F5 Networks, Inc. Security Vulnerabilities

F5 Networks BIG-IP : Linux kernel usbmon vulnerability (K000139700)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139700 advisory. drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user- space...

F5 Networks BIG-IP : Speculative race conditions vulnerabilities (K000139682)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K000139682 advisory. A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting ...

CVE-2023-4224

Unrestricted file upload in /main/inc/ajax/dropbox.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...

School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting

School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability via admin/inc/navigation.php:125. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal...

F5 Networks BIG-IP : TMM vulnerability (K95434410)

Undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to the control plane....

Exploit for Command Injection in Paloaltonetworks Pan-Os

Cyberspace Mapping Dork Fofa ```...

CVE-2024-32547 WordPress Code Insert Manager (Q2W3 Inc Manager) plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...

CVE-2023-0575

External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This...

VMware VRealize Network Insight - Remote Code Execution

VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the...

CVE-2024-32547 WordPress Code Insert Manager (Q2W3 Inc Manager) plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...

CVE-2023-4223

Unrestricted file upload in /main/inc/ajax/document.ajax.php in Chamilo LMS &lt;= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...

CVE-2023-4225

Unrestricted file upload in /main/inc/ajax/exercise.ajax.php in Chamilo LMS &lt;= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...

CVE-2023-4226

Unrestricted file upload in /main/inc/ajax/work.ajax.php in Chamilo LMS &lt;= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...

F5 Networks BIG-IP : BIG-IP engineering hotfix Trusted Platform Module vulnerability (K91171450)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K91171450 advisory. On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect ...

Weaver E-Office 9.5 - Remote Code Execution

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...

GlobalProtect - OS Command Injection

A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama...

Magento Mass Importer <0.7.24 - Remote Auth Bypass

Magento Mass Importer (aka MAGMI) versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection...

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass

...

DerbyNet 9.0 inc/kisosks.inc Cross Site Scripting

...

CVE-2024-32473

Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where --ipv6=false. An container with an...

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference Vulnerability

Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure...

F5 Networks BIG-IP : GNU C Library (glibc) vulnerability (K52494142)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K52494142 advisory. The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes...

F5 Networks BIG-IP : TMM vulnerability (K57111075)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K57111075 advisory. On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual...

@workos-inc/authkit-nextjs session replay vulnerability

Impact A user can reuse an expired session by controlling the x-workos-session header. Patches Patched in...

@workos-inc/authkit-nextjs session replay vulnerability

Impact A user can reuse an expired session by controlling the x-workos-session header. Patches Patched in...

F5 Networks BIG-IP : BIG-IP SSL vulnerability (K000138912)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.4 / 16.1.4.3 / 17.1.1.3. It is, therefore, affected by a vulnerability as referenced in the K000138912 advisory. When an SSL profile with alert timeout is configured with a non-default value on a virtual...

F5 Networks BIG-IP IPsec DoS (K000132420)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K000132420 advisory. When TCP Verified Accept is enabled on a TCP profile that is configured on a virtual server, undisclosed...

Palo Alto Networks PAN-OS Firewall/Panorama Web UI Detection

The web interface for Palo Alto Networks PAN-OS firewall or Panorama was detected on the remote host. Panorama is a centralized management solution used for Palo Alto Networks...

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config

Title: Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config Advisory ID: ZSL-2024-5815 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary The SIGNUM controller from Elber satellite equipment demodulates...

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass

Title: Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Advisory ID: ZSL-2024-5814 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary The SIGNUM controller from Elber satellite equipment...

F5 Networks BIG-IP : BIG-IP IPsec vulnerability (K000138728)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000138728 advisory. When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to...

CVE-2024-5851

A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It....

Cinterion Modem Vulnerabilities Leave IoT and Industrial Networks Exposed

By Waqas Millions of IoT and industrial devices at risk! Critical vulnerabilities in Cinterion cellular modems allow remote attackers to take control. This is a post from HackRead.com Read the original post: Cinterion Modem Vulnerabilities Leave IoT and Industrial Networks...

CVE-2022-45962

Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via...

F5 Networks BIG-IP : Microarchitectural Load Port Data Sampling - Information Leak (MLPDS) (K97035296)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K97035296 advisory. Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative...

CVE-2023-40612

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLE_FILESYSTEM_EDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...

F5 Networks BIG-IP : HTTP profile vulnerability (K43881487)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.3.3 / 17.0.0.2 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K43881487 advisory. On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the...

F5 Networks BIG-IP : iControl REST vulnerability (K15101402)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K15101402 advisory. On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated...

F5 Networks BIG-IP : TMUI XSS vulnerability (K25451853)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K25451853 advisory. On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x...

F5 Networks BIG-IP : BIG-IP HTTP non-RFC-compliant security exposure (K11342432)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.5.1 / 15.1.7 / 16.1.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K11342432 advisory. This issue occurs when a non-RFC-compliant HTTP request is received by a virtual server on a...

CVE-2018-25086

A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is...

F5 Networks BIG-IP : NTP vulnerability (K82570157)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K82570157 advisory. ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric...

F5 Networks BIG-IP : glibc vulnerability (K54823184)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K54823184 advisory. In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap- based...

F5 Networks BIG-IP : NTP vulnerability (K44305703)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K44305703 advisory. ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated ...

F5 Networks BIG-IP : Wireshark vulnerabilities (K02215905)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K02215905 advisory. In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol ...

F5 Networks BIG-IP : jQuery vulnerability (K02453220)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K02453220 advisory. In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after...

F5 Networks BIG-IP : NTP vulnerability (K09940637)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K09940637 advisory. Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is...

F5 Networks BIG-IP : Node.js vulnerability (K000135831)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000135831 advisory. c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends...

F5 Networks BIG-IP : OpenJDK vulnerability (K000134793)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000134793 advisory. Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency)....

F5 Networks BIG-IP : PHP vulnerability (K000134747)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000134747 advisory. In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate...