27 matches found
Wallos 代码问题漏洞
Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.8.1 contained code vulnerabilities. These vulnerabilities stemmed from the SSRF protection mechanism not preventing the CGNAT address range, which could allow authenticated users to...
PT-2026-38444
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTER FLAG NO PRIV RANGE | FILTER FLAG NO RES RANGE that does not...
EUVD-2019-16170
Malware in sbrugna...
EUVD-2020-20224
Malware in sbrugna...
EUVD-2022-31075
Malicious code in bioql PyPI...
CVE-2019-6611
When BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 are processing certain rare data sequences occurring in PPTP VPN traffic, the BIG-IP system may execute incorrect logic. The TMM may restart and produce a core file as a result of this condition. The...
F5 Networks BIG-IP : CGNAT LSN vulnerability (K04048104)
The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.3.1 / 15.1.1 / 16.0.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K04048104 advisory. - On BIG-IP LTM/CGNAT version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5...
K54082580: BIG-IP CGNAT LSN vulnerability CVE-2022-26517
Security Advisory Description When the BIG-IP CGNAT Large Scale NAT LSN pool is configured on a virtual server and packet filtering is enabled, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-26517 For more information about packet filters, refer to th...
K25451853: TMUI XSS vulnerability CVE-2022-28716
Security Advisory Description A DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2022-28716 Impact An attacker ma...
K04048104: CGNAT LSN vulnerability CVE-2020-27720
Security Advisory Description When processing NAT66 traffic with Port Block Allocation PBA mode and SP-DAG enabled, and dag-ipv6-prefix-len configured with a value less than the default of 128, an undisclosed traffic pattern may cause the Traffic Management Microkernel TMM to restart...
K47527163: CGNAT/PPTP vulnerability CVE-2019-6611
Security Advisory Description When processing certain rare data sequences occurring in PPTP VPN traffic, the BIG-IP system may execute incorrect logic. The TMM may restart and produce a core file as a result of this condition. The BIG-IP system provisioned with the CGNAT module and configured wit...
CVE-2022-28716
On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM...
CVE-2022-26517
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when the BIG-IP CGNAT Large Scale NAT LSN pool is configured on a virtual server and packet filtering is enabled, undisclosed requests can cause the Traffic Management Microkern...
F5 Networks BIG-IP : BIG-IP CGNAT LSN vulnerability (K54082580)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.0 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K54082580 advisory. - On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, an...
PT-2022-19192 · F5 · Big-Ip
Name of the Vulnerable Software and Affected Versions: BIG-IP versions prior to 16.1.2.2 BIG-IP versions prior to 15.1.5.1 BIG-IP versions prior to 14.1.4.6 BIG-IP versions prior to 13.1.5 BIG-IP versions 12.1.x and earlier BIG-IP versions 11.6.x and earlier Description: A DOM-based cross-site...
CVE-2022-26517
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when the BIG-IP CGNAT Large Scale NAT LSN pool is configured on a virtual server and packet filtering is enabled, undisclosed requests can cause the Traffic Management Microkern...
Design/Logic Flaw
On BIG-IP LTM/CGNAT version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, when processing NAT66 traffic with Port Block Allocation PBA mode and SP-DAG enabled, and dag-ipv6-prefix-len configured with a value less than the default of 128, an undisclosed traffic pattern may...
CVE-2020-27720
On BIG-IP LTM/CGNAT version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, when processing NAT66 traffic with Port Block Allocation PBA mode and SP-DAG enabled, and dag-ipv6-prefix-len configured with a value less than the default of 128, an undisclosed traffic pattern may...
CVE-2020-27720
CVE-2020-27720 affects F5 BIG-IP LTM/CGNAT where processing NAT66 traffic with Port Block Allocation (PBA) mode and SP-DAG enabled, with dag-ipv6-prefix-len under 128, may trigger a restart of the Traffic Management Microkernel (TMM). Affected versions include 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14...
F5 BIG-IP LTM/CGNAT Security Vulnerability
F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other functions from F5 Corporation. A security vulnerability exists in F5 BIG-IP LTM/CGNAT, which can be exploited by an attacker to trigger a denial of...