EUVD-2024-21402

Malicious code in bioql PyPI...

CVE-2020-27727

On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, when an authenticated administrative user installs RPMs using the iAppsLX REST installer, the BIG-IP system does not sufficiently validate user input, allowing the user read access to the filesystem...

CVE-2024-23976

When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-23976

When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Authentication flaw

When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-23976 BIG-IP Appliance mode iAppsLX vulnerability

When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-23976

CVE-2024-23976 concerns F5 BIG-IP Appliance mode where an authenticated administrator can bypass Appliance mode restrictions via iAppsLX templates. The security advisory K91054692 states that affected products are BIG-IP (all modules) on the 17.x line with vulnerability on 17.1.0 and a fixed rele...

CVE-2024-23976 BIG-IP Appliance mode iAppsLX vulnerability

When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

K91054692: BIG-IP Appliance mode iAppsLX vulnerability CVE-2024-23976

Security Advisory Description When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. CVE-2024-23976 Impact An authenticated attacker with local system access and th...

F5 BIG-IP Security Vulnerabilities

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other features. A security vulnerability exists in the F5 BIG-IP that originates when operating in appliance mode, where an authenticated...

F5 Networks BIG-IP : BIG-IP Appliance mode iAppsLX vulnerability (K91054692)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K91054692 advisory. - When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to...

PT-2024-20214 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP affected versions not specified Description: The issue allows an authenticated attacker with the Administrator role to bypass Appliance mode restrictions on a BIG-IP system using iAppsLX templates. Recommendations: At the moment, there...

K63025104: NodeJS vulnerability CVE-2018-7160

Security Advisory Description The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network acces...

K14363514: OpenSSL vulnerability CVE-2017-3736

Security Advisory Description There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perfo...

F5 Networks BIG-IP : GSON vulnerability (K00994461)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4. It is, therefore, affected by a vulnerability as referenced in the K00994461 advisory. The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the...

CVE-2020-27727

On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, when an authenticated administrative user installs RPMs using the iAppsLX REST installer, the BIG-IP system does not sufficiently validate user input, allowing the user read access to the filesystem...

CVE-2020-27727

On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, when an authenticated administrative user installs RPMs using the iAppsLX REST installer, the BIG-IP system does not sufficiently validate user input, allowing the user read access to the filesystem...

F5 BIG-IP Information Disclosure Vulnerability (CNVD-2020-74865)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. An information disclosure vulnerability exists in F5 BIG-IP, which can be exploited by an attacker who can read files via F5...

F5 Networks BIG-IP : iAppsLX REST vulnerability (K50343630)

When an authenticated administrative user installs RPMs using the iAppsLX REST installer, the BIG-IP system does not sufficiently validate user input, allowing the user read access to the filesystem.CVE-2020-27727 Impact An attacker can exploit this vulnerability as an authenticated administrativ...

F5 Networks BIG-IP : NodeJS vulnerability (K63025104)

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the...