Lucene search
K

106 matches found

Vulnrichment
Vulnrichment
added 2024/02/14 4:30 p.m.23 views

CVE-2024-23306 BIG-IP Next CNF & SPK vulnerability

A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.1CVSS4.8AI score0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/14 4:30 p.m.27 views

CVE-2024-21782 BIG-IP and BIG-IQ secure copy vulnerability

BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy scp utility but do not have access to Advanced shell bash can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873...

6.7CVSS7.5AI score0.00178EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/14 4:30 p.m.28 views

CVE-2024-23607 F5OS QKView utility vulnerability

A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

5.5CVSS5.6AI score0.00499EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/02/14 12:0 a.m.33 views

CVE-2024-24990

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS7.1AI score0.00914EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/03 12:0 a.m.24 views

F5 Networks BIG-IP : BIG-IP TMM vulnerability (K30523121)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.3.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K30523121 advisory. - On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when a DNS profile using a DNS cache resolver is...

7.5CVSS7.8AI score0.0092EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/02 12:0 a.m.25 views

F5 Networks BIG-IP : TMUI XSS vulnerability (K24301698)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4.3 / 15.1.3.1 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K24301698 advisory. - On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM...

6.1CVSS6.6AI score0.00562EPSS
Exploits0References2
Prion
Prion
added 2023/10/10 1:15 p.m.20 views

Design/Logic Flaw

When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which...

4.7CVSS8.3AI score0.00435EPSS
Exploits0References1Affected Software18
Vulnrichment
Vulnrichment
added 2023/10/10 12:34 p.m.25 views

CVE-2023-43611 BIG-IP Edge Client for macOS vulnerability

The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.8CVSS6.7AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/10 12:33 p.m.26 views

CVE-2023-41964 BIG-IP and BIG-IQ Database Variable vulnerability

The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database DB variables. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

4.3CVSS6.5AI score0.00244EPSS
Exploits0References1
NVD
NVD
added 2023/09/27 4:21 p.m.24 views

CVE-2023-43125

BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.2CVSS7.4AI score0.00237EPSS
Exploits0References1
Prion
Prion
added 2023/09/27 4:21 p.m.19 views

Code injection

BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

4.8CVSS6.9AI score0.00154EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/09/27 4:21 p.m.29 views

Code injection

BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.4CVSS8.1AI score0.00237EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2023/09/27 3:22 p.m.21 views

CVE-2023-43125 BIG-IP APM Clients TunnelCrack vulnerability

BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.8CVSS6.9AI score0.00237EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/27 3:22 p.m.31 views

CVE-2023-43125 BIG-IP APM Clients TunnelCrack vulnerability

BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.8CVSS8.4AI score0.00237EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/27 3:21 p.m.28 views

CVE-2023-43124 BIG-IP APM Clients TunnelCrack vulnerability

BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

5.3CVSS7.1AI score0.00154EPSS
Exploits0References1
NVD
NVD
added 2023/08/02 4:15 p.m.17 views

CVE-2023-38419

An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

4.3CVSS4.5AI score0.00453EPSS
Exploits0References1
Prion
Prion
added 2023/08/02 4:15 p.m.27 views

Cross site scripting

A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluate...

5.8CVSS5.9AI score0.00338EPSS
Exploits0References1Affected Software19
Prion
Prion
added 2023/08/02 4:15 p.m.19 views

Design/Logic Flaw

Audit logs on F5OS-A may contain undisclosed sensitive information. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

1.4CVSS4.8AI score0.00175EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/02 3:55 p.m.13 views

CVE-2023-38423 BIG-IP Configuration utility vulnerability

A cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

5.4CVSS5.6AI score0.00295EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.20 views

F5 Networks BIG-IP : BIG-IP FIPS HSM password vulnerability (K000135449)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4 / 14.1.4 / 15.1.1 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K000135449 advisory. - Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password...

6.1CVSS6.2AI score0.00168EPSS
Exploits0References2
Rows per page
Query Builder