‼ CVE-2022-43024 ‼
📖 Read
via "National Vulnerability Database".
Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43019 ‼
📖 Read
via "National Vulnerability Database".
OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality.📖 Read
via "National Vulnerability Database".
🕴 Security Awareness Urged to Grow Beyond Compliance 🕴
📖 Read
via "Dark Reading".
Increasingly vendors are looking for ways to take security awareness beyond checkbox compliance courses to more context-dependent interactions — a "shift left" to the average worker.📖 Read
via "Dark Reading".
Dark Reading
Security Awareness Urged to Grow Beyond Compliance
Increasingly vendors are looking for ways to take security awareness beyond checkbox compliance courses to more context-dependent interactions — a "shift left" to the average worker.
‼ CVE-2022-20424 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
🕴 Emotional Toll From Cyberattacks Can Linger Among Staff for Years 🕴
📖 Read
via "Dark Reading".
Research shows 1 in 7 employees involved in a cyberattack exhibits clinical trauma symptoms months after the incident.📖 Read
via "Dark Reading".
Dark Reading
Emotional Toll From Cyberattacks Can Linger Among Staff for Years
Research shows 1 in 7 employees involved in a cyberattack exhibits clinical trauma symptoms months after the incident.
‼ CVE-2022-41787 ‼
📖 Read
via "National Vulnerability Database".
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with DNSSEC can cause TMM to terminate.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41835 ‼
📖 Read
via "National Vulnerability Database".
In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41770 ‼
📖 Read
via "National Vulnerability Database".
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38107 ‼
📖 Read
via "National Vulnerability Database".
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41741 ‼
📖 Read
via "National Vulnerability Database".
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41691 ‼
📖 Read
via "National Vulnerability Database".
When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41694 ‼
📖 Read
via "National Vulnerability Database".
In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41806 ‼
📖 Read
via "National Vulnerability Database".
In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41624 ‼
📖 Read
via "National Vulnerability Database".
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31684 ‼
📖 Read
via "National Vulnerability Database".
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41832 ‼
📖 Read
via "National Vulnerability Database".
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41780 ‼
📖 Read
via "National Vulnerability Database".
In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary files.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41983 ‼
📖 Read
via "National Vulnerability Database".
On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41813 ‼
📖 Read
via "National Vulnerability Database".
In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36795 ‼
📖 Read
via "National Vulnerability Database".
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41617 ‼
📖 Read
via "National Vulnerability Database".
In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface.📖 Read
via "National Vulnerability Database".