Day: 3 junio, 2023

Security Advisory Description SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. (CVE-2022-35737) More info: https://my.f5.com/manage/s/article/K000130512?utm_source=f5support&utm_medium=RSS

Security Advisory Description urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: ... More info: https://my.f5.com/manage/s/article/K28622040?utm_source=f5support&utm_medium=RSS

Security Advisory Description The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage ... More info: https://my.f5.com/manage/s/article/K63597327?utm_source=f5support&utm_medium=RSS

Security Advisory Description The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the ... More info: https://my.f5.com/manage/s/article/K000132635?utm_source=f5support&utm_medium=RSS

Security Advisory Description The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is ... More info: https://my.f5.com/manage/s/article/K31323265?utm_source=f5support&utm_medium=RSS

Security Advisory Description A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows ... More info: https://my.f5.com/manage/s/article/K54724312?utm_source=f5support&utm_medium=RSS

Security Advisory Description A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. (CVE-2021-40490) Impact More info: https://my.f5.com/manage/s/article/K04712583?utm_source=f5support&utm_medium=RSS

Security Advisory Description nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation ... More info: https://my.f5.com/manage/s/article/K49902412?utm_source=f5support&utm_medium=RSS

Security Advisory Description Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached ... More info: https://my.f5.com/manage/s/article/K63525027?utm_source=f5support&utm_medium=RSS

Security Advisory Description NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. More info: https://my.f5.com/manage/s/article/K54450124?utm_source=f5support&utm_medium=RSS