LumisXP - Cross-site Scripting

A cross-site scripting XSS vulnerability in the XsltResultControllerHtml.jsp component of LumisXP v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via the lumPageID parameter. id: CVE-2024-33326 info: name: LumisXP - Cross-site Scripting author: 0xr2r severity: medium...

EUVD-2022-44981

Malicious code in bioql PyPI...

CVE-2024-33326

A cross-site scripting XSS vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter...

LumisXP Security Vulnerability

LumisXP is a cloud-based digital experience software from Lumis Inc. It helps users gain insight into various website, blog and landing page metrics on a unified platform. A security vulnerability exists in LumisXP versions v15.0.x through v16.1.x. An attacker exploited the vulnerability to bypas...

GitLab 12.8.x < 15.11.11, 16.0.x < 16.0.7, 16.1.x < 16.1.2 Path Traversal Vulnerability

GitLab is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if description...

CVE-2023-22302

In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic...

CVE-2022-41832 BIG-IP SIP vulnerability CVE-2022-41832

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization...

F5 Networks BIG-IP : BIG-IP DNS TMUI vulnerability (K38893457)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5 / 15.1.6.1 / 16.1.3 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K38893457 advisory. A vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface TM...

CVE-2022-35728

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging...

Code injection

In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which...

Design/Logic Flaw

In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework MRF virtual server, undisclosed traffic may cause the Traffic Management Microkernel TMM to produce a core file and the connection to terminate...

Code injection

In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of...

Code injection

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed request...

PT-2022-22400 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP versions 13.1.x BIG-IP versions 14.1.x before 14.1.5 BIG-IP versions 15.1.x before 15.1.6.1 BIG-IP versions 16.1.x before 16.1.3.1 Description: When an LTM virtual server is configured to perform normalization, undisclosed requests can...

CVE-2022-34844

In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit DPDK/Elastic Network Adapter ENA driver is used with BIG-IP or BIG-IQ on Amazon Web Services AWS systems, undisclosed traffic can cause the Traffic Management...

Cross site scripting

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, a stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute...

CVE-2022-1388

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End o...

CVE-2022-23020

On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' setting is enabled on the Request Logging profile and configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical...

CVE-2022-23022

On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2022-23021

On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate: HTTP redirect rule in an LTM policy, BIG-IP APM Access Profile, and Explicit HTTP Proxy in HTTP...