788 matches found
CVE-2024-23308
CVE-2024-23308 affects BIG-IP Advanced WAF/ASM: when a policy with a Request Body Handling option is attached to a virtual server, certain requests can trigger a NULL dereference in the BD process, causing DoS by remote unauthenticated access. Impact is Denial of Service to traffic handling (data...
CVE-2024-23308 BIG-IP Advanced WAF and ASM vulnerability
When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed U...
CVE-2024-23308 BIG-IP Advanced WAF and ASM vulnerability
When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed U...
CVE-2024-21849 BIG-IP Websockets vulnerability
When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-21849
CVE-2024-21849 affects BIG-IP with Advanced WAF/ASM configured and a Websockets profile on a virtual server. The underlying issue is that undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate, leading to a DoS condition. The vulnerability is documented as affecting B...
K000137334: F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability CVE-2024-23805
Security Advisory Description Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and th...
K000137270: BIG-IP Advanced WAF and BIG-IP ASM vulnerability CVE-2024-21789
Security Advisory Description When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2024-21789 Impact System performance can degrade until the bd process is either forced to restart or is...
K000137416: BIG-IP Advanced WAF and BIG-IP ASM vulnerability CVE-2024-23308
Security Advisory Description When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based...
K000138047: BIG-IP Advanced WAF and BIG-IP ASM Configuration utility vulnerability CVE-2024-23603
Security Advisory Description A SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. CVE-2024-23603 Impact A highly privileged authenticated attacker can exploit this vulnerability to execute malicious SQL statements through the BIG-IP Configuration...
F5 Networks BIG-IP : BIG-IP Websockets vulnerability (K000135873)
The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K000135873 advisory. - When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed...
F5 Networks BIG-IP : BIG-IP Advanced WAF and BIG-IP ASM vulnerability (K000137416)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000137416 advisory. - When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server,...
F5 Networks BIG-IP : F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability (K000137334)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000137334 advisory. - Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. For the Application...
PT-2024-19799 · F5 · Big-Ip
Name of the Vulnerable Software and Affected Versions: BIG-IP affected versions not specified Description: When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition...
F5 Networks BIG-IP : BIG-IP Advanced WAF and BIG-IP ASM Configuration utility vulnerability (K000138047)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000138047 advisory. A SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration...
F5 Networks BIG-IP : BIG-IP Advanced WAF and BIG-IP ASM and vulnerability (K000137270)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000137270 advisory. - When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase...
CVE-2023-33064
Transient DOS in Audio when invoking callback function of ASM driver...
Design/Logic Flaw
Transient DOS in Audio when invoking callback function of ASM driver...
CVE-2023-33064
CVE-2023-33064 is described as a Transient DoS in Audio when invoking the callback function of the ASM driver (Qualcomm chipsets). The vulnerability affects the Audio component via the ASM driver callback path and has a CVSS 3.1 base score of 5.5 (Local, Low Privileges, Low Auth, High Impact on A...
PT-2024-12389 · Unknown · Asm Driver
Name of the Vulnerable Software and Affected Versions: ASM driver affected versions not specified Description: The issue is related to a Transient Denial of Service DOS in the Audio component when the callback function of the ASM driver is invoked. This can potentially cause disruptions in audio...
asm-online.de Cross Site Scripting vulnerability OBB-3830964
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...