Lucene search

K

Defender Security Vulnerabilities

cve
cve

CVE-2023-47189

Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-06-04 10:15 AM
2
cve
cve

CVE-2024-25595

Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-05-17 09:15 AM
28
cve
cve

CVE-2022-44581

Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through...

5CVSS

6.8AI Score

0.0004EPSS

2024-05-17 07:15 AM
38
cve
cve

CVE-2024-27261

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: ...

6.4CVSS

6.2AI Score

0.0004EPSS

2024-04-12 01:15 PM
24
cve
cve

CVE-2024-29054

Microsoft Defender for IoT Elevation of Privilege...

7.2CVSS

7.4AI Score

0.001EPSS

2024-04-09 05:15 PM
92
cve
cve

CVE-2024-29055

Microsoft Defender for IoT Elevation of Privilege...

7.2CVSS

7.4AI Score

0.001EPSS

2024-04-09 05:15 PM
91
cve
cve

CVE-2024-29053

Microsoft Defender for IoT Remote Code Execution...

8.8CVSS

8.8AI Score

0.001EPSS

2024-04-09 05:15 PM
130
cve
cve

CVE-2024-21322

Microsoft Defender for IoT Remote Code Execution...

7.2CVSS

8.8AI Score

0.0005EPSS

2024-04-09 05:15 PM
91
cve
cve

CVE-2024-21323

Microsoft Defender for IoT Remote Code Execution...

8.8CVSS

8.8AI Score

0.001EPSS

2024-04-09 05:15 PM
151
cve
cve

CVE-2024-21324

Microsoft Defender for IoT Elevation of Privilege...

7.2CVSS

8.9AI Score

0.001EPSS

2024-04-09 05:15 PM
115
cve
cve

CVE-2024-20671

Microsoft Defender Security Feature Bypass...

5.5CVSS

6.3AI Score

0.0004EPSS

2024-03-12 05:15 PM
162
cve
cve

CVE-2024-21315

Microsoft Defender for Endpoint Protection Elevation of Privilege...

7.8CVSS

7.9AI Score

0.0004EPSS

2024-02-13 06:15 PM
154
cve
cve

CVE-2024-22312

IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: ...

5.5CVSS

5AI Score

0.0004EPSS

2024-02-10 04:15 PM
23
cve
cve

CVE-2024-22313

IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: ...

7.8CVSS

7.5AI Score

0.0004EPSS

2024-02-10 04:15 PM
16
cve
cve

CVE-2023-50957

IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: ...

8CVSS

6.5AI Score

0.0005EPSS

2024-02-10 04:15 PM
25
cve
cve

CVE-2023-50963

IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

6.5CVSS

5.3AI Score

0.0004EPSS

2024-01-19 02:15 AM
5
cve
cve

CVE-2023-51490

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through...

7.5CVSS

7.6AI Score

0.001EPSS

2024-01-08 09:15 PM
23
cve
cve

CVE-2023-36422

Microsoft Windows Defender Elevation of Privilege...

7.8CVSS

8.1AI Score

0.0005EPSS

2023-11-14 06:15 PM
73
cve
cve

CVE-2023-46747

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS).....

9.8CVSS

9.7AI Score

0.972EPSS

2023-10-26 09:15 PM
285
In Wild
cve
cve

CVE-2023-46748

An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software...

8.8CVSS

9.4AI Score

0.007EPSS

2023-10-26 09:15 PM
177
In Wild
cve
cve

CVE-2023-5089

The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is...

5.3CVSS

5.3AI Score

0.002EPSS

2023-10-16 08:15 PM
18
cve
cve

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...

7.5CVSS

8AI Score

0.732EPSS

2023-10-10 02:15 PM
2890
In Wild
cve
cve

CVE-2023-45219

Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS)...

4.4CVSS

4.9AI Score

0.0004EPSS

2023-10-10 01:15 PM
31
cve
cve

CVE-2023-41085

When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not...

7.5CVSS

7.5AI Score

0.0005EPSS

2023-10-10 01:15 PM
35
cve
cve

CVE-2023-43746

When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which...

8.7CVSS

8.3AI Score

0.001EPSS

2023-10-10 01:15 PM
43
cve
cve

CVE-2023-41964

The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not...

