‼ CVE-2022-35241 ‼
📖 Read
via "National Vulnerability Database".
In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35728 ‼
📖 Read
via "National Vulnerability Database".
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35243 ‼
📖 Read
via "National Vulnerability Database".
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35245 ‼
📖 Read
via "National Vulnerability Database".
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34651 ‼
📖 Read
via "National Vulnerability Database".
In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34655 ‼
📖 Read
via "National Vulnerability Database".
In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35240 ‼
📖 Read
via "National Vulnerability Database".
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when the Message Routing (MR) Message Queuing Telemetry Transport (MQTT) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32455 ‼
📖 Read
via "National Vulnerability Database".
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35272 ‼
📖 Read
via "National Vulnerability Database".
In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server, undisclosed traffic may cause the Traffic Management Microkernel (TMM) to produce a core file and the connection to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35735 ‼
📖 Read
via "National Vulnerability Database".
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34993 ‼
📖 Read
via "National Vulnerability Database".
Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34851 ‼
📖 Read
via "National Vulnerability Database".
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33203 ‼
📖 Read
via "National Vulnerability Database".
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30535 ‼
📖 Read
via "National Vulnerability Database".
In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34844 ‼
📖 Read
via "National Vulnerability Database".
In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker's control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33968 ‼
📖 Read
via "National Vulnerability Database".
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, when an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use, undisclosed traffic can cause a buffer over-read. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35236 ‼
📖 Read
via "National Vulnerability Database".
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
🕴 Time to Patch VMware Products Against a Critical New Vulnerability 🕴
📖 Read
via "Dark Reading".
A dangerous VMware authentication-bypass bug could give threat actors administrative access over virtual machines.📖 Read
via "Dark Reading".
Dark Reading
Time to Patch VMware Products Against a Critical New Vulnerability
A dangerous VMware authentication-bypass bug could give threat actors administrative access over virtual machines.
🕴 Amazon, IBM Move Swiftly on Post-Quantum Cryptographic Algorithms Selected by NIST 🕴
📖 Read
via "Dark Reading".
A month after the algorithms were revealed, some companies have already begun incorporating the future standards into their products and services.📖 Read
via "Dark Reading".
Dark Reading
Amazon, IBM Move Swiftly on Post-Quantum Cryptographic Algorithms Selected by NIST
A month after the algorithms were revealed, some companies have already begun incorporating the future standards into their products and services.
🕴 Cyberattackers Increasingly Target Cloud IAM as a Weak Link 🕴
📖 Read
via "Dark Reading".
At Black Hat USA, Igal Gofman plans to address how machine identities in the cloud and the explosion of SaaS apps are creating risks for IAM, amid escalating attention from attackers.📖 Read
via "Dark Reading".
Dark Reading
Cyberattackers Increasingly Target Cloud IAM as a Weak Link
At Black Hat USA, Igal Gofman plans to address how machine identities in the cloud and the explosion of SaaS apps are creating risks for IAM, amid escalating attention from attackers.
👍1
‼ CVE-2022-35144 ‼
📖 Read
via "National Vulnerability Database".
Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) vulnerability.📖 Read
via "National Vulnerability Database".