Wednesday, August 10, 2022
F5 Networks

K92254835: Binutils vulnerability CVE-2018-12641

Binutils vulnerability CVE-2018-12641 Security Advisory Security Advisory Description An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack ...
F5 Networks

K34239812: Libexpat vulnerability CVE-2019-15903

Libexpat vulnerability CVE-2019-15903 Security Advisory Security Advisory Description In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document ...
F5 Networks

K43871899: binutils vulnerability CVE-2018-1000876

binutils vulnerability CVE-2018-1000876 Security Advisory Security Advisory Description binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_ ...
F5 Networks

K21571420: Multiple Samba vulnerabilities

Multiple Samba vulnerabilities Security Advisory Security Advisory Description CVE-2022-2031 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when ...
F5 Networks

K12201527: Overview of Quarterly Security Notifications

Overview of Quarterly Security Notifications Security Advisory Security Advisory Description Beginning November 3, 2021, F5 will disclose security vulnerabilities and security exposures for F5 ...
F5 Networks

K14649763: Overview of F5 vulnerabilities (August 2022)

Overview of F5 vulnerabilities (August 2022) Security Advisory Security Advisory Description On August 3, 2022, F5 announced the following security issues. This document is intended to serve as an ...
F5 Networks

K80970653: BIG-IP iRules vulnerability CVE-2022-33962

BIG-IP iRules vulnerability CVE-2022-33962 Security Advisory Security Advisory Description Certain iRules commands may allow an attacker to bypass the access control restrictions for a self IP ...
F5 Networks

K59197053: BIG-IP TLS 1.3 iRule vulnerability CVE-2022-34651

BIG-IP TLS 1.3 iRule vulnerability CVE-2022-34651 Security Advisory Security Advisory Description When an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, ...
F5 Networks

K58235223: BIG-IP APM access policy vulnerability CVE-2022-35245

BIG-IP APM access policy vulnerability CVE-2022-35245 Security Advisory Security Advisory Description When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can ...
F5 Networks

K13213418: BIG-IP monitor configuration vulnerability CVE-2022-35735

BIG-IP monitor configuration vulnerability CVE-2022-35735 Security Advisory Security Advisory Description An authenticated attacker with Resource Administrator or Manager privileges can create or ...
F5 Networks

K23465404: BIG-IP LTM and APM NTLM vulnerability CVE-2022-33968

BIG-IP LTM and APM NTLM vulnerability CVE-2022-33968 Security Advisory Security Advisory Description When an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response ...
F5 Networks

K25046752: Traffic Intelligence feeds vulnerability CVE-2022-34865

Traffic Intelligence feeds vulnerability CVE-2022-34865 Security Advisory Security Advisory Description Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, ...
F5 Networks

K16852653: TMM vulnerability CVE-2022-32455

TMM vulnerability CVE-2022-32455 Security Advisory Security Advisory Description When a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication ...
F5 Networks

K38893457: BIG-IP DNS TMUI vulnerability CVE-2022-33947

BIG-IP DNS TMUI vulnerability CVE-2022-33947 Security Advisory Security Advisory Description A vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface (TMUI) ...
F5 Networks

K34511555: BIG-IP and BIG-IQ AWS vulnerability CVE-2022-34844

BIG-IP and BIG-IQ AWS vulnerability CVE-2022-34844 Security Advisory Security Advisory Description When the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG- ...
F5 Networks

K34893234: BIG-IP APM Appliance mode vulnerability CVE-2022-31473

BIG-IP APM Appliance mode vulnerability CVE-2022-31473 Security Advisory Security Advisory Description When running in Appliance mode, an authenticated attacker may be able to bypass Appliance ...
F5 Networks

K55580033: iControl REST vulnerability CVE-2022-35728

iControl REST vulnerability CVE-2022-35728 Security Advisory Security Advisory Description An authenticated user's iControl REST token may remain valid for a limited time after logging out from ...
F5 Networks

K50310001: BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2022-34851

BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2022-34851 Security Advisory Security Advisory Description An authenticated attacker may cause iControl SOAP to become unavailable through ...
F5 Networks

K90024104: BIG-IP HTTP MRF vulnerability CVE-2022-35272

BIG-IP HTTP MRF vulnerability CVE-2022-35272 Security Advisory Security Advisory Description When source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual ...
F5 Networks

K66510514: TMM vulnerability CVE-2022-34862

TMM vulnerability CVE-2022-34862 Security Advisory Security Advisory Description When an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic ...

Phishers who breached Twilio and fooled Cloudflare could easily get you, too

Enlarge (credit: Getty Images) At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not...
Brian Krebs

Microsoft Patch Tuesday, August 2022 Edition

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows....

One of 5G's Biggest Features Is a Security Minefield

New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.
The Register

Patch Tuesday: Yet another Microsoft RCE bug under active exploit

Oh, and that critical VMware auth bypass vuln? Miscreants found it, too August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …