Lucene search
K

67 matches found

CVE
CVE
added 2021/09/14 5:58 p.m.71 views

CVE-2021-23034

CVE-2021-23034 affects F5 BIG-IP TMM when a DNS profile using a DNS cache resolver is configured on a virtual server; undisclosed DNS requests can terminate the TMM process, causing DoS. Affected versions include BIG-IP 16.x before 16.1.0 and 15.1.x before 15.1.3.1. Public sources in connected do...

7.5CVSS7.5AI score0.0095EPSS
Exploits0References1Affected Software11
Cvelist
Cvelist
added 2021/09/14 5:40 p.m.40 views

CVE-2021-23032

On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a BIG-IP DNS system is configured with non-default Wide IP and pool settings, undisclosed DNS responses can cause the Traffic Management Microkernel TMM to terminate. Note:...

7.7AI score0.00933EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/14 5:15 p.m.19 views

CVE-2021-23033

On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 16.1.0x, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software version...

7.7AI score0.00933EPSS
Exploits0References1
Prion
Prion
added 2021/09/14 2:15 p.m.25 views

Design/Logic Flaw

On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol OCSP verification of a certificate that contains Authority Information Access AIA, undisclosed requests may cau...

5CVSS5.3AI score0.00598EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/09/08 11:15 a.m.3 views

CVE-2021-40377

SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application...

5.4CVSS5.8AI score0.00466EPSS
Exploits0References2
NVD
NVD
added 2021/06/29 4:15 p.m.14 views

CVE-2021-20102

Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place...

8.8CVSS0.00508EPSS
Exploits0References1
Prion
Prion
added 2021/06/29 4:15 p.m.13 views

Cross site request forgery (csrf)

Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF tokens in place...

6.8CVSS8.5AI score0.00508EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2021/03/26 3:32 a.m.244 views

Exploit for Server-Side Request Forgery in F5 Big-Ip_Access_Policy_Manager

F5 BIG-IP 远程命令执行漏洞(CVE-2021-22986) 漏洞影响 F5 BIG-IP 16.x: 1...

10CVSS9.7AI score0.99898EPSS
Exploits20
CNNVD
CNNVD
added 2021/02/18 12:0 a.m.7 views

Digium Asterisk Security Vulnerability

Digium Asterisk is a set of open source telephone exchange PBX system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response IVR, and more. A security vulnerability exists in Digium Asterisk. The vulnerability stems from allowing a...

5.9CVSS6.3AI score0.02547EPSS
Exploits0References9
Prion
Prion
added 2020/12/24 3:15 p.m.26 views

Code injection

In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, on systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic ove...

4CVSS6.4AI score0.00887EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2020/08/12 12:0 a.m.24 views

Microsoft Word 2016 Multiple Information Disclosure Vulnerabilities (KB4484474)

This host is missing an important security update according to Microsoft KB4484474 Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

8.8CVSS8.7AI score0.04906EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/05/12 5:56 p.m.21 views

CVE-2020-6241

SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection...

8.8CVSS8.9AI score0.00974EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/02/04 12:0 a.m.5 views

PT-2020-19957 · Nextcloud · Nextcloud Server

Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 16.0.1 Description: A reflected Cross-Site Scripting issue was found in the svg generation of the affected software. Recommendations: For Nextcloud Server version 16.0.1, update to a version that includes a fix for th...

6.1CVSS6AI score0.00916EPSS
Exploits1References5
Prion
Prion
added 2020/01/27 11:15 p.m.13 views

Design/Logic Flaw

A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena...

6.8CVSS7.5AI score0.05571EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/11/14 12:0 a.m.23 views

CVE-2019-14818

A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhostuser socket, can send specially crafted VRINGSETNUM messages, resulting in a memory leak including file...

7.5CVSS7.2AI score0.02815EPSS
Exploits0References8
CVE
CVE
added 2019/11/14 12:0 a.m.156 views

CVE-2019-14818

The CVE-2019-14818 issue affects DPDK packages in multiple lines: 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4, and 19.x.x before 19.08.1. A malicious master or a container with access to a vhost_user socket can send crafted VRING_SET_NUM messages, causing a memory leak th...

7.5CVSS7.1AI score0.02815EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2019/03/26 4:29 p.m.17 views

Design/Logic Flaw

An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16, which may allow an attacker to gain access the hos...

7.5CVSS7.7AI score0.02062EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/03/26 3:37 p.m.18 views

CVE-2014-5431

Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password...

6.9AI score0.00378EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/03/26 3:17 p.m.17 views

CVE-2014-5432

Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access...

9.6AI score0.02573EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/11/15 12:0 a.m.51 views

Asterisk DoS Vulnerability (AST-2018-010)

Asterisk is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk"; if...

7.5CVSS7.5AI score0.03579EPSS
Exploits1References1
Rows per page
Query Builder