Month: junio 2023

Security Advisory Description A memory out-of-bounds read flaw was found in the Linux kernels ext3/ext4 file system in the way it accesses a directory with broken indexing. This flaw allows a ... More info: https://my.f5.com/manage/s/article/K67830124?utm_source=f5support&utm_medium=RSS

Security Advisory Description Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input ... More info: https://my.f5.com/manage/s/article/K40582331?utm_source=f5support&utm_medium=RSS

Security Advisory Description Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt( ... More info: https://my.f5.com/manage/s/article/K000135178?utm_source=f5support&utm_medium=RSS

Security Advisory Description Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, ... More info: https://my.f5.com/manage/s/article/K000135156?utm_source=f5support&utm_medium=RSS

Security Advisory Description Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable ... More info: https://my.f5.com/manage/s/article/K000134942?utm_source=f5support&utm_medium=RSS

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are ... More info: https://my.f5.com/manage/s/article/K000135149?utm_source=f5support&utm_medium=RSS

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-cP9DuEmq?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Secure%20Email%20Gateway,%20Cisco%20Secure%20Email%20and%20Web%20Manager,%20and%20Cisco%20Secure%20Web%20Appliance%20Cross-Site%20Scripting%20Vulnerabilities&vs_k=1

A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the application is configured to fail open. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-mac-bypass-OyZpVPnx?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Duo%20Two-Factor%20Authentication%20for%20macOS%20Authentication%20Bypass%20Vulnerability&vs_k=1

par Michael Hawkins. Authenticated users were able to enumerate other users names via the learning plans page.Severity/Risk:MinorVersions affected:4.1 to 4.1.1 and 4.0 to 4.0.6Versions fixed:4.1.2 and 4.0.7Reported by:Paul HoldenCVE identifier:CVE-2023-28334Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77129Tracker issue:MDL-77129 Users name enumeration possible via IDOR on learning plans page More info: https://moodle.org/mod/forum/discuss.php?d=445066&parent=1788899

par Michael Hawkins. The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.Severity/Risk:MinorVersions affected:4.1 to 4.1.1Versions fixed:4.1.2Reported by:DegrangeMCVE identifier:CVE-2023-28335Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77008Tracker issue:MDL-77008 CSRF risk in resetting all templates of a database activity More info: https://moodle.org/mod/forum/discuss.php?d=445067&parent=1788900