F5 Networks BIG-IP : BIG-IP APM virtual server vulnerability (K46901953)

In certain circumstances, an attacker sending specifically crafted requests to aBIG-IP APM virtual server may cause a disruption of service provided by the Traffic Management MicrokernelTMM. CVE-2020-5874 Impact An attacker may be able to perform a denial-of-service DoS attack on a BIG-IP system ...

F5 Networks BIG-IP : TMM vulnerability (K43450419)

Undisclosed requests can lead to a denial of service DoS when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is no control-plane exposure. CVE-2020-5871 Impact...

The vulnerability in the collection of libraries and drivers for fast packet processing in dpdk, related to uncontrolled resource consumption, allows a hacker to cause a service failure.

The vulnerability of the library and driver set for fast packet processing in dpdk is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures by sending specially crafted VRINGSETNUM messages...

dpdk: possible memory leak leads to denial of service

A flaw was found in dpdk where a malicious master, or a container with access to vhostuser socket, can send specially crafted VRINGSETNUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition...

CVE-2020-5862

On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. This issue does not affect any other platforms, hardware or virtual, or any other cloud provider...

CVE-2019-11189

Authentication Bypass by Spoofing in org.onosproject.acl access control and org.onosproject.mobility host mobility in ONOS v2.0 and earlier allows attackers to bypass network access control via data plane packet injection. To exploit the vulnerability, an attacker sends a gratuitous ARP reply tha...

CVE-2019-11189

Authentication Bypass by Spoofing in org.onosproject.acl access control and org.onosproject.mobility host mobility in ONOS v2.0 and earlier allows attackers to bypass network access control via data plane packet injection. To exploit the vulnerability, an attacker sends a gratuitous ARP reply tha...

Design/Logic Flaw

Authentication Bypass by Spoofing in org.onosproject.acl access control and org.onosproject.mobility host mobility in ONOS v2.0 and earlier allows attackers to bypass network access control via data plane packet injection. To exploit the vulnerability, an attacker sends a gratuitous ARP reply tha...

dpdk: possible memory leak leads to denial of service

A flaw was found in dpdk where a malicious master, or a container with access to vhostuser socket, can send specially crafted VRINGSETNUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition...

dpdk: possible memory leak leads to denial of service

A flaw was found in dpdk where a malicious master, or a container with access to vhostuser socket, can send specially crafted VRINGSETNUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition...

dpdk: possible memory leak leads to denial of service

A flaw was found in dpdk where a malicious master, or a container with access to vhostuser socket, can send specially crafted VRINGSETNUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition...

F5 Networks BIG-IP : TMM vulnerability (K06747393)

Under certain conditions, when using custom TCP congestion control settings in a TCP profile, TMM stops processingtraffic when processed by an iRule. CVE-2019-6677 Impact The Traffic Management Microkernel TMM may generate a core file and restart, causing a traffic disruption or failover event.Th...

F5 Networks BIG-IP : TLS 1.3 vulnerability (K34450231)

BIG-IP virtual servers with TLS 1.3 enabled may experience a denial-of-service DoS due to undisclosed incoming messages. CVE-2019-6659 Impact BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator Undisclosed messages sent to a TLS 1.3-enabled...

F5 Networks BIG-IP : BIG-IP HTTP/2 vulnerability (K81557381)

When the BIG-IP system is configured in HTTP/2 full proxy mode, specifically crafted requests may cause a disruption of service provided by the Traffic Management Microkernel TMM. CVE-2019-6673 Impact An attacker may be able to use a specifically crafted request to cause a disruption of service...

Weak Password Vulnerability in Tianrongxin NGFW® Next-Generation Firewall

NGFW®, the next-generation firewall of TIANRONGXIN, adopts its own patented operating system NGTOS and security engine, utilizes the advanced Intel® Xeon® processor family and integrates the packet processing framework provided by Intel® Data Plane Development Kit to provide network processing...

DEBIAN-CVE-2019-14818

A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhostuser socket, can send specially crafted VRINGSETNUM messages, resulting in a memory leak including file...

CVE-2019-15261

A vulnerability in the Point-to-Point Tunneling Protocol PPTP VPN packet processing functionality in Cisco Aironet Access Points APs could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability is due to...

CVE-2019-15261 Cisco Aironet Access Points Point-to-Point Tunneling Protocol Denial of Service Vulnerability

A vulnerability in the Point-to-Point Tunneling Protocol PPTP VPN packet processing functionality in Cisco Aironet Access Points APs could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability is due to...

Cross site scripting

On BIG-IP AFM, PEM 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting XSS issue. This is a control plane issue only and is not...

CVE-2019-6629

On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to...