F5 Networks BIG-IP : BIG-IP Advanced WAF and ASM vulnerability (K000160727)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000160727 advisory. When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed...

Astra Linux - уязвимость в nasm

In Netwide Assembler NASM 2.15rc10, the SEGV condition can be triggered in toktext within asm/preproc.c by accessing the READ memory...

PT-2026-40643

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the ...

Astra Linux - уязвимость в nasm

A stack-use-after-scope issue discovered in expandmmacparams function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file...

Astra Linux - уязвимость в nasm

Buffer Overflow vulnerability in hashfindi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file...

JLSEC-2026-202

Buffer overflow vulnerability in quoteforpmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file...

CVE-2026-6067 CVE-2026-6067

A heap buffer overflow vulnerability exists in the Netwide Assembler NASM due to a lack of bounds checking in the objdirective function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service crash, and...

Unsoundness in opt-in ARMv8 assembly backend for `keccak`

Summary The asm! block enabled by the off-by-default asm feature, when enabled on ARMv8 targets, misspecified the operand type for all of its operands, using in for pointers and values which were subsequently mutated by operations performed within the assembly block. Impact It's unclear what...

CVE-2026-22548

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

F5 Networks BIG-IP : BIG-IP Advanced WAF and ASM vulnerability (K000158072)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3. It is, therefore, affected by a vulnerability as referenced in the K000158072 advisory. When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with condition...

CVE-2026-22548 BIG-IP Advanced WAF and ASM vulnerability

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

EUVD-2026-5490

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2021-22993

On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software Development EoSD are no...

CVE-2022-23026

On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource...

cargo-asm crate is unmaintained

The cargo-asm crate is deprecated and no longer actively maintained. If you rely on this crate, consider switching to a recommended alternative. Recommended alternatives - cargo-show-asm...

RUSTSEC-2025-0122 cargo-asm crate is unmaintained

The cargo-asm crate is deprecated and no longer actively maintained. If you rely on this crate, consider switching to a recommended alternative. Recommended alternatives - cargo-show-asm...

CVE-2025-61938

When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly. Note: Software versions which have...

CVE-2025-54858 BIG-IP Advanced WAF and ASM vulnerability

When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End o...

CVE-2025-61938 BIG-IP Advanced WAF and ASM bd process vulnerability

When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly. Note: Software versions which have...

EUVD-2020-27068

Malware in sbrugna...