Lucene search
K

73 matches found

NVD
NVD
added 2021/03/31 6:15 p.m.26 views

CVE-2021-22991

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel TMM URI normalization, which may trigger a buffer...

9.8CVSS0.61064EPSS
Exploits3References2
Prion
Prion
added 2021/03/31 6:15 p.m.21 views

Buffer overflow

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel TMM URI normalization, which may trigger a buffer...

6.8CVSS9.8AI score0.61064EPSS
Exploits3References1Affected Software14
CVE
CVE
added 2021/03/31 5:23 p.m.1070 views

CVE-2021-22991

CVE-2021-22991 affects BIG-IP Traffic Management Microkernel (TMM) URI normalization, where undisclosed requests to a virtual server may trigger a buffer overflow in TMM. This can cause a DoS and, in some scenarios, bypass URL-based access controls or enable remote code execution. The issue impac...

9.8CVSS9.7AI score0.61064EPSS
In wildExploits3References2Affected Software14
ATTACKERKB
ATTACKERKB
added 2021/03/31 12:0 a.m.38 views

CVE-2021-22991

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel TMM URI normalization, which may trigger a buffer...

9.8CVSS4.2AI score0.61064EPSS
In wildExploits3References2
0day.today
0day.today
added 2021/03/12 12:0 a.m.70 views

F5 Big IP TMM uri_normalize_host Information Disclosure / Out-Of-Bounds Write Vulnerability

Big IP's Traffic Management Microkernels TMM URI normalization incorrectly handles invalid IPv6 hostnames allowing for information disclosure and an out-of-bounds write condition. F5 Big IP - TMM urinormalizehost infoleak and out-of-bounds write Big IP's Traffic Management Microkernels TMM URI...

9.8CVSS9.3AI score0.61064EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.78 views

F5 Networks BIG-IP : TMM buffer-overflow vulnerability (K56715231)

The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.3 / 13.1.3.6 / 14.1.4 / 15.1.2.1 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K56715231 advisory. - On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1....

9.8CVSS9.3AI score0.61064EPSS
Exploits3References2
UbuntuCve
UbuntuCve
added 2020/09/14 1:15 p.m.17 views

CVE-2020-24660

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...

9.8CVSS7.2AI score0.02342EPSS
Exploits1References2
NVD
NVD
added 2020/03/25 6:15 p.m.20 views

CVE-2020-5280

http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalizatio...

7.6CVSS7.2AI score0.06817EPSS
Exploits0References4
OSV
OSV
added 2020/03/25 6:15 p.m.15 views

CVE-2020-5280

http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalizatio...

7.5CVSS7.3AI score
Exploits0References4
Prion
Prion
added 2020/03/25 6:15 p.m.17 views

Design/Logic Flaw

http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalizatio...

5CVSS7.2AI score0.06817EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2020/03/25 5:45 p.m.29 views

CVE-2020-5280 Local file inclusion vulnerability in http4s

http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalizatio...

7.6CVSS7.2AI score0.06817EPSS
Exploits0References4
Prion
Prion
added 2018/03/19 1:29 p.m.17 views

Directory traversal

The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did no...

5CVSS7.1AI score0.01744EPSS
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2015/01/13 12:0 a.m.34 views

Lexmark MarkVision Enterprise - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Lexmark MarkVision Enterprise Arbitrary File Upload', 'Description' = %q This module exploits a code execution flaw in Lexmark...

10CVSS7.4AI score0.77198EPSS
Exploits6
Rows per page
Query Builder