PT-2026-38340

Name of the Vulnerable Software and Affected Versions Math.js versions 13.1.0 through 15.1.x Description Arbitrary JavaScript can be executed through the expression parser of the library. Recommendations Update to version 15.2.0...

Malicious code in uuindex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a373d8c2c653d1b6effee8ff65bba442fcf08d7eea88ec95707680697385646 The package uuindex was found to contain malicious code. Source: ghsa-malware 47c06a7b235c91fbc08cc942c69f1e05ecdb8093c9658bd5ade2b8866cc33f4c Any...

PT-2024-25812 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 13.0.0 through 13.1.0 Description: The history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML marku...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 CMS versions 13.0.0 through 13.1.0 that stems from vulnerability to HTML injection...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 CMS that originates from uncontrolled resource consumption in ShowImageController. The affected versions are as follows: 9.0.0 to 9.5.47; 10.0.0 t...

Adobe Substance 3D Designer 缓冲区错误漏洞

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. An out-of-bounds read vulnerability exists in Adobe Substance 3D Designer 13.1.0 and earlier versions, which can be exploited by an attacker to execute arbitrary code on a system with the privileges of th...

PT-2023-8550 · Adobe · Substance3D - Designer

Name of the Vulnerable Software and Affected Versions: Adobe Substance 3D Designer versions 13.0.0 and earlier Adobe Substance 3D Designer versions 13.1.0 and earlier Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An...

F5 Networks BIG-IP : TMM vulnerability (K25400442)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.3.6 / 14.1.2.5 / 15.1.1 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K25400442 advisory. - On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and...

F5 BIG-IP LTM/CGNAT Security Vulnerability

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other functions from F5 Corporation. A security vulnerability exists in F5 BIG-IP LTM/CGNAT, which can be exploited by an attacker to trigger a denial of...

CVE-2020-5881

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition VE is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer NDAL Interfaces can lock up and in turn disrupting the communicatio...

Code injection

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition VE is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer NDAL Interfaces can lock up and in turn disrupting the communicatio...

F5 BIG-IP Input Validation Error Vulnerability (CNVD-2020-00242)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. An input validation error vulnerability exists in F5 BIG-IP versions 15.0.0 through 15.0.1, 14.0.0 through 14.1.2.2, and 13.1....

CVE-2019-6681

CVE-2019-6681 affects BIG-IP tmrouted with memory leak in the Multicast Forwarding Cache (MFC). Affected versions include BIG-IP 15.0.0–15.0.1.1, 14.1.0–14.1.2, 14.0.0–14.0.1, 13.1.0–13.1.3.1, and 12.1.0–12.1.5. The vulnerability can cause a memory leak in tmrouted, potentially exhausting system ...

F5 BIG-IP Information Disclosure Vulnerability (CNVD-2019-41648)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A security vulnerability exists in F5 BIG-IP versions 13.1.0 through 13.1.1. An attacker could exploit the vulnerability to vi...

CVE-2019-6660

On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service...

F5 Networks BIG-IP : HTTP/2 ALPN vulnerability (K94563344)

The Traffic Management Microkernel TMMmay restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation ALPNenabled and it processes traffic where the ALPN extension size is zero.CVE-2019-6619 Impact BIG-IP The Traffic Management Microkernel TMM generates a core...

CVE-2018-5526

Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral DOS BADOS protection may fail during an attack...

CVE-2018-5512

On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload LRO and SYN cookies are enabled default settings, undisclosed traffic patterns may cause TMM to restart...

F5 BIG-IP Denial of Service Vulnerability (CNVD-2018-07536)

F5 BIG-IP ASM and Analytics are both products of F5 Corporation of the U.S.A. F5 BIG-IP ASM is a Web Application Firewall WAF that provides secure remote access, protects email, and simplifies Web access control while enhancing network and application performance.Analytics is a suite of Web...

Kaltura Remote PHP Code Execution over Cookie

This module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hardcoded cookie secret which allows to sign arbitrary cookie data. After passing...