Apache Log4j SQL injection vulnerability CVE-2022-23305 Security Advisory Security Advisory Description By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration ...
More info:
https://support.f5.com/csp/article/K97120268?utm_source=f5support&utm_medium=RSS
Apache Log4j Remote Code Execution vulnerability CVE-2022-23302 Security Advisory Security Advisory Description JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted ...
More info:
https://support.f5.com/csp/article/K59563964?utm_source=f5support&utm_medium=RSS
Apache Chainsaw Log4j vulnerability CVE-2022-23307 Security Advisory Security Advisory Description CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to ...
More info:
https://support.f5.com/csp/article/K00322972?utm_source=f5support&utm_medium=RSS
A new vulnerability in an open-source software component, polkit, emerged this week, to a lot of publicity (in which it has been named “PwnKit”). This vulnerability is present in Linux distributions going back more than a decade, so the scope is broad. With Log4j issues still fresh in our minds there have been questions about The post CVE-2021-4034, polkit, and VMware appeared first on VMware Security Blog.
More info:
https://blogs.vmware.com/security/2022/01/cve-2021-4034-polkit-pwnkit-vmware-products.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-4034-polkit-pwnkit-vmware-products
Polkit pkexec vulnerability CVE-2021-4034 Security Advisory Security Advisory Description A local privilege escalation vulnerability was found on polkits pkexec utility. The pkexec application is ...
More info:
https://support.f5.com/csp/article/K46015513?utm_source=f5support&utm_medium=RSS
NSS vulnerability CVE-2021-43527 Security Advisory Security Advisory Description NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when ...
More info:
https://support.f5.com/csp/article/K54450124?utm_source=f5support&utm_medium=RSS
This article was authored by Pavankumar Chaudhari (TAU) Summary Recently, the VMware Threat Analysis Unit analyzed BlackSun ransomware, a PowerShell-based ransomware. Unlike most other PowerShell-based ransomware it doesn’t download a payload or reflectively load a DLL or EXE into memory. Looking at the simplicity of code it is unclear if it is used for limited The post BlackSun Ransomware – The Dark Side of PowerShell appeared first on VMware Security Blog.
More info:
https://blogs.vmware.com/security/2022/01/blacksun-ransomware-the-dark-side-of-powershell.html?utm_source=rss&utm_medium=rss&utm_campaign=blacksun-ransomware-the-dark-side-of-powershell
by Michael Hawkins. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.Severity/Risk:SeriousVersions affected:3.11 to 3.11.4Versions fixed:3.11.5Reported by:Paul HoldenCVE identifier:CVE-2022-0332Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72573Tracker issue:MDL-72573 SQL injection risk in code fetching h5p activity user attempts
More info:
https://moodle.org/mod/forum/discuss.php?d=431099&parent=1734813
by Michael Hawkins. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.Severity/Risk:MinorVersions affected:3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versionsVersions fixed:3.11.5, 3.10.9 and 3.9.12Reported by:oct0pus7CVE identifier:CVE-2022-0333Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71239Tracker
More info:
https://moodle.org/mod/forum/discuss.php?d=431100&parent=1734814
by Michael Hawkins. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability.Severity/Risk:MinorVersions affected:3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versionsVersions fixed:3.11.5, 3.10.9 and 3.9.12Reported by:Deds CastilloCVE identifier:CVE-2022-0334Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=431102&parent=1734816
