Lucene search

K

F5 Networks, Inc. Security Vulnerabilities

nessus
nessus

F5 Networks BIG-IP : Libexpat vulnerability (K000139525)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139525 advisory. In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in ...

7.5CVSS

7.4AI Score

0.004EPSS

2024-05-24 12:00 AM
3
github
github

OpenStack Manila Unprivileged users can retrieve, use and manipulate share networks

OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on su...

8.3CVSS

6.6AI Score

0.002EPSS

2022-05-24 05:11 PM
2
nessus
nessus

F5 Networks BIG-IP : Intel BIOS vulnerability (K000137204)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000137204 advisory. Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user...

4.4CVSS

4.5AI Score

0.0004EPSS

2023-10-11 12:00 AM
8
nessus
nessus

F5 Networks BIG-IP : Python vulnerability (K000139685)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139685 advisory. An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before...

5.3CVSS

7.2AI Score

0.0005EPSS

2024-05-21 12:00 AM
2
metasploit
metasploit

Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution

This module exploits two vulnerabilities in Palo Alto Networks PAN-OS that allow an unauthenticated attacker to create arbitrarily named files and execute shell commands. Configuration requirements are PAN-OS with GlobalProtect Gateway or GlobalProtect Portal enabled and telemetry collection on...

10CVSS

9.9AI Score

0.957EPSS

2024-04-17 06:52 PM
123
nvd
nvd

CVE-2024-2088

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract...

8.5CVSS

8.2AI Score

0.001EPSS

2024-05-22 07:15 AM
2
nessus
nessus

F5 Networks BIG-IP : Python vulnerabilities (K000139691)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K000139691 advisory. An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer ...

9.8CVSS

8.2AI Score

0.01EPSS

2024-05-20 12:00 AM
2
osv
osv

CVE-2023-4220

Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web...

8.1CVSS

7.3AI Score

0.002EPSS

2023-11-28 08:15 AM
7
nessus
nessus

F5 Networks BIG-IP : Spectre SWAPGS gadget vulnerability (K31085564)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.3.5 / 14.1.2.7 / 15.0.1.4 / 15.1.0.5 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K31085564 advisory. An information disclosure vulnerability exists when certain central processing...

5.6CVSS

6.8AI Score

0.001EPSS

2020-07-14 12:00 AM
20
githubexploit
githubexploit

Exploit for CVE-2024-5522

CVE-2024-5522-Poc CVE-2024-5522 HTML5 Video Player <=...

8.2AI Score

EPSS

2024-05-31 04:41 AM
192
nessus
nessus

Palo Alto Networks PAN-OS Compliance Checks

Using the supplied credentials, this script performs a compliance check against the given...

1.2AI Score

2013-02-19 12:00 AM
17
nvd
nvd

CVE-2024-1762

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers....

6.1CVSS

6.1AI Score

0.0004EPSS

2024-05-22 07:15 AM
nessus
nessus

F5 Networks BIG-IP : Python vulnerabilities (K000139698)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K000139698 advisory. Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x...

7.5CVSS

8AI Score

0.028EPSS

2024-05-20 12:00 AM
2
nessus
nessus

F5 Networks BIG-IP : Appliance mode tmsh vulnerability (K87659521)

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems. (CVE-2019-6615) Impact Attackers can gain access to an Advanced Shell (...

4.9CVSS

5.3AI Score

0.001EPSS

2019-05-01 12:00 AM
9
nessus
nessus

Palo Alto Networks PAN-OS Version Detection

The remote host is running Palo Alto Networks PAN-OS, an operating system for Palo Alto firewall devices. It was possible to read the PAN-OS version number by logging into the device via SSH or...

2.1AI Score

2014-03-05 12:00 AM
21
fedora
fedora

[SECURITY] Fedora 40 Update: prometheus-podman-exporter-1.12.0-1.fc40

Prometheus exporter for podman environments exposing containers, pods, imag es, volumes and networks...

