CVE-2022-23026

CVE-2022-23026 affects F5 BIG-IP ASM and Advanced WAF (REST API endpoint). An authenticated user with low privileges (e.g., guest) can upload data via an undisclosed REST endpoint, causing increased disk resource utilization. This is a control-plane issue with no data-plane exposure. According to...

The right ASM tools include understanding where the real risk lies

While companies are just scratching the surface of understanding their Internet-facing architecture, hackers have been monitoring growing attack surfaces to find vulnerabilities where companies arent looking or maybe not prioritizing and reaping the reward through bug bounty programs...

F5 Networks BIG-IP : BIG-IP ASM and Advanced WAF REST API endpoint vulnerability (K08402414)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.5 / 15.1.4.1 / 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K08402414 advisory. - On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1,...

Unbreakable Enterprise kernel-container security update

4.14.35-2047.510.5.2 - xfs: map unwritten blocks in XFSIOCALLOC,FREESP just like fallocate Darrick J. Wong Orabug: 33722441 CVE-2021-4155 4.14.35-2047.510.5.1 - fget: check that the fd still exists after getting a ref to it Linus Torvalds Orabug: 33679805 CVE-2021-0920 - fs: add fgetmany and...

DEBIAN-CVE-2021-45256

A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c...

CVE-2021-45256

A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c...

CVE-2021-45256

CVE-2021-45256 affects nasm 2.16rc0, with the vulnerability located in asm/preproc.c where a null pointer dereference occurs. The declared impact in public sources indicates a denial of service via a crash when exploited locally. Public documents do not provide exploit details, affected version r...

CVE-2021-45256

A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Netcool Agile Service Manager. IBM Netcool Agile Service Manager has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE...

Unbreakable Enterprise kernel security update

4.1.12-124.57.1 - target; fix print statement warning John Donnelly Orabug: 33495661 - enic;: fix warning on moduleparam disablevlan0, John Donnelly Orabug: 33495661 - bnx2fc: correct BNX2FCTMTIMEOUT to be 60 sec John Donnelly Orabug: 33495661 - target: Fix linux-4.1.y specific compile warning...

CVE-2021-23029

On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery SSRF attacks through F5 Advanced Web Application Firewall WAF and the BIG-IP ASM Configuration utility. Note: Software versions which have...

Server side request forgery (ssrf)

On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery SSRF attacks through F5 Advanced Web Application Firewall WAF and the BIG-IP ASM Configuration utility. Note: Software versions which have...

CVE-2021-23029

On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery SSRF attacks through F5 Advanced Web Application Firewall WAF and the BIG-IP ASM Configuration utility. Note: Software versions which have...

CVE-2021-23029

CVE-2021-23029 affects BIG-IP Advanced WAF and ASM TMUI. Insufficient permission checks may allow authenticated users with guest privileges to perform SSRF via the TMUI/ASM configuration utility. Affected versions include 16.0.x before 16.0.1.2; fixed in 16.0.1.2 and 16.1.0+ per F5 advisories. Re...

CVE-2021-23030

On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software...

CVE-2021-23028

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall WAF/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests m...

Code injection

On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software...

CVE-2021-23028

Summary: CVE-2021-23028 affects F5 BIG-IP Advanced WAF and ASM. When JSON content profiles are configured for URLs in an AWAF/ASM security policy and applied to a virtual server, undisclosed requests can cause the BIG-IP ASM bd process to terminate, resulting in a denial of service to the data pl...

CVE-2021-23028

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall WAF/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests m...

CVE-2021-23030

CVE-2021-23030 affects BIG-IP Advanced WAF/ASM: when a WebSocket profile is configured on a virtual server, undisclosed requests can cause the bd process to terminate, causing DoS. Affected versions include 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1...