CVE-2024-20303

A vulnerability in the multicast DNS mDNS gateway feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. This vulnerability is due to improper management of mDNS client entries. An attacker...

CVE-2024-20303

A vulnerability in the multicast DNS mDNS gateway feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. This vulnerability is due to improper management of mDNS client entries. An attacker...

CVE-2024-20314

CVE-2024-20314 affects Cisco IOS XE Software with the SD-Access fabric edge node feature. The issue stems from improper handling of certain IPv4 packets, allowing an unauthenticated, remote attacker to induce high CPU utilization and halt traffic processing, causing a DoS on affected devices. Cis...

CVE-2024-20314

A vulnerability in the IPv4 Software-Defined Access SD-Access fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop all traffic processing, resulting in a denial of service DoS condition on an affected device. This...

PT-2024-2576 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the IPv4 Software-Defined Access SD-Access fabric edge node feature could allow an unauthenticated, remote attacker to cause high CPU utilization and stop a...

Cisco IOS XE Software SD Access Fabric Edge Node DoS (cisco-sa-ios-xe-sda-edge-dos-qZWuWXWG)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the IPv4 Software-Defined Access SD-Access fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop al...

Cisco IP Phones 8800 Series File Upload Denial of Service (CVE-2019-1766)

A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability exists because the...

Understanding the OWASP API Security Top 10: Why BOLA is the Number One Risk for APIs

Understanding and addressing vulnerabilities is critical in cybersecurity, where APIs serve as the backbone for seamless data exchange. The OWASP API Security Top 10, revised in 2023, provides a comprehensive guide to the critical issues that organizations must tackle to ensure the robust securit...

BIT-GITLAB-2021-22177

Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command...

BIT-ENVOY-2021-32778 Excessive CPU utilization when closing HTTP/2 streams

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has ON^2 complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are...

Siemens Tecnomatix Plant Simulation Null Pointer Dereference Vulnerability (CNVD-2024-09323)

Tecnomatix Plant Simulation models, simulates, explores and optimizes logistics systems and their processes. These models allow material flow, resource utilization and logistics analysis of all manufacturing plans from global production facilities to local plants and specific production lines pri...

Siemens Tecnomatix Plant Simulation Out-of-Bounds Read Vulnerability (CNVD-2024-09321)

Tecnomatix Plant Simulation models, simulates, explores and optimizes logistics systems and their processes. These models allow material flow, resource utilization and logistics analysis of all manufacturing plans from global production facilities to local plants and specific production lines pri...

CVE-2024-23979

When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point CRLDP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support EoTS are n...

CVE-2024-21789

When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Authentication flaw

When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point CRLDP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support EoTS are n...

Code injection

When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-21789

CVE-2024-21789 affects BIG-IP Advanced WAF/ASM; when a security policy is applied on a virtual server, undisclosed requests can cause a memory resource utilization spike, potentially degrading performance. Impact: DoS-like degradation without control plane exposure (data plane issue). Remediation...

CVE-2024-23979

BIG-IP CVE-2024-23979 affects SSL Client Certificate LDAP and CRLDP Authentication profiles when configured on a virtual server, causing undisclosed requests to increase CPU resource utilization and potentially degrade performance (DoS) per the F5 security advisory K000134516. The issue is docume...

K000137270: BIG-IP Advanced WAF and BIG-IP ASM vulnerability CVE-2024-21789

Security Advisory Description When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2024-21789 Impact System performance can degrade until the bd process is either forced to restart or is...

F5 Networks BIG-IP : BIG-IP SSL Client Certificate LDAP and CRLDP Authentication profiles vulnerability (K000134516)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000134516 advisory. - When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point CRLDP authentication...