Cisco Unity Connection Arbitrary File Upload (cisco-sa-cuc-unauth-afu-FROYsCsD)

According to its self-reported version, Cisco Unity Connection running on the report host is affected by an Arbitrary File Upload Vulnerability. Due to lack of authentication in a specific API and improper validation of user-supplied data, an unauthenticated, remote attacker can store malicious...

Multiple Cisco Products Snort 3 Access Control Policy Bypass (cisco-sa-ftd-snort3acp-bypass-3bdR2BEh)

According to its self-reported version, Cisco ASA Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...

F5 Networks BIG-IP : Intel BIOS vulnerability (K000130240)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000130240 advisory. - Improper input validation in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially...

Cisco IOS XE Software Fragmented Tunnel Protocol Packet DoS (cisco-sa-ios-gre-crash-p6nE5Sq5)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...

Cisco IOS XE Software for cBR 8 Converged Broadband Routers Common Open Policy Service Denial of Service (cisco-sa-cbr8-cops-Vc2ZsJSx)

According to its self-reported version, Cisco IOS-XE Software for Cisco cBR-8 Converged Broadband Routers is affected by a DoS vulnerability in the Common Open Policy Service COPS. A deadlock condition exists in the COPS packet processing that could allow allow an unauthenticated, remote attacker...

Cisco Identity Services Engine XSRF (cisco-sa-ise-csrf-vgNtTpAs)

According to its self-reported version, Cisco Identity Services Engine is affected by a cross site request forgery XSRF vulnerability due to insufficient XSRF protection. An unauthenticated, remote attacker can exploit this, by persuading a user to click a malicious link, in order to perform...

Juniper Junos OS DoS (JSA11091)

The version of Junos OS installed on the remote host is affected by a denial of service vulnerability as referenced in the JSA11091 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. TRUSTED...

Cisco AnyConnect Secure Mobility Client Arbitrary File Read Vulnerability (cisco-sa-anyconnect-fileread-PbHbgHMj)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cisco-sa-anyconnect-fileread-PbHbgHMj advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...

Cisco Small Business RV Series Arbitrary Code Execution (cisco-sa-code-exec-wH3BNFb)

According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by an arbitrary code execution vulnerability due to improper input validation. An unauthenticated remote attacker can exploit this, via maliciously crafted requests, to execute arbitrary code with...

F5 Networks BIG-IP : BIG-IP QKView vulnerability (K03318649)

When creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace. CVE-2020-5890 Impact The BIG-IP system may disclose sensitive information used for authentication with...

F5 Networks BIG-IP : Kernel vulnerability (K62442245)

The tcpchecksendhead function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service tcpxmitretransmitqueue use-after-free and system crash via a crafted SACK option...

F5 Networks BIG-IP : BIG-IP BIND vulnerability (K98528405)

A flaw in the 'deny-answer-aliases' feature can cause an INSIST assertion failure in named. CVE-2018-5740 Impact A flaw in a rarely used BIND feature can cause an assertion failure in named . As a result, the bind process restarts. C Tenable Network Security, Inc. The descriptive text and package...

Juniper Junos Memory Exhaustion RDP DOS with JET support (JSA10882)

According to its self-reported version number, the remote Junos device is affected by a denial of service vulnerability due to a flaw with the Routing Protocols Daemon with Juniper Extension Toolkit support. A remote attacker could exhaust memory resources potentially causing the device to become...

F5 Networks BIG-IP : BIND vulnerability (SOL14601)

ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query for an AAAA record. C Tenable...

F5 Networks BIG-IP : BIND vulnerability (SOL17227)

An incorrect boundary check in openpgpkey61.c can cause named to terminate due to a REQUIRE assertion failure. This defect can be deliberately exploited by an attacker who can provide a maliciously constructed response in answer to a query. C Tenable Network Security, Inc. The descriptive text an...

F5 Networks BIG-IP : PHP vulnerability (SOL15169)

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the xmlparseintostruct function. C Tenable Network...

F5 Networks BIG-IP : Python vulnerability (K16398)

Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts. CVE-2006-4980 Impact An attacker may be able to...

F5 Networks BIG-IP : OpenSSL OCSP vulnerability (SOL14261)

OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d do not properly perform signature verification for Online Certificate Status Protocol OCSP responses, which allow remote attackers to cause a denial-of-service DoS NULL pointer dereference and application crash by way of an inval...

F5 Networks BIG-IP : BIG-IP management interface vulnerability (SOL9875)

The remote BIG-IP device is missing a patch required by a security advisory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution SOL9875. The text description of this plugin is C F5 Networks...

F5 Networks BIG-IP : XSS vulnerability in echo.jsp (SOL15532)

A cross-site scripting XSS vulnerability exists intmui/dashboard/echo.jsp for the BIG-IP Configuration utility and the Enterprise Manager Configuration utility. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution...