K16318: OpenSSL vulnerability CVE-2015-0287

Security Advisory Description The ASN1itemexd2i function in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service invalid wri...

K41351250: BIG-IP Advanced WAF and BIG-IP ASM vulnerability CVE-2021-23031

Security Advisory Description An authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. CVE-2021-23031 Impact When this vulnerability is exploited, an authenticated attacker with access to the Configuration utility can execute arbitrary...

SUSE CVE-2017-17812

In Netwide Assembler NASM 2.14rc0, there is a heap-based buffer over-read in the function detoken in asm/preproc.c that will cause a remote denial of service attack...

SUSE CVE-2018-8881

Netwide Assembler NASM 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string...

SUSE CVE-2018-10016

Netwide Assembler NASM 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file...

SUSE CVE-2018-19216

Netwide Assembler NASM before 2.13.02 has a use-after-free in detoken at asm/preproc.c...

SUSE CVE-2019-20334

In Netwide Assembler NASM 2.14.02, stack consumption occurs in expr functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 and stdscan in asm/stdscan.c. This is similar to CVE-2019-6290 and CVE-2019-6291...

SUSE CVE-2020-24978

In NASM 2.15.04rc3, there is a double-free vulnerability in pptokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7...

SUSE CVE-2021-45256

A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c...

CVE-2023-23552

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource...

CVE-2023-23552

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource...

CVE-2023-23552

CVE-2023-23552 affects BIG-IP Advanced WAF (AWAF) and ASM when configured on a virtual server; undisclosed requests can cause memory resource utilization leading to potential DoS. Affected: 17.0.x < 17.0.0.2, 16.1.x < 16.1.3.3, 15.1.0 < 15.1.8, 14.1.x

CVE-2023-23552 BIG-IP Advanced WAF and ASM vulnerability

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource...

K000130496: Overview of F5 vulnerabilities (February 2023)

Security Advisory Description On February 1, 2023, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associate...

K17542533: BIG-IP Advanced WAF and ASM vulnerability CVE-2023-23552

Security Advisory Description When a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2023-23552 Impact System performance can degrade until the Traffic Management Microkernel TMM...

F5 BIG-IP AWAF and ASM Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in F5 BIG-IP AWAF and ASM, where when a BIG-IP Advanced WAF or BIG-IP ASM security...

PT-2023-19034 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions 13.1.x F5 BIG-IP versions 14.1.x through 14.1.5.3 F5 BIG-IP versions 15.1.0 through 15.1.8 F5 BIG-IP versions 16.1.x through 16.1.3.3 F5 BIG-IP versions 17.0.x through 17.0.0.2 Description: When a BIG-IP Advanced WAF or...

CVE-2022-47967

A vulnerability has been identified in Solid Edge All versions V2023 MP1. The DOCMGMT.DLL contains a memory corruption vulnerability that could be triggered while parsing files in different file formats such as PAR, ASM, DFT. This could allow an attacker to execute code in the context of the...

Memory corruption

A vulnerability has been identified in Solid Edge All versions V2023 MP1. The DOCMGMT.DLL contains a memory corruption vulnerability that could be triggered while parsing files in different file formats such as PAR, ASM, DFT. This could allow an attacker to execute code in the context of the...

K14317: OpenSSH J-PAKE vulnerability CVE-2010-4478

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate. F5 products do not include J-PAKE in the OpenSSH programs a...