24 matches found
CVE-2022-23015
On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14.1.2.6-14.1.4.4, when a Client SSL profile is configured on a virtual server with Client Certificate Authentication set to request/require and Session Ticket enabled and configured, processing SSL traffic can cause an increase i...
Cross site request forgery (csrf)
On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14.1.2.6-14.1.4.4, when a Client SSL profile is configured on a virtual server with Client Certificate Authentication set to request/require and Session Ticket enabled and configured, processing SSL traffic can cause an increase i...
Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour.
...
SUSE-SU-2018:1130-1 Security update for corosync
This update for corosync provides the following fixes: - CVE-2018-1084: Integer overflow in totemcrypto:authenticatenss23 could lead to command execution bsc1089346 - Providing an empty uid or gid results in coroparse adding uid 0. bsc1066585 - Fix a problem that was causing corosync memory to...