EUVD-2023-44131

Malicious code in bioql PyPI...

CVE-2023-3470

CVE-2023-3470 affects specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards, where the Crypto User password is deterministic. This enables an authenticated user with tmsh access (or someone with physical access to the FIPS HSM) to derive the correct password, potentially compromising con...

F5 Networks BIG-IP : BIG-IP FIPS HSM password vulnerability (K000135449)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4 / 14.1.4 / 15.1.1 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K000135449 advisory. - Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password...

K52521791: vCMP Cavium Nitrox SSL hardware accelerator vulnerability CVE-2018-5507

Security Advisory Description vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU. CVE-2018-5507 Impact BIG-IP The affected SSL connections are terminated unexpectedly. ARX / BIG-IQ / Enterprise Manager ...

K91158923: BIG-IP SSL/TLS ADH/DHE vulnerability CVE-2020-5929

Security Advisory Description BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a virtual server configured with a Client SSL profile, and using Anonymous Diffie-Hellman ADH or Ephemeral Diffie-Hellman DHE key exchange and Single DH use option not enabled in the options list ma...

CVE-2020-5929

In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous ADH or Ephemeral DHE Diffie-Hellman key exchange and Single DH use option not enable...

CVE-2020-5929

In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous ADH or Ephemeral DHE Diffie-Hellman key exchange and Single DH use option not enable...

CVE-2020-5929

Summary (CVE-2020-5929): BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server using a Client SSL profile, and ADH/DHE key exchange (with Single DH use not enabled) are vulnerable to crafted TLS handshakes that may recover plaintext by exploiting PMS starting with ...

PT-2020-18827 · F5 · F5 Big-Ip

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions 11.6.1 through 11.6.2 F5 BIG-IP versions 12.1.0 through 12.1.2 HF1 F5 BIG-IP versions 13.0.0 through 13.0.0 HF2 Description: The issue affects F5 BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, where a...

F5 Networks BIG-IP : BIG-IP SSL/TLS ADH/DHE vulnerability (K91158923)

BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a virtual server configured with a Client SSL profile, and using AnonymousDiffie-Hellman ADH or Ephemeral Diffie-HellmanDHE key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted...

F5 Networks BIG-IP : vCMP Cavium Nitrox SSL hardware accelerator vulnerability (K52521791)

vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU. CVE-2018-5507 Impact BIG-IP The affected SSL connections are terminated unexpectedly. ARX / BIG-IQ / Enterprise Manager / F5 iWorkflow / LineRate /...

CVE-2017-17428

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits SDKs allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack...

CVE-2017-17428

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits SDKs allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack...

CVE-2017-17428

CVE-2017-17428 is a Bleichenbacher-style RSA padding oracle (ROBOT) vulnerability that can allow an attacker to decrypt TLS data by exploiting RSA PKCS#1. Cisco advisories and CERT CERT/SEC records indicate multiple Cisco products (and other vendors’ TLS stacks) were affected and issued updates. ...

F5 Networks BIG-IP : TMM SSL/TLS virtual server vulnerability (K39508724)

TMM SSL/TLS virtual server using CBC cipher may be vulnerable to a 'Vaudenay timing attack' aka 'Padding oracle attack.'CVE-2016-6907 The BIG-IP system may be vulnerable to a padding oracle attack on the following platforms : The VIPRION B4450 blade and BIG-IP 2000 and 4000 series platforms are...