K75532331: iRulesLX debug NodeJS vulnerability CVE-2019-6644

Security Advisory Description Similar to the issue identified in CVE-2018-12120, the BIG-IP system will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible. CVE-2019-6644 Impac...

K63025104: NodeJS vulnerability CVE-2018-7160

Security Advisory Description The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network acces...

K14363514: OpenSSL vulnerability CVE-2017-3736

Security Advisory Description There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perfo...

F5 Networks BIG-IP : NodeJS vulnerability (K63025104)

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the...

F5 Networks BIG-IP : iRulesLX debug NodeJS vulnerability (K75532331)

Similar to the issue identified inCVE-2018-12120, the BIG-IP system will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.CVE-2019-6644 Impact A remote attacker may be able ...

F5 Networks BIG-IP : Virtual Machine Manager L1 Terminal Fault vulnerability (K31300402)

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. CVE-2018-3646al...

SOL40524634 - OpenSSL vulnerability CVE-2016-0797

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL95463126 - OpenSSL vulnerabilities CVE-2016-0703 and CVE-2016-0704

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL33209124 - OpenSSL vulnerability CVE-2015-3197

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...