F5 BIG-IP ASM Input Validation Error Vulnerability

F5 BIG-IP ASM is a Web Application Firewall WAF from F5 USA that provides secure remote access, protects email, and simplifies web access control while enhancing network and application performance. BIG-IP ASM suffers from an input validation error vulnerability that stems from a possible client...

F5 Networks BIG-IP : BIG-IP ASM WebSocket vulnerability (K88230177)

The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.3 / 13.1.3.6 / 14.1.3.1 / 15.1.2 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K88230177 advisory. - On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x...

F5 Networks BIG-IP : BIG-IP ASM Bot Defense open redirection vulnerability (K33440533)

When receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense versions prior to 14.1.0, or a Bot Defense profile versions 14.1.0 and later, may subject clients and web servers to...

OESA-2021-1022 nasm security update

NASM is the Netwide Assembler, a free portable assembler for the Intel 80x86 microprocessor series, using primarily the traditional Intel instruction mnemonics and syntax. It also provides tools in RDOFF binary format, includes linker, library manager, loader, and information dump.\r\n\r\n Securi...

SUSE SLED15 / SLES15 Security Update : wavpack (SUSE-SU-2021:0186-1)

This update for wavpack fixes the following issues : Update to version 5.4.0 - CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples bsc1180414 - fixed: disable A32 asm code when building for Apple silicon - fixed: issues with Adobe-style floating-point WAV files - added:...

Siemens JT2Go ASM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ASM...

Siemens JT2Go ASM File Parsing Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ASM...

CVE-2020-26990

A vulnerability has been identified in JT2Go All versions V13.1.0.1, Teamcenter Visualization All versions V13.1.0.1. Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file could trigger a type confusion condition. An attacker could leverage...

CVE-2020-26991

A vulnerability has been identified in JT2Go All versions V13.1.0.2, Teamcenter Visualization All versions V13.1.0.2. Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer dereferences of a value obtained from untrusted source. An...

CVE-2020-26990

A vulnerability has been identified in JT2Go All versions V13.1.0.1, Teamcenter Visualization All versions V13.1.0.1. Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file could trigger a type confusion condition. An attacker could leverage...

CVE-2020-26991

A vulnerability has been identified in JT2Go All versions V13.1.0.2, Teamcenter Visualization All versions V13.1.0.2. Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer dereferences of a value obtained from untrusted source. An...

Type confusion

A vulnerability has been identified in JT2Go All versions V13.1.0.1, Teamcenter Visualization All versions V13.1.0.1. Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file could trigger a type confusion condition. An attacker could leverage...

Design/Logic Flaw

A vulnerability has been identified in JT2Go All versions V13.1.0.2, Teamcenter Visualization All versions V13.1.0.2. Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer dereferences of a value obtained from untrusted source. An...

CVE-2020-26991

A vulnerability has been identified in JT2Go All versions V13.1.0.2, Teamcenter Visualization All versions V13.1.0.2. Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer dereferences of a value obtained from untrusted source. An...

CVE-2020-26990

CVE-2020-26990 affects Siemens JT2Go and Teamcenter Visualization (all versions before 13.1.0.1). The issue arises when parsing ASM files: user-supplied data may trigger a type confusion, enabling code execution in the context of the affected process. Connected advisories (ZDI-21-055, ICSA-21-040...

CVE-2020-26990

A vulnerability has been identified in JT2Go All versions V13.1.0.1, Teamcenter Visualization All versions V13.1.0.1. Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file could trigger a type confusion condition. An attacker could leverage...

PT-2021-11291 · Siemens · Teamcenter Visualization +1

Name of the Vulnerable Software and Affected Versions: JT2Go versions prior to 13.1.0.2 Teamcenter Visualization versions prior to 13.1.0.2 Description: A vulnerability has been identified in the affected applications, where they lack proper validation of user-supplied data when parsing ASM files...

PT-2021-11290 · Siemens · Teamcenter Visualization +1

Name of the Vulnerable Software and Affected Versions: JT2Go versions prior to 13.1.0.1 Teamcenter Visualization versions prior to 13.1.0.1 Description: A vulnerability has been identified in the affected applications, where they lack proper validation of user-supplied data when parsing ASM files...

CVE-2020-27728

On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, under certain conditions, Analytics, Visibility, and Reporting daemon AVRD may generate a core file and restart on the BIG-IP system when processing requests sent from mobile devices...

Improper access control

On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, under certain conditions, Analytics, Visibility, and Reporting daemon AVRD may generate a core file and restart on the BIG-IP system when processing requests sent from mobile devices...