ConfigSync vulnerability in F5

Overview :
F5 BIG-IP and Enterprise Manager may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.
Affected Product(s) :
  • F5 BIG-IP 15.0.0
  • F5 BIG-IP 14.1.0-14.1.0.6
  • F5 BIG-IP 14.0.0-14.0.0.5
  • F5 BIG-IP 13.0.0-13.1.1.5
  • F5 BIG-IP 12.1.0-12.1.4.1
  • F5 BIG-IP 11.6.0-11.6.4
  • F5 BIG-IP 11.5.1-11.5.9
  • Enterprise Manager 3.1.1
Vulnerability Details :
CVE ID : CVE-2019-6649
F5 BIG-IP and Enterprise Manager may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings. (CVE-2019-6649)

Solution : F5 recommends upgrading to a fixed software version to fully mitigate this vulnerability.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-40265 : MITSUBISHI ELECTRIC MELSEC IQ-R PACKETS DENIAL OF SERVICE

CVE-2022-40265 : MITSUBISHI ELECTRIC MELSEC IQ-R PACKETS DENIAL OF SERVICE

Description Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version “65” and prior and Mitsubishi

CVE-2022-44400 : ORETNOM23 PURCHASE ORDER MANAGEMENT SYSTEM 1.0 UNRESTRICTED UPLOAD

CVE-2022-44400 : ORETNOM23 PURCHASE ORDER MANAGEMENT SYSTEM 1.0 UNRESTRICTED UPLOAD

Description Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info. References https://github.com/lcg-22266/bug_report/blob/main/vendors/oretnom23/Purchase%20Order%20Management%20System/UPLOAD-1.md For More Information MITRE

CVE-2022-45919 : LINUX KERNEL UP TO 6.0.10/0221.C DVB_CA_EN50221.C DVB_CA_EN50221_IO_RELEASE USE AFTER FREE

CVE-2022-45919 : LINUX KERNEL UP TO 6.0.10/0221.C DVB_CA_EN50221.C DVB_CA_EN50221_IO_RELEASE USE AFTER FREE

Description An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is