6.5CVSS

6.5AI Score

0.0005EPSS

2023-10-10 01:15 PM
39
cve
cve

CVE-2023-43485

When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not...

5.5CVSS

5.8AI Score

0.0004EPSS

2023-10-10 01:15 PM
37
cve
cve

CVE-2023-41373

A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software...

9.9CVSS

9.3AI Score

0.002EPSS

2023-10-10 01:15 PM
43
cve
cve

CVE-2023-42768

When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note:...

7.2CVSS

7AI Score

0.001EPSS

2023-10-10 01:15 PM
32
cve
cve

CVE-2023-43611

The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support (EoTS) are not...

7.8CVSS

7.5AI Score

0.0004EPSS

2023-10-10 01:15 PM
40
cve
cve

CVE-2023-40534

When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached...

7.5CVSS

7.6AI Score

0.0005EPSS

2023-10-10 01:15 PM
44
cve
cve

CVE-2023-40542

When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not...

7.5CVSS

7.5AI Score

0.0005EPSS

2023-10-10 01:15 PM
38
cve
cve

CVE-2023-40537

An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support (EoTS) are not...

8.1CVSS

7.9AI Score

0.001EPSS

2023-10-10 01:15 PM
39
cve
cve

CVE-2023-38163

Windows Defender Attack Surface Reduction Security Feature...

7.8CVSS

8.1AI Score

0.001EPSS

2023-09-12 05:15 PM
40
cve
cve

CVE-2023-38175

Microsoft Windows Defender Elevation of Privilege...

7.8CVSS

8.1AI Score

0.0005EPSS

2023-08-08 06:15 PM
375
cve
cve

CVE-2023-38138

A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not...

7.5CVSS

5.9AI Score

0.0005EPSS

2023-08-02 04:15 PM
44
cve
cve

CVE-2023-3470

Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information...

6.1CVSS

6.2AI Score

0.001EPSS

2023-08-02 04:15 PM
20
cve
cve

CVE-2023-38423

A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not...

5.4CVSS

5.3AI Score

0.0004EPSS

2023-08-02 04:15 PM
23
cve
cve

CVE-2023-38419

An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not...

4.3CVSS

4.8AI Score

0.0004EPSS

2023-08-02 04:15 PM
2339
cve
cve

CVE-2021-4425

The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to verify a one time...

4.3CVSS

4.2AI Score

0.001EPSS

2023-07-12 08:15 AM
11
cve
cve

CVE-2023-29163

When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not...

7.5CVSS

7.5AI Score

0.001EPSS

2023-05-03 03:15 PM
15
cve
cve

CVE-2023-27378

Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not.....

7.5CVSS

6.2AI Score

0.0005EPSS

2023-05-03 03:15 PM
21
cve
cve

CVE-2023-24594

When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not...

5.3CVSS

5.6AI Score

0.0005EPSS

2023-05-03 03:15 PM
21
cve
cve

CVE-2023-28406

A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained. Note:...

4.3CVSS

4.6AI Score

0.0005EPSS

2023-05-03 03:15 PM
17
cve
cve

CVE-2023-23379

Microsoft Defender for IoT Elevation of Privilege...

7.8CVSS

6.9AI Score

0.001EPSS

2023-02-14 08:15 PM
48
cve
cve

CVE-2023-21809

Microsoft Defender for Endpoint Security Feature Bypass...

7.8CVSS

8.1AI Score

0.001EPSS

2023-02-14 08:15 PM
49
cve
cve

CVE-2023-22374

A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary....

8.5CVSS

8.4AI Score

0.001EPSS

2023-02-01 06:15 PM
72
cve
cve

CVE-2023-22664

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note:...

7.5CVSS

7.6AI Score

0.001EPSS

2023-02-01 06:15 PM
16
cve
cve

CVE-2023-22842

On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software...

7.5CVSS

7.6AI Score

0.001EPSS

2023-02-01 06:15 PM
20
cve
cve

CVE-2023-22340

On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of...

7.5CVSS

7.6AI Score

0.001EPSS

2023-02-01 06:15 PM
21
Total number of security vulnerabilities156