000130541?utm_source=f5support&utm_medium=RSS

Security Advisory Description The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may ... More info: https://my.f5.com/manage/s/article/K00994461?utm_source=f5support&utm_medium=RSS

Security Advisory Description BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. (CVE-2019-12900) Impact BIG-IP AAM If an iSession ... More info: https://my.f5.com/manage/s/article/K68713584?utm_source=f5support&utm_medium=RSS

Security Advisory Description In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_ ... More info: https://my.f5.com/manage/s/article/K05295469?utm_source=f5support&utm_medium=RSS

Security Advisory Description Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest ... More info: https://my.f5.com/manage/s/article/K22322802?utm_source=f5support&utm_medium=RSS

Security Advisory Description libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. (CVE-2022-40674) Impact An attacker may be able to use crafted XML to reference ... More info: https://my.f5.com/manage/s/article/K44454157?utm_source=f5support&utm_medium=RSS

Security Advisory Description JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the ... More info: https://my.f5.com/manage/s/article/K59563964?utm_source=f5support&utm_medium=RSS

Security Advisory Description A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4. ... More info: https://my.f5.com/manage/s/article/K13401920?utm_source=f5support&utm_medium=RSS

Security Advisory Description CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the ... More info: https://my.f5.com/manage/s/article/K00322972?utm_source=f5support&utm_medium=RSS