Monday, January 24, 2022
F5 Networks

K11546763: Linux kernel vulnerability CVE-2021-3653

Linux kernel vulnerability CVE-2021-3653 Security Advisory Security Advisory Description A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when ...
F5 Networks

K80212034: Linux kernel vulnerability CVE-2021-3656

Linux kernel vulnerability CVE-2021-3656 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when ...
F5 Networks

K39029022: Linux kernel vulnerability CVE-2021-37576

Linux kernel vulnerability CVE-2021-37576 Security Advisory Security Advisory Description arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest ...
F5 Networks

K96924184: F5 HTTP profile vulnerability CVE-2022-23022

F5 HTTP profile vulnerability CVE-2022-23022 Security Advisory Security Advisory Description When an HTTP profile is configured on a virtual server, undisclosed requests can cause the Traffic ...
F5 Networks

K12201527: Overview of Quarterly Security Notifications

Overview of Quarterly Security Notifications Security Advisory Security Advisory Description Beginning November 3, 2021, F5 will disclose security vulnerabilities and security exposures for F5 ...
F5 Networks

K40084114: Overview of F5 vulnerabilities (January 2022)

Overview of F5 vulnerabilities (January 2022) Security Advisory Security Advisory Description On January 19, 2022, F5 announced the following security issues. This document is intended to serve as ...
F5 Networks

K41415626: Transparent DNS Cache can consume excessive resources

Transparent DNS Cache can consume excessive resources Security Advisory Security Advisory Description When transparent Domain Name System (DNS) cache is configured on a virtual server, undisclosed ...
F5 Networks

K47592780: BIG-IQ vulnerability CVE-2022-23009

BIG-IQ vulnerability CVE-2022-23009 Security Advisory Security Advisory Description An authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices ...
F5 Networks

K57735782: NGINX Controller API Management vulnerability CVE-2020-23008

NGINX Controller API Management vulnerability CVE-2020-23008 Security Advisory Security Advisory Description An authenticated attacker with access to the "user" or "admin" role can use undisclosed ...
F5 Networks

K57111075: TMM vulnerability CVE-2022-23021

TMM vulnerability CVE-2022-23021 Security Advisory Security Advisory Description When any of the following configurations are configured on a virtual server, undisclosed requests can cause the ...
F5 Networks

K44110411: BIG-IP SIP ALG vulnerability CVE-2022-23025

BIG-IP SIP ALG vulnerability CVE-2022-23025 Security Advisory Security Advisory Description When a SIP ALG profile is configured on a virtual server, undisclosed requests can cause the Traffic ...
F5 Networks

K08402414: BIG-IP ASM and Advanced WAF REST API endpoint vulnerability CVE-2022-23026

BIG-IP ASM and Advanced WAF REST API endpoint vulnerability CVE-2022-23026 Security Advisory Security Advisory Description An authenticated user with low privileges, such as a guest, can upload ...
F5 Networks

K11742742: iControl REST vulnerability CVE-2022-23023

iControl REST vulnerability CVE-2022-23023 Security Advisory Security Advisory Description Undisclosed requests by an authenticated iControl REST user can cause an increase in memory resource ...
F5 Networks

K30573026: BIG-IP virtual server with FastL4 profile vulnerability CVE-2022-23027

BIG-IP virtual server with FastL4 profile vulnerability CVE-2022-23027 Security Advisory Security Advisory Description When a FastL4 profile and an HTTP, FIX, and/or hash persistence profile are ...
F5 Networks

K24358905: BIG-IP AFM virtual server vulnerability CVE-2022-23018

BIG-IP AFM virtual server vulnerability CVE-2022-23018 Security Advisory Security Advisory Description When a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect ...
F5 Networks

K28042514: BIG-IP TMM and DNS profile vulnerability CVE-2022-23017

BIG-IP TMM and DNS profile vulnerability CVE-2022-23017 Security Advisory Security Advisory Description When a virtual server is configured with a DNS profile with the Rapid Response Mode setting ...
F5 Networks

K91013510: SSL Forward Proxy vulnerability CVE-2022-23016

SSL Forward Proxy vulnerability CVE-2022-23016 Security Advisory Security Advisory Description When BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests ...
F5 Networks

K08476614: BIG-IP Client SSL profile vulnerability CVE-2022-23015

BIG-IP Client SSL profile vulnerability CVE-2022-23015 Security Advisory Security Advisory Description When a Client SSL profile is configured on a virtual server with Client Certificate ...
F5 Networks

K17514331: BIG-IP TMM vulnerability CVE-2022-23020

BIG-IP TMM vulnerability CVE-2022-23020 Security Advisory Security Advisory Description When the Request Logging profile is configured on a virtual server, undisclosed requests can cause the ...
F5 Networks

K30525503: BIG-IP APM Edge Client proxy vulnerability CVE-2022-23032

BIG-IP APM Edge Client proxy vulnerability CVE-2022-23032 Security Advisory Security Advisory Description When proxy settings are configured in the network access resource of a BIG-IP APM system, ...

Linux Servers at Risk of RCE Due to Critical CWP Bugs

The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.

Trickbot Injections Get Harder to Detect & Analyze

The authors of the infamous malware family have added measures for better protecting malicious code injections against inspection and research.

AT&T announces multi-gigabit fiber: $110 a month for 2Gbps, $180 for 5Gbps

Enlarge (credit: Getty Images | zf L) AT&T has started offering 2Gbps and 5Gbps symmetrical Internet speeds over its fiber-to-the-home network, the telecom company announced today. The multi-gigabit speeds are...

Registration for the (ISC)² Entry-Level Cybersecurity Certification Exam Pilot Program Is Now Open

New certification validates students' and career changers' foundational skills and helps kickstart their cybersecurity careers.
SecurityWeek

DC, 3 States Sue Google Saying it Invades Users' Privacy

The District of Columbia and three states are suing Google for allegedly deceiving consumers and invading their privacy by making it nearly impossible for them to stop their location from being tracked. read more