Lucene search
K

612 matches found

Tenable Nessus
Tenable Nessus
added 2018/11/02 12:0 a.m.290 views

F5 Networks BIG-IP : Side-channel processor vulnerabilities (K91229003)

The following three side-channel attacks were publicly disclosed on January 3, 2018 : CVE-2017-5715 Spectre-BTB previously known as Spectre Variant 2 Branch target injection Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosu...

5.6CVSS7.7AI score0.93838EPSS
Exploits13References4
Tenable Nessus
Tenable Nessus
added 2018/11/02 12:0 a.m.28 views

F5 Networks BIG-IP : TMM with HTTP/2 vulnerability (K45320419)

Maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue. CVE-2018-5514 Impact The BIG-IP system may temporarily fail to process traffic as it...

7.5CVSS7.3AI score0.04016EPSS
Exploits0References2
Arista
Arista
added 2018/08/06 12:0 a.m.102 views

Security Advisory 0036

Security Advisory 0036 . CSAF PDF Date: August 6th, 2018 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | August 6, 2018 | Initial Release Vulnerability assessment of CVE-2018-5390 for Arista Products CVSS v2: 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C On August 6th, 2018, information was released...

7.8CVSS6.6AI score0.7354EPSS
Exploits0Affected Software1
Akamai Blog
Akamai Blog
added 2018/06/12 1:0 p.m.57 views

Remote access in a software defined world

When I first ventured into technology, I wish someone gave me a heads-up about the bevy of acronyms to remember. It feels like every day a new acronym related to technology is formed. It's hard enough remembering names within my family. During Thanksgiving with a full house, I struggle to remembe...

7.3AI score
Exploits0
OSV
OSV
added 2018/06/01 2:29 p.m.3 views

CVE-2018-5513

On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impact...

7.5CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2018/05/02 1:29 p.m.5 views

CVE-2018-5517

On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs...

7.5CVSS5.8AI score0.01799EPSS
Exploits0References2
OSV
OSV
added 2018/04/13 1:29 p.m.5 views

CVE-2017-6148

Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server. The control plane i...

7.5CVSS5.8AI score0.01321EPSS
Exploits0References1
OSV
OSV
added 2018/03/22 6:29 p.m.3 views

CVE-2018-5502

On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client...

7.5CVSS5.8AI score0.014EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/02/28 12:0 a.m.20 views

Arista Networks EOS Control Plane Packet Handling DoS (SA0025)

The version of Arista Networks EOS running on the remote device is affected by a denial of service vulnerability due to an unspecified flaw when handling certain packets sent to the control plane. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause the...

7.8CVSS7.4AI score0.01702EPSS
Exploits0References2
Prion
Prion
added 2018/01/10 10:29 p.m.22 views

Design/Logic Flaw

A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption denial of service condition in the Junos OS register and schedule software interrupt handler subsystem when a specific command is issued to the device. This affects one or more threads and...

7.1CVSS6.4AI score0.01246EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/09/19 12:0 a.m.84 views

F5 Networks BIG-IP : Expat vulnerability (K52320548)

An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user...

9.8CVSS8.3AI score0.13335EPSS
Exploits3References2
Kitploit
Kitploit
added 2017/09/02 9:23 p.m.15 views

sdnpwn - An SDN Penetration Testing Toolkit

The Open Networking Foundation defines SDN as “The physical separation of the network control plane from the forwarding plane, and where a control plane controls several devices”. What this means is that the decision making which would traditionally be performed by a router or a switch i.e...

7AI score
Exploits0References1
ThreatPost
ThreatPost
added 2017/08/09 2:47 p.m.17 views

Mystery Company Offers $250,000 Bounty for VM Escape Vulnerabilities

An unnamed company will start an eight-week, invite-only bug bounty program in September that offers a $250,000 payout for virtual-machine escape vulnerabilities tied to an unreleased product. Bugcrowd announced the program today, and said the high-priced bounty is the largest advertised bounty o...

7.7AI score
Exploits0References6
OSV
OSV
added 2017/08/07 6:29 a.m.4 views

CVE-2017-6665

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane ACP of an affected system and view ACP packets that are transferred in clear text within an affected system, a...

6.5CVSS5.8AI score0.0043EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2017/07/26 12:0 a.m.3 views

PT-2017-2629 · Cisco · Cisco Ios Xe +1

Name of the Vulnerable Software and Affected Versions: Cisco IOS Software and Cisco IOS XE Software versions Denali-16.2.1 through Denali-16.3.1 Description: A vulnerability in the Autonomic Networking feature could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affect...

6.5CVSS7.1AI score0.02135EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2017/07/26 12:0 a.m.4 views

PT-2017-17227 · Cisco · Cisco Ios Xe +1

Name of the Vulnerable Software and Affected Versions: Cisco IOS Software and Cisco IOS XE Software versions Denali-16.2.1 through Denali-16.3.1 Description: A vulnerability in the Autonomic Networking feature could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane...

6.5CVSS6.5AI score0.0043EPSS
Exploits0References5
Prion
Prion
added 2017/05/10 2:29 p.m.31 views

Design/Logic Flaw

In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism...

5CVSS7.2AI score0.00902EPSS
Exploits0References1Affected Software14
OSV
OSV
added 2017/05/10 2:29 p.m.4 views

CVE-2016-9250

In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism...

7.5CVSS5.8AI score0.00902EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/05/10 2:0 p.m.28 views

CVE-2016-9250

In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism...

7.6AI score0.00902EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/04/19 12:0 a.m.67 views

F5 Networks BIG-IP : Linux kernel vulnerability (K60104355)

The ipv4pktinfoprepare function in net/ipv4/ipsockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service system crash via 1 an application that makes crafted system calls or possibly 2 IPv4 traffic with invalid IP options. CVE-2017-5970 Impact This vulnerability ma...

7.5CVSS7.5AI score0.03915EPSS
Exploits0References2
Rows per page
Query Builder