F5 Networks, Inc. Security Vulnerabilities

F5 Networks BIG-IP : BIND vulnerability (K27155546)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K27155546 advisory. By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a...

F5 Networks BIG-IP : OpenSSL vulnerability (K19559038)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K19559038 advisory. ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding...

F5 Networks BIG-IP : glibc vulnerability (K44945790)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K44945790 advisory. The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input...

CVE-2018-25086

A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is...

F5 Networks BIG-IP : ZebOS BGP vulnerability (K000137315)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000137315 advisory. The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by...

F5 Networks BIG-IP : iControl REST vulnerability (K11742742)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.5 / 15.1.5 / 16.1.2.1 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K11742742 advisory. On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5,.....

CVE-2022-34127

The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file...

F5 Networks BIG-IP : Node.js vulnerability (K000139532)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139532 advisory. An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames...

F5 Networks BIG-IP : OpenLDAP vulnerability (K000138814)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000138814 advisory. A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x()...

F5 Networks BIG-IP : cURL vulnerability (K000138650)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000138650 advisory. This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins...

F5 Networks BIG-IP : TMM vulnerability (K19634255)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K19634255 advisory. On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when...

F5 Networks BIG-IP : Python vulnerability (K11068141)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K11068141 advisory. The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python)...

F5 Networks BIG-IP : SNMPv2 vulnerability (K04463175)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K04463175 advisory. An SNMP community name is the default (e.g. public), null, or missing. (CVE-1999-0517) Note that Nessus has not tested...

F5 Networks BIG-IP : OpenSSL vulnerability (K000135178)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000135178 advisory. Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very...

Exploit for CVE-2024-27956

CVE-2024-27956 Note Build wordpress: docker-compose -f...

Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull

Impact An authenticated user who has access to a game server is able to bypass the previously implemented access control (https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This...

Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull

Impact An authenticated user who has access to a game server is able to bypass the previously implemented access control (https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This...

CVE-2023-3545

Improper sanitisation in main/inc/lib/fileUpload.lib.php in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of .htaccess file. This vulnerability may be exploite...

F5 Networks BIG-IP : iControl SOAP vulnerability (K000130415)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.4 / 15.1.8.2 / 16.1.3.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K000130415 advisory. A format string vulnerability exists in iControl SOAP that allows an authenticated attacker...

F5 Networks BIG-IP : TMUI XSS vulnerability (K92807525)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K92807525 advisory. On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC)...

CVE-2023-50564

An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP...

CVE-2023-40315

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and...

CVE-2022-30935

An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed.....

F5 Networks BIG-IP : OpenSSL vulnerability (K000138242)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000138242 advisory. Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters...

F5 Networks BIG-IP : Apache vulnerability (K000137702)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000137702 advisory. Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util)...

F5 Networks BIG-IP : NTP vulnerability (K04912972)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K04912972 advisory. The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service ...

F5 Networks BIG-IP : libssh vulnerability (K05295501)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K05295501 advisory. A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if...

F5 Networks BIG-IP : jQuery vulnerability (K66544153)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K66544153 advisory. In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from...

F5 Networks BIG-IP : cURL vulnerability (K61186963)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K61186963 advisory. curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP...

CVE-2024-34068

Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control (GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint....

F5 Networks BIG-IP TCP profile vulnerability (K000134652)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K000134652 advisory. When TCP Verified Accept is enabled on a TCP profile that is configured on a virtual server, undisclosed...

F5 Networks BIG-IP : iControl SOAP vulnerability (K59904248)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K59904248 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1,...

F5 Networks BIG-IP : OpenSSH vulnerability (K000138827)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000138827 advisory. In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell ...

F5 Networks BIG-IP : Binutils vulnerability (K09092524)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K09092524 advisory. An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils...

F5 Networks BIG-IP : Nettle vulnerability (K45616155)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K45616155 advisory. A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian ...

F5 Networks BIG-IP : Java vulnerabilities (K000135555)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K000135555 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). ...

F5 Networks BIG-IP : bzip2 vulnerability (K68713584)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K68713584 advisory. BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors....

F5 Networks BIG-IP : cURL vulnerability (K63525058)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K63525058 advisory. A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given...

F5 Networks BIG-IP : Node.js vulnerabilities (K53225395)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K53225395 advisory. A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS ...

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference

...

CVE-2022-36025

Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including DELEGATECALL) results in...

F5 Networks BIG-IP HTTP/2 DoS (K000133467)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0.3 / 16.1.4.1. It is, therefore, affected by a vulnerability as referenced in the K000133467 advisory. Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate when a client-side HTTP/2...

F5 Networks BIG-IP : iControl SOAP vulnerability (K94221585)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3 / 15.1.8.1 / 16.1.3.3 / 17.0.0.2 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K94221585 advisory. In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery...

F5 Networks BIG-IP : DNS profile vulnerability (K23454411)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.0.2 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K23454411 advisory. On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x...

F5 Networks BIG-IP : libssh vulnerability (K000138682)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000138682 advisory. A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in...

F5 Networks BIG-IP : GnuTLS vulnerabilities (K000138649)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K000138649 advisory. A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange ...

F5 Networks BIG-IP : glibc vulnerability (K49921213)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K49921213 advisory. A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion...

F5 Networks BIG-IP : LibTIFF vulnerability (K70117303)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K70117303 advisory. LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2,...

F5 Networks BIG-IP : QEMU vulnerability (K41301038)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K41301038 advisory. QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked....

F5 Networks BIG-IP : MySQL vulnerability (K000134469)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000134469 advisory. Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported...