Lucene search
K

619 matches found

OSV
OSV
added 2019/04/10 8:29 p.m.7 views

CVE-2019-0041

On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface lo0. The device may fail to forward such traffic. This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S2, 18.2R2 on EX4300-MP Series. This...

8.6CVSS5.8AI score0.00871EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/04/10 8:13 p.m.23 views

CVE-2019-0041 Junos OS: EX4300-MP Series: IP transit traffic can reach the control plane via loopback interface.

On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface lo0. The device may fail to forward such traffic. This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S2, 18.2R2 on EX4300-MP Series. This...

6.5CVSS8.6AI score0.00871EPSS
Exploits0References1
CVE
CVE
added 2019/04/10 8:13 p.m.57 views

CVE-2019-0041

CVE-2019-0041 affects Juniper Networks Junos OS on the EX4300-MP Series. With any lo0 filters applied, transit network traffic could reach the control plane via the loopback interface (lo0) and the device may fail to forward such traffic. Affected software: Junos OS 18.2 prior to 18.2R1-S2 and 18...

8.6CVSS7.5AI score0.00871EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/01/29 4:29 p.m.16 views

Input validation

IBM QRadar SIEM 7.2 and 7.3 fails to adequately filter user-controlled input data for syntax that has control-plane implications which could allow an attacker to modify displayed content. IBM X-Force ID: 147811...

5CVSS5.1AI score0.01654EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/01/29 4:29 p.m.5 views

CVE-2018-1733

IBM QRadar SIEM 7.2 and 7.3 fails to adequately filter user-controlled input data for syntax that has control-plane implications which could allow an attacker to modify displayed content. IBM X-Force ID: 147811...

5.3CVSS5.8AI score0.01654EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/01/29 4:0 p.m.16 views

CVE-2018-1733

IBM QRadar SIEM 7.2 and 7.3 fails to adequately filter user-controlled input data for syntax that has control-plane implications which could allow an attacker to modify displayed content. IBM X-Force ID: 147811...

5.3CVSS5.1AI score0.01654EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/11/02 12:0 a.m.22 views

F5 Networks BIG-IP : BIG-IP SOCKS proxy vulnerability (K55225440)

Responses to SOCKS proxy requests made through the BIG-IP system may cause a disruption of service provided by theTraffic Management Microkernel TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a virtual server. The control plane is not impacted by this...

7.5CVSS7.3AI score0.01321EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/11/02 12:0 a.m.28 views

F5 Networks BIG-IP : TMM with HTTP/2 vulnerability (K45320419)

Maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue. CVE-2018-5514 Impact The BIG-IP system may temporarily fail to process traffic as it...

7.5CVSS7.3AI score0.03965EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/11/02 12:0 a.m.290 views

F5 Networks BIG-IP : Side-channel processor vulnerabilities (K91229003)

The following three side-channel attacks were publicly disclosed on January 3, 2018 : CVE-2017-5715 Spectre-BTB previously known as Spectre Variant 2 Branch target injection Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosu...

5.6CVSS7.7AI score0.93838EPSS
Exploits13References4
Arista
Arista
added 2018/08/06 12:0 a.m.102 views

Security Advisory 0036

Security Advisory 0036 . CSAF PDF Date: August 6th, 2018 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | August 6, 2018 | Initial Release Vulnerability assessment of CVE-2018-5390 for Arista Products CVSS v2: 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C On August 6th, 2018, information was released...

7.8CVSS6.6AI score0.7354EPSS
Exploits0Affected Software1
Akamai Blog
Akamai Blog
added 2018/06/12 1:0 p.m.57 views

Remote access in a software defined world

When I first ventured into technology, I wish someone gave me a heads-up about the bevy of acronyms to remember. It feels like every day a new acronym related to technology is formed. It's hard enough remembering names within my family. During Thanksgiving with a full house, I struggle to remembe...

7.3AI score
Exploits0
OSV
OSV
added 2018/06/01 2:29 p.m.3 views

CVE-2018-5513

On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impact...

7.5CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2018/05/02 1:29 p.m.5 views

CVE-2018-5517

On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs...

7.5CVSS5.8AI score0.01776EPSS
Exploits0References2
OSV
OSV
added 2018/04/13 1:29 p.m.5 views

CVE-2017-6148

Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server. The control plane i...

7.5CVSS5.8AI score0.01321EPSS
Exploits0References1
OSV
OSV
added 2018/03/22 6:29 p.m.6 views

CVE-2018-5502

On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client...

7.5CVSS5.8AI score0.014EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/02/28 12:0 a.m.20 views

Arista Networks EOS Control Plane Packet Handling DoS (SA0025)

The version of Arista Networks EOS running on the remote device is affected by a denial of service vulnerability due to an unspecified flaw when handling certain packets sent to the control plane. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause the...

7.8CVSS7.4AI score0.01702EPSS
Exploits0References2
Prion
Prion
added 2018/01/10 10:29 p.m.22 views

Design/Logic Flaw

A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption denial of service condition in the Junos OS register and schedule software interrupt handler subsystem when a specific command is issued to the device. This affects one or more threads and...

7.1CVSS6.4AI score0.01246EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/09/19 12:0 a.m.84 views

F5 Networks BIG-IP : Expat vulnerability (K52320548)

An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user...

9.8CVSS8.3AI score0.13802EPSS
Exploits3References2
Kitploit
Kitploit
added 2017/09/02 9:23 p.m.15 views

sdnpwn - An SDN Penetration Testing Toolkit

The Open Networking Foundation defines SDN as “The physical separation of the network control plane from the forwarding plane, and where a control plane controls several devices”. What this means is that the decision making which would traditionally be performed by a router or a switch i.e...

7AI score
Exploits0References1
ThreatPost
ThreatPost
added 2017/08/09 2:47 p.m.17 views

Mystery Company Offers $250,000 Bounty for VM Escape Vulnerabilities

An unnamed company will start an eight-week, invite-only bug bounty program in September that offers a $250,000 payout for virtual-machine escape vulnerabilities tied to an unreleased product. Bugcrowd announced the program today, and said the high-priced bounty is the largest advertised bounty o...

7.7AI score
Exploits0References6
Rows per page
Query Builder