K000137270: BIG-IP Advanced WAF and BIG-IP ASM vulnerability CVE-2024-21789

Security Advisory Description When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2024-21789 Impact System performance can degrade until the bd process is either forced to restart or is...

K000138445: NGINX HTTP/3 QUIC vulnerability CVE-2024-24990

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. CVE-2024-24990 Note : The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information,...

K000135873: BIG-IP Websockets vulnerability CVE-2024-21849

Security Advisory Description When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM process to terminate. CVE-2024-21849 Impact Traffic is disrupted while the TMM process restarts...

K32544615: BIG-IP iControl REST API vulnerability CVE-2024-22389

Security Advisory Description When BIG-IP is deployed in high availability HA and an iControl REST API token is updated, the change does not sync to the peer device. CVE-2024-22389 Impact This vulnerability may allow a high privileged remote authenticated attacker to use deleted or updated API...

PT-2023-9646 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: The issue is related to improper handling of frames with VLAN tag information, which could allow an unauthenticated, adjacent attacker to cause a denial of service DoS conditi...

Fedora: Security Advisory for golang-github-envoyproxy-control-plane (FEDORA-2023-6b89bc0305)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: golang-github-envoyproxy-control-plane-0.11.1-1.fc39

Go implementation of data-plane-api...

Vulnerability fixed in F5 BIG-IP

F5 has fixed a vulnerability in BIG-IP. A malicious person could exploit the vulnerability to execute arbitrary code on the system. For successful exploitation, the malicious party must have physical or LAN access have access to the physical management port of the vulnerable device, or have acces...

K000133467: BIG-IP HTTP/2 vulnerability CVE-2023-40534

Security Advisory Description Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server and an iRule using the HTTPREQUEST event or Local Traffic Policy are associated with t...

K000134652: BIG-IP TCP profile vulnerability CVE-2023-40542

Security Advisory Description When TCP Verified Accept is enabled on a TCP profile that is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2023-40542 Impact System performance can degrade until the Traffic Management Microkernel TMM...

Fedora: Security Advisory for golang-github-envoyproxy-control-plane (FEDORA-2023-f122ea1b3e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: golang-github-envoyproxy-control-plane-0.11.1-1.fc38

Go implementation of data-plane-api...

Code injection

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with policy.cilium.io/proxy-visibility annotations in Cilium = v1.13 or io.cilium.proxy-visibility annotations in Cilium...

CVE-2023-41333

Cilium is vulnerable: an attacker who can create/modify CiliumNetworkPolicy objects in a namespace can bypass namespace restrictions and affect traffic across the entire cluster by crafting an endpointSelector that uses the DoesNotExist operator on the reserved:init label. The issue requires API ...

CVE-2023-39347

Cilium CVE-2023-39347: An attacker with Kubernetes API Server access can update pod labels, causing Cilium to apply incorrect network policies by using user-provided labels to select policies. This can bypass policies when a pod label (e.g., namespace) resolves to non-existent constructs, affecti...

The vulnerability of the Routing Protocol Data Plane (RPDP) in Juniper Networks’ Junos OS and Junos OS Evolved operating systems allows a attacker to cause a service failure.

The vulnerability of the Routing Protocol Data Plane RPDP in Juniper Networks’ Junos OS and Junos OS Evolved operating systems is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

Code injection

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to /opt/cni/bin due to a hostPath mount of that directory in the agent pod. By replacing the CNI binary...

K000132686: TLS Triple Handshake Attack vulnerability

Security Advisory Description The original TLS protocol includes a weakness in master secret negotiation, potentially allowing the Triple Handshake Attack that is mitigated by the Extended Master Secret EMS extension defined in RFC 7627. Impact This vulnerability may allow an unauthenticated...

K06323049: BIG-IP IPsec ALG vulnerability CVE-2022-29473

Security Advisory Description When an IPSec ALG profile is configured on a virtual server, undisclosed responses can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-29473 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows an unauthenticated...

K59197053: BIG-IP TLS 1.3 iRule vulnerability CVE-2022-34651

Security Advisory Description When an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-34651 Impact Traffic is disrupt...