OpenJDK vulnerabilities CVE-2021-2341, CVE-2021-2369, CVE-2021-2388, CVE-2021-2432 Security Advisory Security Advisory Description CVE-2021-2341 Vulnerability in the Java SE, Oracle GraalVM ...
More info:
https://support.f5.com/csp/article/K55354030?utm_source=f5support&utm_medium=RSS
Project: Drupal coreDate: 2021-September-15Security risk: Moderately critical 10∕25 AC:Basic/A:User/CI:None/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site Request ForgeryAffected versions: >= 8.0.0 = 9.1.0 =9.2.0 CVE IDs: CVE-2020-13673Description: The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user
More info:
https://www.drupal.org/sa-core-2021-006
Project: Drupal coreDate: 2021-September-15Security risk: Moderately critical 14∕25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site Request ForgeryAffected versions: >= 8.0.0 = 9.1.0 =9.2.0 CVE IDs: CVE-2020-13674Description: The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues.Sites are only affected if the QuickEdit module
More info:
https://www.drupal.org/sa-core-2021-007
Project: Drupal coreDate: 2021-September-15Security risk: Moderately critical 11∕25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:UncommonVulnerability: Access bypassAffected versions: >= 8.0.0 = 9.1.0 =9.2.0 CVE IDs: CVE-2020-13675Description: Drupals JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the
More info:
https://www.drupal.org/sa-core-2021-008
Project: Drupal coreDate: 2021-September-15Security risk: Moderately critical 10∕25 AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassAffected versions: >= 8.0.0 = 9.1.0 =9.2.0 CVE IDs: CVE-2020-13676Description: The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data.Sites are only affected if the QuickEdit module (which comes with the Standard profile) is
More info:
https://www.drupal.org/sa-core-2021-009
Project: Drupal coreDate: 2021-September-15Security risk: Moderately critical 12∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access BypassAffected versions: >= 8.0.0 = 9.1.0 =9.2.0 CVE IDs: CVE-2020-13677Description: Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass.Sites that do not have the JSON:API module enabled are not affected.This advisory is
More info:
https://www.drupal.org/sa-core-2021-010
Project: Drupal coreDate: 2021-November-17Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingAffected versions: >= 8.0.0 = 9.1.0 =9.2.0 Description: The Drupal project uses the CKEditor library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal, along with a hotfix for that update.Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for
More info:
https://www.drupal.org/sa-core-2021-011
Project: Drupal coreDate: 2022-January-19Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Cross Site ScriptingAffected versions: >=7.0 = 8.0.0 = 9.3.0 Description: jQuery UI is a third-party library used by Drupal. This library was previously thought to be end-of-life. Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. As part of this 1.13.0 update, they
More info:
https://www.drupal.org/sa-core-2022-001
Linux kernel vulnerability CVE-2021-28972 Security Advisory Security Advisory Description In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has ...
More info:
https://support.f5.com/csp/article/K52401347?utm_source=f5support&utm_medium=RSS
OpenSSL vulnerability CVE-2020-1968 Security Advisory Security Advisory Description The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute ...
More info:
https://support.f5.com/csp/article/K92451315?utm_source=f5support&utm_medium=RSS
