23 matches found
EUVD-2019-16231
Malware in sbrugna...
EUVD-2024-19377
Malicious code in bioql PyPI...
CVE-2019-6672
On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded...
CVE-2024-32981 Cross-site Scripting vulnerability with encoded payload in silverstripe/framework
Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end o...
CVE-2024-21763
When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel TMM to terminate. NOTE: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-21763
CVE-2024-21763 affects BIG-IP AFM (part of BIG-IP) where when DoS or a DoS profile is configured with NXDOMAIN attack vectors and bad-actor detection, undisclosed queries can trigger a crash of the Traffic Management Microkernel (TMM), causing a DoS condition. The primary published details indica...
F5 Networks BIG-IP : BIG-IP AFM vulnerability (K000137521)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000137521 advisory. When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queri...
PT-2024-19042 · F5 · Big-Ip Afm
Name of the Vulnerable Software and Affected Versions: BIG-IP AFM affected versions not specified Description: When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel TMM to...
When the burnToMint function is enabled, any bad actor can transfer the nft-to-burn when it receives the newly minted nft, getting burned after he no longer is the owner.
Lines of code Vulnerability details Impact Medium impact, it affects the functionallity of the nfts with other contracts, as they wouldn't want to interact with tokens that could get burned. Explanation in the NextGenCore contract, the burnToMint function has the minting of the new nft, which mak...
Possibility of security vulnerabilities introduced by creating ERC20ProxyDelegator instances on the fly using static salt values
Lines of code Vulnerability details Impact Security risks associated with deploying proxy contracts via deterministic addresses that can be easily calculated. In deployProxyDelegatorIfNeeded, in the case that extcodesizeproxyAddress == 0, then a proxy contract is instantiated ad hoc via new...
CVE-2023-41316 HTML Injection with email in Tolgee
Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitati...
HTML Injection - real Aptabase emails
Description Due to lack of validation Name field during registration, bad actor can send emails with HTML injected code to the victims. Proof of Concept Payload example: Jameees Repro steps: Go to https://eu.aptabase.com/auth/register and for field 'Name' use payload with HTML. Open email from...
bad actore can increase gas usage in swapfrom function
Lines of code Vulnerability details Impact bad actor can increase gas in swapfrom function because everytime calling swapfrom function it store new unit and everytime runs the loop for length of it Proof of Concept the swapfrom function includes function setReservesIERC20 memory tokens, uint256...
K14703097: BIG-IP AFM vulnerability CVE-2019-6672
Security Advisory Description When bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded. CVE-2019-6672 Impact The affected BIG-IP AFM system's CPU usage increases and may cause the legitimate...
Service Fabric Privilege Escalation from Containerized Workloads on Linux
Under Coordinated Vulnerability Disclosure CVD, cloud-security vendor Palo Alto Networks informed Microsoft of an issue affecting Service Fabric SF Linux clusters CVE-2022-30137. The vulnerability enables a bad actor, with access to a compromised container, to escalate privileges and gain control...
Microsoft Azure 'AutoWarp' Bug Could Have Let Attackers Access Customers' Accounts
Details have been disclosed about a now-addressed critical vulnerability in Microsoft's Azure Automation service that could have permitted unauthorized access to other Azure customer accounts and take over control. "This attack could mean full control over resources and data belonging to the...
Code injection
In Contour Ingress controller for Kubernetes before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown procedure includes...
CVE-2019-6672
On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded...
CVE-2019-6672
On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded...
Hardcoded credentials
On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded...