BIG-IP (DNS, GTM) Security Vulnerabilities
F5 Networks BIG-IP : BIG-IP Configuration utility XSS vulnerability (K000138636)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.4 / 16.1.4.3 / 17.1.1.3. It is, therefore, affected by a vulnerability as referenced in the K000138636 advisory. A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP ...
7.2AI Score
F5 Networks BIG-IP : BIG-IP SSL vulnerability (K000138912)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.4 / 16.1.4.3 / 17.1.1.3. It is, therefore, affected by a vulnerability as referenced in the K000138912 advisory. When an SSL profile with alert timeout is configured with a non-default value on a virtual...
5.8AI Score
K000139594: libxml2 vulnerability CVE-2022-40304
Security Advisory Description An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. (CVE-2022-40304). Impact This vulnerability allows a...
7.6AI Score
0.001EPSS
Oracle Linux 9 : nodejs:18 (ELSA-2024-2779)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2779 advisory. nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the...
6.9AI Score
EulerOS Virtualization 2.11.0 : systemd (EulerOS-SA-2024-1641)
According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed...
7.5AI Score
F5 Networks BIG-IP : BIG-IP APM browser network access VPN client vulnerability (K000138744)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.3 / 16.1.4.2 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000138744 advisory. An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for...
7.3AI Score
F5 Networks BIG-IP : BIG-IP TMM tenants on VELOS and rSeries vulnerability (K000139217)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10. It is, therefore, affected by a vulnerability as referenced in the K000139217 advisory. Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants...
7AI Score
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2024-1641)
The remote host is missing an update for the Huawei...
7.5AI Score
0.001EPSS
K000139616: MySQL vulnerability CVE-2024-21051
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...
5.7AI Score
0.0004EPSS
K000139615: Node.js vulnerability CVE-2024-27982
Security Advisory Description The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly,...
5.8AI Score
0.0004EPSS
F5 Networks BIG-IP : TMM vulnerability (K000139037)
The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000139037 advisory. When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel...
7.6AI Score
F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K000138520)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.4 / 16.1.4.3 / 17.1.1.3. It is, therefore, affected by a vulnerability as referenced in the K000138520 advisory. A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP ...
5.8AI Score
Amazon Linux 2 : kernel (ALAS-2024-2542)
The version of kernel installed on the remote host is prior to 4.14.343-261.564. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2542 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB...
7.3AI Score
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
Impact OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they come from networks that are not configured as localNetworks, by...
7.1AI Score
0.0004EPSS
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
Impact OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they come from networks that are not configured as localNetworks, by...
7.1AI Score
0.0004EPSS
A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS...
7.5CVSS
7.4AI Score
0.001EPSS
An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13...
5CVSS
6.9AI Score
0.0004EPSS
A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS...
7.9AI Score
0.001EPSS
An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13...
5.1AI Score
0.0004EPSS
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they....
6.8AI Score
0.0004EPSS
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they....
7.1CVSS
7.1AI Score
0.0004EPSS
A vulnerability, which was classified as critical, was found in Ruijie RG-UAC up to 20240506. This affects an unknown part of the file /view/networkConfig/GRE/gre_add_commit.php. The manipulation of the argument name/remote/local/IP leads to os command injection. It is possible to initiate the...
6.3CVSS
7.6AI Score
0.0005EPSS
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPW parameter at...
8.1AI Score
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at...
8.1AI Score
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at...
8.1AI Score
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at...
8.1AI Score
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at...
8.1AI Score
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no.....
6.8CVSS
6.9AI Score
0.0004EPSS
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no.....
6.3AI Score
0.0004EPSS
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop....
7.2AI Score
0.0004EPSS
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop....
7.5CVSS
7.2AI Score
0.0004EPSS
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop....
7.2AI Score
0.0004EPSS
DNS Tunneling Used for Stealthy Scans and Email Tracking
By Deeba Ahmed Hackers are hiding malicious messages in everyday internet traffic! Learn how DNS tunneling works and how to protect yourself from this sneaky cyberattack. Stop hackers from scanning your network and tracking your clicks. This is a post from HackRead.com Read the original post: DNS.....
7.2AI Score
10AI Score
0.001EPSS
10AI Score
0.001EPSS
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they....
7.1AI Score
0.0004EPSS
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite...
7AI Score
0.0004EPSS
May 14, 2024—KB5037765 (OS Build 17763.5820)
May 14, 2024—KB5037765 (OS Build 17763.5820) 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page. Highlights This update...
8.1AI Score
0.008EPSS
May 14, 2024— KB5037848 (OS Build 20348.2458)
May 14, 2024— KB5037848 (OS Build 20348.2458) Improvements and fixes This security update includes quality improvements. When you install this KB: This update affects next secure record 3 (NSEC3) validation in a recursive resolver. Its limit is now 1,000 computations. One computation is equal to...
7.1AI Score
0.008EPSS
May 14, 2024—KB5037823 (Monthly Rollup)
May 14, 2024—KB5037823 (Monthly Rollup) IMPORTANT The installation of this Extended Security Update (ESU) might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU...
7AI Score
0.0004EPSS
May 14, 2024—KB5037781 (OS Build 25398.887)
May 14, 2024—KB5037781 (OS Build 25398.887) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...
7AI Score
0.008EPSS
May 14, 2024—KB5037782 (OS Build 20348.2461)
May 14, 2024—KB5037782 (OS Build 20348.2461) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when...
7AI Score
0.008EPSS
May 14, 2024—KB5037763 (OS Build 14393.6981)
May 14, 2024—KB5037763 (OS Build 14393.6981) 11/19/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1607, see its update history page. Highlights This update...
7.1AI Score
0.008EPSS
May 14, 2024—KB5037778 (Monthly Rollup)
May 14, 2024—KB5037778 (Monthly Rollup) IMPORTANT The installation of this Extended Security Update (ESU) might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only...
6.9AI Score
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop....
7AI Score
0.0004EPSS
K000139608: MySQL Server vulnerability CVE-2024-21087
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access....
5.7AI Score
0.0004EPSS
F5 Networks BIG-IP : libxml2 vulnerability (K000139594)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139594 advisory. An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table...
7.1AI Score
K000139606: MySQL Server vulnerabiliity CVE-2024-21047
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to....
5.7AI Score
0.0004EPSS
K000139607: MySQL Server vulnerabilities CVE-2024-21013 and CVE-2024-21062
Security Advisory Description CVE-2024-21013 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network...
5.6AI Score
0.0004EPSS
F5 Networks BIG-IP : libxml2 vulnerability (K000139592)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139592 advisory. An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document,...
7AI Score