324 matches found
CVE-2024-21763
CVE-2024-21763 affects BIG-IP AFM (part of BIG-IP) where when DoS or a DoS profile is configured with NXDOMAIN attack vectors and bad-actor detection, undisclosed queries can trigger a crash of the Traffic Management Microkernel (TMM), causing a DoS condition. The primary published details indica...
CVE-2024-21771 F5 AFM Signature Matching Vulnerability
For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel TMM restarting and traffic disruption. Note: Software versions which have reached End of Technical Support EoTS are no...
CVE-2024-21771
CVE-2024-21771 affects BIG-IP AFM where the IPS engine may spend excessive time matching traffic against signatures for unspecified traffic patterns, causing TMM to restart and traffic disruption. Public documents confirm impacted product is BIG-IP AFM with IPS/VPN features enabled under Protocol...
K000137521: BIG-IP AFM vulnerability CVE-2024-21763
Security Advisory Description When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel TMM to terminate. CVE-2024-21763 Impact Traffic is disrupted while the TMM process restarts...
K000137595: BIG-IP AFM signature matching vulnerability CVE-2024-21771
Security Advisory Description For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel TMM restarting and traffic disruption. CVE-2024-21771 Impact When attackers exploit this...
F5 Networks BIG-IP : BIG-IP AFM vulnerability (K000137521)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000137521 advisory. When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queri...
F5 BIG-IP AFM Code Issue Vulnerability
F5 BIG-IP AFM is an advanced firewall product from F5 USA for protection against DDos attacks. A security vulnerability exists in the F5 BIG-IP AFM that stems from an undisclosed query that could cause the Traffic Management Microkernel TMM to terminate when the BIG-IP AFM appliance DoS or DoS...
[SECURITY] Fedora 39 Update: fonttools-4.43.1-1.fc39
fontTools is a library for manipulating fonts, written in Python. The project includes the TTX tool, that can convert TrueType and OpenType fonts to and from an XML text format, which is also called TTX. It supports TrueType, OpenType, AFM and to an extent Type 1 and some Mac-specific formats...
Fedora: Security Advisory (FEDORA-2024-6d1d9f70d2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
F5 Networks BIG-IP : BIG-IP AFM vulnerability (K14703097)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.3.2 / 14.1.2.1 / 15.0.1.1 / 15.1.0. It is, therefore, affected by a vulnerability as referenced in the K14703097 advisory. - On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is...
F5 BIG-IP AFM Security Vulnerability
F5 BIG-IP AFM is an advanced firewall product from F5 USA for protection against DDos attacks. A security vulnerability exists in the F5 BIG-IP AFM Clients that stems from a vulnerability that allows an attacker to trick clients into sending IP traffic outside of the VPN tunnel...
F5 Networks BIG-IP : BIG-IP AFM vulnerability (K46048342)
The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3 / 15.1.8 / 16.1.3.3 / 17.0.0.2 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K46048342 advisory. - On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8,...
K30425568: Overview of F5 vulnerabilities (October 2022)
Security Advisory Description On October 19, 2022, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associate...
K22843911: F5 Path MTU Discovery vulnerability CVE-2015-7759
Security Advisory Description BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1, when the TCP profile for a virtual server is configured with Congestion Metrics Cache enabled, allow remote attackers to cause a denial of service Traffic Management Microkernel TM...
K14703097: BIG-IP AFM vulnerability CVE-2019-6672
Security Advisory Description When bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded. CVE-2019-6672 Impact The affected BIG-IP AFM system's CPU usage increases and may cause the legitimate...
K94255403: BIG-IP AFM vulnerability CVE-2021-23040
Security Advisory Description A SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This issue is exposed only when BIG-IP AFM is provisioned. CVE-2021-23040 Impact An authenticated attacker can exploit this vulnerability to execute malicious SQL...
K16349: Linux kernel vulnerability CVE-2009-0676
Security Advisory Description Description The sockgetsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SOBSDCOMPAT getsockopt reques...
K05204103: F5 TMM vulnerability CVE-2020-5950
Security Advisory Description An early syncookie leaks forwarding flows if the virtual server has Clustered Multiprocessing CMP disabled and the BIG-IP AFM module is provisioned. CVE-2020-5950 Impact The BIG-IP system resources may be excessively consumed and potentially lead to a failover event...
K12650: PHP vulnerability CVE-2010-4645
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...
K61002104: BIG-IP AFM and PEM TMUI XSS vulnerability CVE-2019-6639
Security Advisory Description Undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting XSS issue. This is a control plane issue only and is not accessible from the data plane. The attack requires a malicious resource administrator to store the...