Lucene search
+L

324 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:59 p.m.20 views

K58290051: BIG-IP AFM vulnerability CVE-2020-5937

Security Advisory Description The Traffic Management Microkernel TMM may produce a core file while processing layer 4 L4 behavioral denial-of-service DoS traffic. CVE-2020-5937 Impact The BIG-IP system may temporarily fail to process traffic as it recovers from a TMM restart, and devices configur...

7.5CVSS7.4AI score0.01258EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:59 p.m.13 views

K72423000: The BIG-IP AFM ACL and IPI features may not function as designed

Security Advisory Description This issue occurs when all of the following conditions are met: You have provisioned and configured the BIG-IP AFM module. Your system has active TCP half-open mitigations. Impact Some BIG-IP AFM features like access control lists ACLs and IP Intelligence IPI are not...

6.7AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:58 p.m.40 views

K25160703: BIG-IP AFM vulnerability CVE-2020-5920

Security Advisory Description A vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to perform a read-only blind SQL injection attack. CVE-2020-5920 Impact An attacker may be able to extract table name enumeration and user account names. All other data...

4.3CVSS5.5AI score0.00859EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:55 p.m.20 views

K60344652: BIG-IP AFM vulnerability CVE-2020-27714

Security Advisory Description On the BIG-IP AFM, when a Protocol Inspection Profile is attached to a FastL4 virtual server with the protocol field configured to either Other or All Protocols, the TMM may experience a restart if the profile processes non-TCP traffic. CVE-2020-27714 Impact The...

7.5CVSS7.4AI score0.01002EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.28 views

K92306170: BIG-IP AFM single endpoint flood/sweep DoS vector security exposure

Security Advisory Description BIG-IP AFM single endpoint sweep and single endpoint flood DoS vector configuration states are unexpectedly disabled after updating/upgrading software to BIG-IP 14.1.0 and later. This issue occurs when all of the following conditions are met: You updated/upgraded you...

6.7AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.50 views

K25451853: TMUI XSS vulnerability CVE-2022-28716

Security Advisory Description A DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2022-28716 Impact An attacker ma...

8.8CVSS7.3AI score0.00711EPSS
Exploits0Affected Software3
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.38 views

K16101409: BIG-IP AFM vulnerability CVE-2022-23028

Security Advisory Description When global AFM SYN cookie protection TCP Half Open flood vector is activated in the AFM Device Dos or DOS profile, certain types of TCP connections will fail. CVE-2022-23028 Impact This vulnerability allows a remote attacker to cause a denial-of-service DoS on the...

5.3CVSS5.4AI score0.00889EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:48 p.m.36 views

K24358905: BIG-IP AFM virtual server vulnerability CVE-2022-23018

Security Advisory Description When a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23018 Impact Traffic is disrupted while the TMM process restarts. This...

7.5CVSS7.6AI score0.0092EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:48 p.m.34 views

K20682450: BIG-IP AFM vulnerability CVE-2017-6142

Security Advisory Description X509 certificate verification was not correctly implemented in the early access "user id" feature in the BIG-IP Advanced Firewall Manager, and thus did not properly validate the remote server's identity on certain versions of BIG-IP. CVE-2017-6142 Impact In affected...

5.8CVSS5AI score0.00401EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:46 p.m.31 views

K00721320: BIG-IP AFM NAT64 policy vulnerability CVE-2022-41806

Security Advisory Description When a BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2022-41806 Impact System performance can degrade until the TMM...

7.5CVSS7.5AI score0.00616EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:46 p.m.23 views

K54892865: BIG-IP AFM vulnerability CVE-2022-23024

Security Advisory Description When the IPsec application layer gateway ALG logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23024 Impact Traffic is disrupted while the TMM process...

7.5CVSS7.4AI score0.00904EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:45 p.m.24 views

K76518456: BIG-IP AFM vulnerability CVE-2021-22983

Security Advisory Description Authenticated users accessing the Configuration utility for AFM are vulnerable to a cross-site scripting attack if they attempt to access a maliciously-crafted URL. CVE-2021-22983 Impact BIG-IP When you access the BIG-IP system using a client that has the BIG-IP AFM...

5.4CVSS5.8AI score0.00492EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:45 p.m.30 views

K95010813: The BIG-IP AFM policy does not classify a DNS query name with a label length greater than 23 bytes

Security Advisory Description The BIG-IP AFM policy does not classify a DNS query name with a label length greater than 23 bytes. This issue occurs when all of the following conditions are met: You configure a port misuse policy for DNS and a service policy on the BIG-IP AFM system. The...

6.7AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.38 views

K21121741: BIG-IP AFM SQL injection vulnerability CVE-2019-6658

Security Advisory Description A vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack. CVE-2019-6658 Impact An attacker may be able to extract table name enumeration and user account names. All other data available through the...

4.3CVSS5.5AI score0.00686EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.46 views

K39428424: SQL injection vulnerability CVE-2017-0304

Security Advisory Description The SQL injection vulnerability in the Configuration utility is related to the BIG-IP AFM system. CVE-2017-0304 Impact An attacker can exploit this vulnerability regardless of the BIG-IP AFM provisioning configuration; however, exploiting this vulnerability does not...

5.5CVSS6.1AI score0.0099EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.50 views

K93723284: BIG-IP PEM and AFM TMUI, TMSH, and iControl REST vulnerability CVE-2022-41813

Security Advisory Description When the BIG-IP system is provisioned with the PEM or AFM module, an undisclosed input can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-41813 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote...

6.5CVSS6.5AI score0.00595EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
added 2023/02/21 6:30 p.m.39 views

K16882: OpenLDAP vulnerability CVE-2013-4449

Security Advisory Description Description The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service slapd crash by unbinding immediately after a search request, which triggers rwmconndestroy to free the...

4.3CVSS5.3AI score0.10913EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:11 p.m.26 views

K15746: Linux kernel vulnerability CVE-2012-4542

Security Advisory Description Description block/scsiioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SGIO ioctl call that leverages overlapping...

4.6CVSS8AI score0.00349EPSS
Exploits0Affected Software17
F5 Networks
F5 Networks
added 2023/02/21 6:10 p.m.36 views

K16318: OpenSSL vulnerability CVE-2015-0287

Security Advisory Description The ASN1itemexd2i function in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service invalid wri...

5CVSS6.8AI score0.0837EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:58 a.m.5 views

SUSE CVE-2010-2642

Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted font in conjunctio...

7.6CVSS8.1AI score0.1427EPSS
Exploits0References8
Rows per page
Query Builder