67 matches found
CVE-2021-23034
CVE-2021-23034 affects F5 BIG-IP TMM when a DNS profile using a DNS cache resolver is configured on a virtual server; undisclosed DNS requests can terminate the TMM process, causing DoS. Affected versions include BIG-IP 16.x before 16.1.0 and 15.1.x before 15.1.3.1. Public sources in connected do...
CVE-2021-23032
On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a BIG-IP DNS system is configured with non-default Wide IP and pool settings, undisclosed DNS responses can cause the Traffic Management Microkernel TMM to terminate. Note:...
CVE-2021-23033
On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 16.1.0x, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software version...
Design/Logic Flaw
On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol OCSP verification of a certificate that contains Authority Information Access AIA, undisclosed requests may cau...
CVE-2021-40377
SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application...
CVE-2021-20102
Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place...
Cross site request forgery (csrf)
Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place...
Exploit for Server-Side Request Forgery in F5 Big-Ip_Access_Policy_Manager
F5 BIG-IP 远程命令执行漏洞(CVE-2021-22986) 漏洞影响 F5 BIG-IP 16.x: 1...
Digium Asterisk Security Vulnerability
Digium Asterisk is a set of open source telephone exchange PBX system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response IVR, and more. A security vulnerability exists in Digium Asterisk. The vulnerability stems from allowing a...
Code injection
In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, on systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic ove...
Microsoft Word 2016 Multiple Information Disclosure Vulnerabilities (KB4484474)
This host is missing an important security update according to Microsoft KB4484474 Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...
CVE-2020-6241
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection...
PT-2020-19957 · Nextcloud · Nextcloud Server
Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 16.0.1 Description: A reflected Cross-Site Scripting issue was found in the svg generation of the affected software. Recommendations: For Nextcloud Server version 16.0.1, update to a version that includes a fix for th...
Design/Logic Flaw
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena...
CVE-2019-14818
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhostuser socket, can send specially crafted VRINGSETNUM messages, resulting in a memory leak including file...
CVE-2019-14818
The CVE-2019-14818 issue affects DPDK packages in multiple lines: 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4, and 19.x.x before 19.08.1. A malicious master or a container with access to a vhost_user socket can send crafted VRING_SET_NUM messages, causing a memory leak th...
Design/Logic Flaw
An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16, which may allow an attacker to gain access the hos...
CVE-2014-5431
Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password...
CVE-2014-5432
Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access...
Asterisk DoS Vulnerability (AST-2018-010)
Asterisk is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk"; if...