8.3CVSS

8.4AI Score

0.0004EPSS

2024-06-11 01:51 AM
nessus
nessus

F5 Networks BIG-IP : Apache HTTPD vulnerability (K000139764)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139764 advisory. Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split...

6.5AI Score

0.0004EPSS

2024-05-24 12:00 AM
5
nessus
nessus

A10 Networks Advanced Core OS Device Detection

Nessus was able to detect the version of the Advanced Core Operating System running on the remote host by examining the SNMP system description value. Advanced Core OS is used in A10 Networks application delivery controllers and load balancing...

2.4AI Score

2014-04-03 12:00 AM
21
nessus
nessus

F5 Networks BIG-IP : BIG-IP Resource Administrator vulnerability (K38941195)

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. This is contrary to.....

6.5CVSS

6.4AI Score

0.001EPSS

2019-05-01 12:00 AM
11
nuclei
nuclei

NodeBB XML-RPC Request xmlrpc.php - XML Injection

A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC...

9.8CVSS

9.9AI Score

0.287EPSS

2024-03-06 06:03 PM
23
fedora
fedora

[SECURITY] Fedora 39 Update: prometheus-podman-exporter-1.12.0-1.fc39

Prometheus exporter for podman environments exposing containers, pods, imag es, volumes and networks...

8.3CVSS

8.4AI Score

0.0004EPSS

2024-06-11 01:59 AM
debiancve
debiancve

CVE-2021-47249

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) {...

6.9AI Score

0.0004EPSS

2024-05-21 03:15 PM
9
oraclelinux
oraclelinux

perl:5.32 security update

perl-Algorithm-Diff perl-Archive-Tar perl-Archive-Zip perl-autodie perl-bignum perl-Carp perl-Compress-Bzip2 perl-Compress-Raw-Bzip2 perl-Compress-Raw-Lzma perl-Compress-Raw-Zlib [2.096-2] - Fix test broken by update in zlib on s390x - Related: RHEL-16371 perl-Config-Perl-V perl-constant...

7.8CVSS

6.8AI Score

0.0004EPSS

2024-05-24 12:00 AM
16
ubuntucve
ubuntucve

CVE-2021-47249

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) { ... if...

6.5AI Score

0.0004EPSS

2024-05-21 12:00 AM
4
nuclei
nuclei

WordPress Sell Media 2.4.1 - Cross-Site Scripting

WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search...

6.1CVSS

5.9AI Score

0.001EPSS

2020-08-16 03:22 PM
3
nessus
nessus

F5 Networks BIG-IP : BIG-IP iControl REST API vulnerability (K32544615)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K32544615 advisory. When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change ...

7.2CVSS

7.2AI Score

0.0004EPSS

2024-02-14 12:00 AM
4
nessus
nessus

F5 Networks BIG-IP : VPN TunnelVision vulnerability (K000139553)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139553 advisory. DHCP can add routes to a client's routing table via the classless static route option (121). VPN-based security...

7.6CVSS

7.3AI Score

0.0005EPSS

2024-05-21 12:00 AM
3
nessus
nessus

Palo Alto Networks PAN-OS VPN Enabled Detection

VPN is enabled on the remote Palo Alto...

2.2AI Score

2020-11-06 12:00 AM
7
nuclei
nuclei

School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting

School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability in admin/inc/navigation.php:126. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based....

6.1CVSS

6.1AI Score

0.001EPSS

2022-10-05 08:01 PM
4
osv
osv

Android uses the same link-local IPv6 address across different networks

In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no additional execution privileges needed. User interaction is not needed for...

7.5CVSS

7.2AI Score

0.001EPSS

2021-05-01 12:00 AM
10
zdt
zdt

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Vulnerability

Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables...

7.8AI Score

2024-04-22 12:00 AM
71
nessus
nessus

F5 Networks ARX Data Manager Web Interface Detection

The web interface login page for F5 Networks ARX Data Manager was detected on the remote host. ARX Data Manager is a product for file storage management and...

