Multiple Cisco Products Snort 3 Access Control Policy Bypass (cisco-sa-ftd-snort3acp-bypass-3bdR2BEh)

According to its self-reported version, Cisco FTD Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...

Juniper Junos OS Vulnerability (JSA70604)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA70604 advisory. - An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to bypass an...

Cisco Email Security Appliance HTTP Response Header Injection (cisco-sa-ESA-HTTP-Inject-nvsycUmR)

According to its self-reported version, Cisco Email Security Appliance is affected by a vulnerability due to a failure to sanitize input values. An unauthenticated, remote attacker can exploit this, by injecting malicious HTTP headers, in order to conduct an HTTP response splitting attack. Please...

F5 Networks BIG-IP : zlib vulnerability (K21548854)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K21548854 advisory. zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant...

F5 Networks BIG-IP : cURL vulnerability (K41523201)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4.1 / 14.1.4.2 / 15.1.4 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K41523201 advisory. Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to...

Juniper Junos OS Vulnerability (JSA11118)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11118 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable Network Security, Inc...

Cisco IOS XE Software SD WAN Privilege Escalation (cisco-sa-sdwan-clipriv-9TO2QGVp)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...

Cisco AireOS Software for Cisco Wireless LAN Controllers (WLC) DoS (cisco-sa-iosxe-wlc-fnfv9-EvrAQpNX)

According to its self-reported version, the remote Cisco Wireless LAN Controller WLC device is affected by a DoS vulnerability in the Flexible NetFlow Version 9 packet processor due to insufficient validation of certain parameters in a Flexible NetFlow Version 9 record. An unauthenticated, remote...

Cisco Identity Services Engine XSS (cisco-sa-ise-xxs-mf5cbYx5)

A cross-site scripting XSS vulnerability exists in Cisco Identity Services Engine web-based management interface due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this, by convincing a user to click a specially crafted UR...

Cisco IOS XE Software MP BGP EVPN DoS (cisco-sa-ios-bgp-evpn-dos-LNfYJxfF)

According to its self-reported version, IOS-XE is affected by a denial of service DoS vulnerability in the Multiprotocol Border Gateway Protocol MP-BGP for the Layer 2 VPN L2VPN Ethernet VPN EVPN address family. An unauthenticated, remote attacker can exploit this, by sending BGP update messages...

Cisco IOS Software One Platform Kit Remote Code Execution Vulnerability (cisco-sa-ios-nxos-onepk-rce-6Hhyt4dC)

According to its self-reported version, Cisco IOS is affected by a remote code execution vulnerability. Therefore there exists in Cisco One Platform Kit due to a vulnerability in the Topology Discovery Service. An unauthenticated, adjacent attacker can exploit this to bypass authentication and...

Cisco IOS XR Software Standby Route Processor Gigabit Ethernet Management Interface Access Control List Bypass Vulnerability (cisco-sa-xracl-zbWSWREt)

An authentication bypass vulnerability exists in Cisco IOS XR Software due to a logic error, which prevents the ACL from working when applied against the standby route processor management interface. An unauthenticated, remote attacker can exploit this by attempting to access the device through t...

F5 Networks BIG-IP : Bootstrap vulnerability (K24383845)

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. CVE-2019-8331 Impact An attacker can inject a malicious script into a client browser. Additionally, an attacker can trick auser into running malicious code. C Tenable, Inc. The...

Juniper JSA10925

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the JSA10925 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self- reported version numbe...

F5 Networks BIG-IP : BIG-IP SOCKS proxy vulnerability (K55225440)

Responses to SOCKS proxy requests made through the BIG-IP system may cause a disruption of service provided by theTraffic Management Microkernel TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a virtual server. The control plane is not impacted by this...

Cisco IOS DHCP Multiple Vulnerabilities

According to its self-reported version, the Cisco IOS software running on the remote device is affected by multiple denial of service vulnerabilities in the DHCP client implementation when parsing DHCP packets. An unauthenticated, remote attacker can exploit these issues, via specially crafted DH...

F5 Networks BIG-IP : glibc vulnerability (K31211252)

Multiple stack-based buffer overflows in the GNU C Library aka glibc or libc6 before 2.23 allow context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a long argument to the 1 nan, 2 nanf, or 3 nanl function. CVE-2014-9761 C Tenable Netwo...

F5 Networks BIG-IP : NTP vulnerability (K02951273)

NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service daemon crash via an invalid setting in a :config directive, related to the unpeer option. CVE-2017-6463 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

Cisco Email Security Appliance Filter Bypass Vulnerability

According to its self-reported version, the Cisco Email Security Appliance ESA is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. TRUSTED...

Juniper Junos DoS Telnet Vulnerability (JSA10817)

According to its self-reported version number, the remote Junos device is affected by two vulnerabilities in the telnetd service that may allow a remote unauthenticated attacker to cause a denial of service through memory and/or CPU consumption. TRUSTED...