903 matches found
CVE-2022-29480
CVE-2022-29480 affects F5 BIG-IP big3d when multiple route domains are configured, allowing undisclosed requests to cause CPU resource consumption and possible DoS. Concrete details from the connected advisory (K71103363): vulnerable BIG-IP versions include 13.1.x before 13.1.5 (13.1.0–13.1.4), a...
CVE-2022-28701
CVE-2022-28701 (F5 BIG-IP Stream profile DoS) In F5 BIG-IP 16.1.x, when a stream profile is configured on a virtual server, certain undisclosed requests can cause memory resource utilization to spike, degrading system performance and potentially causing a TMM restart or DoS. The advisory confirms...
CVE-2022-28691
CVE-2022-28691 affects F5 BIG-IP where RTSP profiles on a virtual server can cause undisclosed traffic to increase TMM resource utilization, leading to degraded performance or DoS. Affected branches and fixes per F5 advisory: BIG-IP 16.1.x before 16.1.2.2; 15.1.x before 15.1.5; 14.1.x before 14.1...
CVE-2022-26372
On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when a DNS listener is configured on a virtual server with DNS queueing default, undisclosed requests can cause an increase in memory resource...
CVE-2022-26372
CVE-2022-26372 affects F5 BIG-IP DNS profile: when a DNS listener on a virtual server uses DNS queueing (default), undisclosed requests can cause memory resource utilization to spike, leading to degraded performance or DoS. Affected branches and fixes per VULNERABILITY docs: BIG-IP 15.1.x before ...
CVE-2022-27189
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when an Internet Content Adaptation Protocol ICAP profile is configured on a virtual server, undisclosed...
CVE-2022-27182
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, when BIG-IP packet filters are enabled and a virtual server is configured with the type set to Reject, undisclosed requests can cause an increase in memory resource utilizatio...
CVE-2022-27181
CVE-2022-27181 affects F5 BIG-IP APM when an access profile uses APM AAA NTLM Auth. Exploitation leads to increased internal resource utilization and potential DoS on the BIG-IP device. Affected branches and known vulnerable ranges include: BIG-IP APM 16.1.x (16.1.0–16.1.2, fixed in 16.1.2.2), 15...
CVE-2022-27181
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when APM is configured on a virtual server and the associated access profile is configured with APM AAA...
F5 Networks BIG-IP : BIG-IP ICAP profile vulnerability (K16187341)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K16187341 advisory. - On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1,...
F5 Networks BIG-IP : BIG-IP RTSP profile vulnerability (K37155600)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K37155600 advisory. - On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1...
F5 Networks BIG-IP : BIG-IP APM vulnerability (K93543114)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K93543114 advisory. - On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to...
F5 Networks BIG-IP : BIG-IP Stream profile vulnerability (K99123750)
The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K99123750 advisory. - On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, when the stream profile is configured on a virtual server,...
F5 Networks BIG-IP : DNS profile vulnerability (K23454411)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.0.2 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K23454411 advisory. - On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x...
F5 Networks BIG-IP : BIG-IP big3d vulnerability (K71103363)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.0.0. It is, therefore, affected by a vulnerability as referenced in the K71103363 advisory. - On F5 BIG-IP 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when multiple route domains are...
CVE-2022-28691
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when a Real Time Streaming Protocol RTSP profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic...
Cisco Firepower Threat Defense AnyConnect SSL VPN DoS (cisco-sa-vpndtls-dos-TunzLEV)
According to its self-reported version, Cisco FTD Software is affected by a vulnerability in the implementation of the Datagram TLS DTLS protocol that could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of service DoS condition. This vulnerability ...
Race condition
A vulnerability in the implementation of the Datagram TLS DTLS protocol in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of service DoS condition...
GitLab: DOS via move_issue
Summary Moving an issue with a specially-crafted description results in high CPU usage for 60 seconds request timeout. Multiple requests can be issued in parallel to create a larger impact. Steps to reproduce 1. Given an authorized user on GitLab.com - anyone can self-register. On EE - depends on...
What steps are needed to configure new StoreFront servers with an existing Gateway and Store URL
The objective of this article is to provide the recommended steps at a high level in order to configure two new StoreFront servers to work with an existing Gateway virtual server that utilizes an URL created with an old set of StoreFront servers...