1.8AI Score

2014-07-01 12:00 AM
14
nessus
nessus

VMware Aria Operations For Networks Web Interface Detection

The web interface for VMware Aria Operations for Networks (formerly known as VMware vRealize Network Insight) was detected on the remote...

7.1AI Score

2023-06-15 12:00 AM
9
nessus
nessus

Palo Alto Networks User-ID Agent Version Detection

Palo Alto Networks User-ID agent, a monitoring and reporting service that supports user and group mapping for firewall configurations, is installed on the remote...

1.6AI Score

2016-06-17 12:00 AM
15
nessus
nessus

F5 Networks BIG-IP : Expat vulnerability (K000139630)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139630 advisory. libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required...

7.5CVSS

7.4AI Score

0.001EPSS

2024-05-16 12:00 AM
3
nessus
nessus

F5 Networks BIG-IP : Expat vulnerability (K000139637)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139637 advisory. libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers...

7.2AI Score

0.0004EPSS

2024-05-16 12:00 AM
3
nuclei
nuclei

Netmaker - Hardcoded DNS Secret Key

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API...

7.5CVSS

7.4AI Score

0.097EPSS

2024-04-29 12:54 PM
7
nessus
nessus

F5 Networks BIG-IP : TMM vulnerability (K000139037)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000139037 advisory. When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel...

7.5CVSS

7.6AI Score

0.0004EPSS

2024-05-15 12:00 AM
1
githubexploit
githubexploit

Exploit for Command Injection in Paloaltonetworks Pan-Os

Cyberspace Mapping Dork Fofa ```...

10CVSS

9.9AI Score

0.957EPSS

2024-04-16 04:18 PM
76
githubexploit
githubexploit

Exploit for Command Injection in Paloaltonetworks Pan-Os

Cyberspace Mapping Dork Fofa ```...

10CVSS

9.9AI Score

0.957EPSS

2024-04-16 04:18 PM
54
osv
osv

CVE-2024-3845

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity:...

5.2AI Score

0.0004EPSS

2024-04-17 08:15 AM
1
nuclei
nuclei

NeDi 1.9C - Cross-Site Scripting

NeDi 1.9C is vulnerable to cross-site scripting because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a...

6.1CVSS

6AI Score

0.001EPSS

2021-03-08 05:28 AM
9
nessus
nessus

F5 Networks BIG-IQ Configuration Utility Login Page Detection

The configuration utility login page for F5 Networks BIG-IQ was detected on the remote host. BIG-IQ is a product for managing BIG-IP...

1.6AI Score

2014-05-09 12:00 AM
10
githubexploit
githubexploit

Exploit for CVE-2023-38831

VolleyballSquid-----CVE-2023-38831-and-Bypass-UAC This is my...

7.8CVSS

8.5AI Score

0.381EPSS

2024-04-01 03:59 PM
86
osv
osv

CVE-2023-4763

Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

8.8CVSS

6.1AI Score

0.002EPSS

2023-09-05 10:15 PM
2
nuclei
nuclei

TIBCO JasperReports Library - Directory Traversal

The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for...

6.5CVSS

6.6AI Score

0.503EPSS

2023-08-03 11:24 PM
17
nuclei
nuclei

Juniper J-Web - Remote Code Execution

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote...

9.8CVSS

7.7AI Score

0.967EPSS

2023-09-19 01:54 AM
12
nessus
nessus

F5 Networks BIG-IP : Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (K34303485)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K34303485 advisory. Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing...

5.6CVSS

6.2AI Score

0.001EPSS

2023-11-02 12:00 AM
3
nessus
nessus

F5 Networks BIG-IP : Microarchitectural Fill Buffer Data Sampling (MFBDS) (K80159635)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K80159635 advisory. Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative...

5.6CVSS

6.2AI Score

0.001EPSS

2023-11-03 12:00 AM
20
osv
osv

CVE-2023-5706

The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk-blocks/ancestor-page-list' block in all versions up to, and including, 1.63.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.7AI Score

0.001EPSS

2023-11-22 04:15 PM
6
Total number of security vulnerabilities314659