The vulnerability of the microprogrammed software of Arris routers such as TG2482A, TG2492, and SBG10 allows a hacker to execute arbitrary code.

The vulnerability of the microprogrammed software of Arris routers such as TG2482A, TG2492, and SBG10 is related to errors in processing input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code by sending a specially crafted request...

The vulnerabilities of the BIG-IP Access Policy Manager, as well as the BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP Orchestrator, allow a perpetrator to access confidential data.

The vulnerabilities of the BIG-IP Access Policy Manager, as well as the BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link...

The vulnerability of the Microsoft Exchange Server mail server, related to errors in code generation, allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Exchange Server is related to errors in code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2023-26470 In XWiki Platform, saving a document with a large object number leads to persistent OOM errors

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the farm unusable by adding an object to a page with a huge number e.g. 67108863. Most of the time this will fill the memory allocated to XWiki and make it unusable every...

Schneider Electric Modicon M221 Information Management Errors (CVE-2018-7790)

An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a...

The vulnerability of AMD Secure Processor’s microprogramming software is related to synchronization errors when using shared resources (“Race Conditions”). This allows a malicious actor to trigger a service failure.

The vulnerability of AMD Secure Processor ASP microprogramming software is related to synchronization errors when using shared resources “Race Conditions”. Exploiting this vulnerability can allow an attacker to cause a service failure...

httpd: mod_proxy: HTTP response splitting

A flaw was found in the modproxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client...

The vulnerability of Microsoft Edge browsers, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge browsers is related to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to carry out spear-phishing attacks using a specially created malicious web page...

FAS: Information about Microsoft KB KB5014754/CVE-2022-34691, CVE-2022-26931 and CVE-2022-26923

• SSO will fail while trying to launch published resources and users will get the error that "The username or password is incorrect". They will be able to manually authenticate after clicking OK on VDIs/published desktops but there might be issues with published applications. • FAS will be able t...

Debian dla-3341 : curl - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3341 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3341-1 [email protected] https://www.debian.org/lts/security/...

CVE-2023-23919

A cryptographic vulnerability exists in Node.js 19.2.0, 18.14.1, 16.19.1, 14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread...

UBUNTU-CVE-2023-23919

A cryptographic vulnerability exists in Node.js 19.2.0, 18.14.1, 16.19.1, 14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread...

CVE-2023-23916

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this...

K22113131: BIG-IP TMM Ram Cache vulnerability CVE-2020-5861

Security Advisory Description The TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors. RAM Cache is a BIG-IP feature used to accelerate HTTP traffic and can be enabled in a Web Acceleration profile. CVE-2020-5861 Impact The...

K89105210: Multiple Intel Linux Wi-Fi Drivers vulnerabilities

Security Advisory Description CVE-2019-11151 Memory corruption issues in IntelR WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via local access. CVE-2019-11152 Memory corruption issues in...

K15548: Rsync sender.c vulnerability CVE-2007-4091

Security Advisory Description Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the fname function. CVE-2007-4091 Impact There is no impact; F5 products are not affected b...

K18129121: Linux kernel vulnerability CVE-2019-19767

Security Advisory Description The Linux kernel before 5.4.2 mishandles ext4expandextraisize, as demonstrated by use-after-free errors in ext4expandextraisize and ext4xattrsetentry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. CVE-2019-19767 Impact There is no impact; F5...

K61105950: iControl REST logs a plaintext password when the syntax of a cURL request is incorrect

Security Advisory Description The BIG-IP system logs the device password in plaintext. This issue occurs when the following condition is met: There are one or more syntax errors in the POST body of a REST token request. Impact Disclosure of the BIG-IP system's device password can lead to other...

Common Cloud Configuration Errors & Fixes

Cloud configuration errors are a major concern for modern DevOps teams, introducing a new attack surface with numerous potential points of vulnerability. Read on to discover some of the most common errors and learn how to resolve them...

Vulnerability in the Azure application service in Azure Stack, allowing attackers to escalate their privileges

The vulnerability of Azure application services in Azure Stack is related to access control errors. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...