788 matches found
Privilege escalation
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note: Software versions which...
CVE-2021-23033
On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 16.1.0x, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software version...
CVE-2021-23031
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note: Software versions which...
CVE-2021-23036
CVE-2021-23036 affects F5 BIG-IP TMM when BIG-IP ASM and DataSafe are configured on a virtual server; undisclosed requests can crash TMM, causing DoS. Affected 16.0.x likely until 16.0.1.2; fixes are in 16.0.1.2 and 16.1.0 per advisory K05043394. Remediation: upgrade to a version with the fix (16...
CVE-2021-23033
CVE-2021-23033 affects BIG-IP Advanced WAF and BIG-IP ASM WebSocket processing. When a WebSocket profile is configured on a virtual server, undisclosed requests can cause the bd process to terminate, resulting in DoS. Affected software/branches include BIG-IP AWAF/ASM 16.x before 16.1.0x, 15.1.x ...
CVE-2021-23050
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery CSRF-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to...
CVE-2021-23053
On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to...
CVE-2021-23053
On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to...
Design/Logic Flaw
On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to...
CVE-2021-23050
CVE-2021-23050 affects BIG-IP Advanced WAF and BIG-IP ASM (and related NGINX App Protect) when a CSRF-enabled policy on a virtual server is configured. The vulnerability can cause the bd process to terminate due to an undisclosed HTML response, leading to DoS as described in vendor advisories. Af...
CVE-2021-23050
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery CSRF-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to...
CVE-2021-23053
Summary (CVE-2021-23053): The vulnerability affects BIG-IP with Advanced WAF/ASM brute-force protection enabled on a virtual server. Under a brute-force attack, the MySQL database may exhaust disk space due to the absence of a row limit on undisclosed tables. Affected versions: BIG-IP 15.1.x befo...
EulerOS 2.0 SP2 : nasm (EulerOS-SA-2021-2410)
According to the version of the nasm package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Netwide Assembler NASM 2.13.02rc2 has a buffer over-read in the parseline function in asm/parser.c via uncontrolled access to nasmregflags.CVE-2018-88...
F5 BIG IP Advanced WAF and ASM Denial of Service Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. The F5 BIG IP Advanced WAF and ASM denial of service vulnerability causes a specific html return page can cause the bd proces...
F5 BIG-IP Advanced WAF and ASM are unspecified vulnerabilities
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A security vulnerability exists in F5 BIG-IP Advanced WAF and ASM due to a JSON content profile referenced in an AWAF/ASM...
F5 BIG-IP Advanced WAF and ASM WebSocket Denial of Service Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in the F5 BIG-IP Advanced WAF and ASM WebSocket, which originates from the BIG-IP...
F5 BIG-IP Advanced WAF and ASM MySQL database denial of service vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. The F5 BIG-IP Advanced WAF and ASM MySQL database denial of service vulnerability is associated with a policy on Virtul Serve...
F5 BIG-IP Advanced WAF and ASM WebSocket Denial of Service Vulnerability (CNVD-2021-65633)
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. When a Websocket profile is configured on the Virtual server of BIG-IP AWAF/ASM, undisclosed requests may cause the BD proces...
F5 BIG-IP Advanced WAF and ASM TMUI server-side request forgery vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A security vulnerability exists in the F5 BIG-IP Advanced WAF and ASM TMUI, which could be exploited by an attacker with...
F5 BIG-IP Advanced WAF and ASM TMUI is vulnerable to unspecified vulnerabilities
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An unspecified vulnerability exists in the F5 BIG-IP Advanced WAF and ASM TMUI, which, when cracked, allows an authenticated...