Web Security Security Vulnerabilities
The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not...
8.8CVSS
8.3AI Score
0.0005EPSS
The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the...
7.9CVSS
7.4AI Score
0.0004EPSS
The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application...
7.1CVSS
4AI Score
0.0004EPSS
The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a...
7.8CVSS
7.3AI Score
0.0004EPSS
The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed...
8.8CVSS
8.8AI Score
0.001EPSS
Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution via specific file...
8.2CVSS
7.2AI Score
0.001EPSS
Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code...
8.6CVSS
7.7AI Score
0.001EPSS
Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML...
7.3CVSS
5.2AI Score
0.0004EPSS
Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information...
7.7CVSS
6.6AI Score
0.0005EPSS
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...
Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS)...
4.4CVSS
4.9AI Score
0.0004EPSS
When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not...
7.5CVSS
7.5AI Score
0.0005EPSS
The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not...
6.5CVSS
6.5AI Score
0.0005EPSS
When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which...
8.7CVSS
8.3AI Score
0.001EPSS
A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software...
9.9CVSS
9.3AI Score
0.002EPSS
When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not...
5.5CVSS
5.8AI Score
0.0004EPSS
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support (EoTS) are not...
7.8CVSS
7.5AI Score
0.0004EPSS
When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note:...
7.2CVSS
7AI Score
0.001EPSS
When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached...
7.5CVSS
7.6AI Score
0.0005EPSS
When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not...
7.5CVSS
7.5AI Score
0.0005EPSS
An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support (EoTS) are not...
8.1CVSS
7.9AI Score
0.001EPSS
A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login...
5.9CVSS
5.7AI Score
0.0005EPSS
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML...
4.3CVSS
4.6AI Score
0.001EPSS
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be...
7.5CVSS
7.3AI Score
0.001EPSS
A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...
6.5CVSS
6.5AI Score
0.0005EPSS
Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web...
7.7CVSS
6.2AI Score
0.001EPSS
Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from...
6.5CVSS
5.2AI Score
0.001EPSS
5.5CVSS
5.6AI Score
0.0004EPSS
Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on...
7.5CVSS
7.7AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file...
7.5CVSS
7.5AI Score
0.001EPSS
Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log...
9.8CVSS
9.5AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on...
5.5CVSS
5.5AI Score
0.0004EPSS
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on...
5.5CVSS
5.4AI Score
0.0004EPSS
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search...
7.5CVSS
7.4AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS...
7.5CVSS
7.5AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security ...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log...
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
7.7AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web...
9.8CVSS
9.5AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known...
9.8CVSS
9.5AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based...
7.5CVSS
7.5AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy ...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged...
6.5CVSS
6.4AI Score
0.0005EPSS
A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper detection of malicious.....
5.8CVSS
5.4AI Score
0.001EPSS