Blog

More info: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11236&actp=RSS

libwebp vulnerabilities CVE-2018-25011 CVE-2020-36328 CVE-2020-36329 CVE-2018-25014 Security Advisory Security Advisory Description A flaw was found in libwebp in versions before 1.0.1. A heap- ... More info: https://support.f5.com/csp/article/K31878120?utm_source=f5support&utm_medium=RSS

Apache Tomcat vulnerability CVE-2021-42340 Security Advisory Security Advisory Description The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9. ... More info: https://support.f5.com/csp/article/K70052353?utm_source=f5support&utm_medium=RSS

This piece was written by Arjun Narang and Ashwin Manekar Workload Protection Updates and New Feature We’re excited to announce the general availability of Workload 1.1. This release includes user experience and usability feature enhancements, and a new tagging feature with NSX-T. With this new release, you’ll see our continued focus on helping customers with their security and IT modernization needs. Update – Enhanced Proxy Support Many VMware Carbon Black Workload customers More info: https://blogs.vmware.com/security/2021/10/vmware-carbon-black-workload-1-1-general-availability.html?utm_source=rss&utm_medium=rss&utm_campaign=vmware-carbon-black-workload-1-1-general-availability

Apache vulnerability CVE-2021-40438 Security Advisory Security Advisory Description A crafted request uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote ... More info: https://support.f5.com/csp/article/K01552024?utm_source=f5support&utm_medium=RSS

TMUI XSS vulnerability CVE-2021-23037 Security Advisory Security Advisory Description A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration ... More info: https://support.f5.com/csp/article/K21435974?utm_source=f5support&utm_medium=RSS

Apache HTTPD vulnerability CVE-2021-36160 Security Advisory Security Advisory Description A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and ... More info: https://support.f5.com/csp/article/K13401920?utm_source=f5support&utm_medium=RSS

More info: https://www.oracle.com/security-alerts/cpuoct2021.html

Update October 17, 2021 Tianfu Cup International PWN Contest 2021 has been wrapped up with two successful attempts on our products. The Kunlun Lab team has been successful with their both attempts on VMware ESXi and VMware Workstation. We are currently investigating these issues after having received the details. We are actively working on its The post VMware and the 2021 Tianfu Cup PWN Contest appeared first on VMware Security Blog. More info: https://blogs.vmware.com/security/2021/09/vmware-and-the-2021-tianfu-cup-pwn-contest.html?utm_source=rss&utm_medium=rss&utm_campaign=vmware-and-the-2021-tianfu-cup-pwn-contest

Node.js vulnerabilities CVE-2021-3672 and CVE-2021-22931 Security Advisory Security Advisory Description CVE-2021-3672 Missing input validation of host names returned by Domain Name Servers (DNS) ... More info: https://support.f5.com/csp/article/K53225395?utm_source=f5support&utm_medium=RSS