Thursday, June 1, 2023
F5 Networks

K000133759 : Python vulnerability CVE-2020-26116

Security Advisory Description http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP ...
F5 Networks

K48187630 : Multiple grub2 vulnerabilities

Security Advisory Description CVE-2020-14308 In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads ...
F5 Networks

K000134818 : Python XML RPC vulnerability CVE-2019-16935

Security Advisory Description The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/ ...
F5 Networks

K000134793 : OpenJDK vulnerability CVE-2018-2952

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: ...
F5 Networks

K000134802 : Kubernetes vulnerability CVE-2020-10749

Security Advisory Description A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man- ...
F5 Networks

K000134782 : Intel Virtual RAID on CPU vulnerabilities CVE-2022-29919, CVE-2022-30338, CVE-2022-29508, CVE-2022-25976

Security Advisory Description CVE-2022-29919 Use after free in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege ...
F5 Networks

K000134781 : Multiple Intel Server Board BMC vulnerabilities

Security Advisory Description CVE-2023-22661 Buffer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local ...
F5 Networks

K000134768 : Linux kernel vulnerability CVE-2022-4378

Security Advisory Description A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to ...
F5 Networks

K000134770 : Linux kernel vulnerability CVE-2022-42703

Security Advisory Description mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. (CVE-2022-42703) Impact This vulnerability allows a local ...
F5 Networks

K000134764 : Java SE vulnerabilities CVE-2018-2941 and CVE-2018-2973

Security Advisory Description CVE-2018-2941 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u181, 8u172 and 10.0.1.
F5 Networks

K000134747 : PHP vulnerability CVE-2023-0568

Security Advisory Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with ...
F5 Networks

K000134744 : Intel BIOS vulnerability CVE-2022-38087

Security Advisory Description Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local ...
F5 Networks

K000134748 : Kubernetes vulnerabilities CVE-2019-1002100, CVE-2019-11254, CVE-2017-1002101, and CVE-2017-1002102

Security Advisory Description CVE-2019-1002100 In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can ...
F5 Networks

K000133652 : Python vulnerability CVE-2018-18074

Security Advisory Description The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it ...
F5 Networks

K000133448 : Python urllib3 vulnerability CVE-2019-11324

Security Advisory Description The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, ...
F5 Networks

K000134735 : Intel BIOS vulnerability CVE-2022-33894

Security Advisory Description Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
F5 Networks

K12201527 : Overview of Quarterly Security Notifications

Security Advisory Description F5 discloses security vulnerabilities and security exposures for F5 products in Quarterly Security Notifications. Quarterly Security Notification dates are published ...
F5 Networks

K64348180 : MySQL vulnerabilities CVE-2022-21517, CVE-2022-21519, CVE-2022-21522, CVE-2022-21525, and CVE-2022-21526

Security Advisory Description CVE-2022-21517 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily ...
F5 Networks

K25225860 : Linux kernel vulnerabilities CVE-2019-6454, CVE-2020-12888, and CVE-2020-36385

Security Advisory Description CVE-2019-6454 An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for ...
F5 Networks

K000134602 : Node.js vulnerabilities CVE-2023-23918 and CVE-2023-23920

Security Advisory Description CVE-2023-23918 A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental ...
The Register

Ukraine war blurs lines between cyber-crims and state-sponsored attackers

This RomCom is no laughing matter A change in the deployment of the RomCom malware strain has illustrated the blurring distinction between cyberattacks motivated by money and those fueled by geopolitics, in this case Russia's illegal invasion of Ukraine,...
SC Magazine

We need to refine and secure AI, not turn our backs on the technology 

While the potential poisoning of ChatGPT raises some concerns, we need to take this threat as an opportunity to better refine and secure emerging AI models.
The Hacker News

Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
The Hacker News

Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites

WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites. The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
The Register

Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims

Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...