82 matches found
EUVD-2018-7197
Malware in sbrugna...
EUVD-2022-36998
Malicious code in bioql PyPI...
EUVD-2023-45105
Malicious code in bioql PyPI...
CVE-2020-5877
On BIG-IP 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, malformed input to the DATAGRAM::tcp iRules command within a FLOWINIT event may lead to a denial of service...
CVE-2019-6685
On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution...
F5 Networks BIG-IP : iRules RESOLVER::summarize memory leak vulnerability (K65397301)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.3 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K65397301 advisory. - On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, when the iRules RESOLVER::summarize...
K30425568: Overview of F5 vulnerabilities (October 2022)
Security Advisory Description On October 19, 2022, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associate...
K03125360: F5 iRules 'RESOLV::lookup' command vulnerability CVE-2020-5941
Security Advisory Description Using the RESOLV::lookup command within an iRule may cause the Traffic Management Microkernel TMM to generate a core file and restart. This issue occurs when data exceeding the maximum limit of a host name passes to the RESOLV::lookup command. CVE-2020-5941 Impact Th...
K21344224: Lazy FP state restore vulnerability CVE-2018-3665
Security Advisory Description System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. CVE-2018-3665 A Floating-Point FP state...
K54200228: BIG-IP iRules vulnerability CVE-2020-5877
Security Advisory Description Malformed input to the DATAGRAM::tcp iRules command within a FLOWINIT event may lead to a denial of service. CVE-2020-5877 Impact Remote attackers may be able to perform a denial-of-service DoS attack on the BIG-IP system. Security Advisory Status F5 Product...
K65397301: iRules RESOLVER::summarize memory leak vulnerability CVE-2021-23049
Security Advisory Description When the iRules RESOLVER::summarize command is used on a virtual server, undisclosed requests can cause an increase in Traffic Management Microkernel TMM memory utilization resulting in an out-of-memory condition and a denial-of-service DoS. CVE-2021-23049 Impact...
K64208870: TMM vulnerability CVE-2018-15319
Security Advisory Description Malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. CVE-2018-15319 Impact An attacker may be able to...
K80970653: BIG-IP iRules vulnerability CVE-2022-33962
Security Advisory Description The 'node' iRules command may allow an attacker to bypass the access control restrictions for a self IP address, regardless of the port lockdown settings.CVE-2022-33962 Impact This vulnerability may allow an authenticated attacker with the iRule Manager role to creat...
K43024307: BIG-IP iRules vulnerability CVE-2022-41624
Security Advisory Description When a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. CVE-2022-41624 Impact System performance can degrade until the Traffic Management Microkernel TMM process is either forced to restart or...
K13323323: iRules LX vulnerability CVE-2021-22973
Security Advisory Description JSON parser function does not protect against out-of-bounds memory accesses or writes. CVE-2021-22973 Impact The Traffic Management Microkernel TMM may exit and restart while processing JSON payload with iRules LX commands, leading to a failover event. Security...
K30215839: F5 iRules vulnerability CVE-2019-6685
Security Advisory Description Users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution. CVE-2019-6685 Impact BIG-IP iRules manager roles are able to access data stored on other...
K19501795: BIG-IP HTTP profile vulnerability CVE-2019-6631
Security Advisory Description iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs. CVE-2019-6631 Impact The...
K07944249: Node.js vulnerability CVE-2020-8277
Security Advisory Description A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions 15.2.1, 14.15.1, and 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is...
K73302459: Certain iRulesLX binaries are installed with improper permissions
Security Advisory Description Certain iRulesLX binaries are installed with improper permissions. This issue occurs when the following condition is met: The affected system is provisioned with iRules Language Extensions LX. When you provision a system with iRulesLX, the system installs certain...
K22216037: TMM vulnerability CVE-2016-9245
Security Advisory Description Malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "Normalize URI" configuration options used in iRules...