170 matches found
CVE-2022-23030
CVE-2022-23030 affects BIG-IP VE when using the ixlv driver in SR-IOV mode with Intel X710/XL710/XXV710 adapters and TCP Segmentation Offload enabled. Undisclosed requests may cause increased CPU utilization, degrading performance and potentially leading to DoS. Exploitation details are not provi...
CVE-2022-23026
CVE-2022-23026 affects F5 BIG-IP ASM and Advanced WAF (REST API endpoint). An authenticated user with low privileges (e.g., guest) can upload data via an undisclosed REST endpoint, causing increased disk resource utilization. This is a control-plane issue with no data-plane exposure. According to...
CVE-2022-23015
CVE-2022-23015 affects BIG-IP: memory resource utilization increased when a Client SSL profile on a virtual server uses Client Certificate Authentication (request/require) with Session Ticket enabled. Affected: BIG-IP 16.x before 16.1.0; 15.1.x before 15.1.4.1; 14.1.2.6–14.1.4.4. Remediation/miti...
F5 Networks BIG-IP : BIG-IP ASM and Advanced WAF REST API endpoint vulnerability (K08402414)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.5 / 15.1.4.1 / 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K08402414 advisory. - On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1,...
F5 Networks BIG-IP : BIG-IP VE vulnerability (K53442005)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.5 / 15.1.4.1 / 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K53442005 advisory. - On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and...
F5 Networks BIG-IP : BIG-IP FastL4 profile vulnerability (K50343028)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.4 / 15.1.4.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K50343028 advisory. - On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all...
F5 Networks BIG-IP : BIG-IP MRF Diameter vulnerability (K82793463)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.4 / 15.1.4.1 / 16.1.2. It is, therefore, affected by a vulnerability as referenced in the K82793463 advisory. - On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and al...
F5 Networks BIG-IP : iControl REST vulnerability (K11742742)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.5 / 15.1.5 / 16.1.2.1 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K11742742 advisory. Undisclosed requests by an authenticated iControl REST user can cause an increase in...
What is IAM (Identity and Access Management) ❓
Would you like to leave your locker open, with valuables inside, while you’re leaving town or going to sleep? Of course not, as doing so is a foolish act and is like sending invitations to the buglers. Similarly, one shouldn’t leave its database and information center open for all. This will lead...
CVE-2021-23042
On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, and 12.1.x before 12.1.6, when an HTTP profile is configured on a virtual server, undisclosed requests can cause a significant increase in system resource utilization. Note: Software versio...
Code injection
On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, and 12.1.x before 12.1.6, when an HTTP profile is configured on a virtual server, undisclosed requests can cause a significant increase in system resource utilization. Note: Software versio...
CVE-2021-23042
CVE-2021-23042 affects BIG-IP when an HTTP profile is configured on a virtual server, causing undisclosed requests to significantly increase system resource utilization. Affected versions are BIG-IP 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, and 12.1...
F5 Networks BIG-IP : BIG-IP HTTP vulnerability (K93231374)
The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.6 / 13.1.4 / 14.1.4 / 15.1.3 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K93231374 advisory. - On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before...
How to monitor xenserver resource utilization on Citrix ADC
How to monitor xenserver resource utilization on Citrix ADC...
GitLab Denial of Service Vulnerability (CNVD-2021-25684)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. GitLab has a security vulnerability in versions after...
CVE-2021-22177
Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command...
CVE-2021-22177
Removed by vendor...
How the Edge Improves Microservices
Microservice architecture has transformed the way we develop and operate our applications. Microservices aren't a technology or a programming language. Instead, they create a structure for designing and building applications based on the idea that the individual functions of a website should...
Managing Thousands of users in Hundreds of branches with a few clicks
We live in a global business world. Almost on a daily basis, we see organizations expanding rapidly across geographies. While businesses in every industry can have international sites, some verticals like banking, finance, education, and retail are more apt to have corporate offices in multiple...
Anti-Malware & Brute-Force Security by ELI <= 4.15.22 - Stored XSS
The Anti-Malware and Brute-Force Security by ELI has two issues which we will cover in this report. The first is that no nonce CSRF token is utilized on the settings screen. This could potentially result in resource utilization by performing a large number of scans simultaneously, should an...