Blog

Security Advisory Description JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the ... More info: https://my.f5.com/manage/s/article/K59563964?utm_source=f5support&utm_medium=RSS

Security Advisory Description A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4. ... More info: https://my.f5.com/manage/s/article/K13401920?utm_source=f5support&utm_medium=RSS

Security Advisory Description CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the ... More info: https://my.f5.com/manage/s/article/K00322972?utm_source=f5support&utm_medium=RSS

Security Advisory Description The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/ ... More info: https://my.f5.com/manage/s/article/K000134818?utm_source=f5support&utm_medium=RSS

A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-file-write-SHVcmQVc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20Threat%20Defense%20Software%20CLI%20Arbitrary%20File%20Write%20Vulnerability&vs_k=1

Security Advisory Description A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man- ... More info: https://my.f5.com/manage/s/article/K000134802?utm_source=f5support&utm_medium=RSS

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: ... More info: https://my.f5.com/manage/s/article/K000134793?utm_source=f5support&utm_medium=RSS

Security Advisory Description CVE-2023-22661 Buffer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local ... More info: https://my.f5.com/manage/s/article/K000134781?utm_source=f5support&utm_medium=RSS

Security Advisory Description CVE-2022-29919 Use after free in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege ... More info: https://my.f5.com/manage/s/article/K000134782?utm_source=f5support&utm_medium=RSS

Security Advisory Description mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. (CVE-2022-42703) Impact This vulnerability allows a local ... More info: https://my.f5.com/manage/s/article/K000134770?utm_source=f5support&utm_medium=RSS