Lucene search

K

F5 Networks, Inc. Security Vulnerabilities

osv
osv

CVE-2022-36025

Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including DELEGATECALL) results in...

9.1CVSS

9.4AI Score

0.001EPSS

2022-09-24 02:15 AM
2
osv
osv

CVE-2018-25086

A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is...

6.1CVSS

6.4AI Score

0.001EPSS

2023-06-01 07:15 AM
10
zdt
zdt

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Vulnerability

Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables...

7.8AI Score

2024-04-22 12:00 AM
73
osv
osv

CVE-2023-40312

Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to craft a malicious XSS payload. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30,....

6.7CVSS

6.2AI Score

0.0004EPSS

2023-08-14 06:15 PM
4
osv
osv

Android uses the same link-local IPv6 address across different networks

In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no additional execution privileges needed. User interaction is not needed for...

7.5CVSS

7.2AI Score

0.001EPSS

2021-05-01 12:00 AM
10
osv
osv

CVE-2023-40311

Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an attacker to store on database and then load on JSPs or Angular templates. The solution is to upgrade to Meridian...

6.7CVSS

6AI Score

0.0004EPSS

2023-08-14 06:15 PM
3
cve
cve

CVE-2024-32547

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...

5.8CVSS

6.9AI Score

0.0004EPSS

2024-04-17 08:15 AM
36
nuclei
nuclei

Juniper Devices - Remote Code Execution

Multiple cves in Juniper Network (CVE-2023-36844CVE-2023-36845CVE-2023-36846CVE-2023-36847).A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environments variables......

9.8CVSS

7.1AI Score

0.965EPSS

2023-08-26 07:36 AM
17
nessus
nessus

F5 Networks BIG-IP : BIG-IP IPsec vulnerability (K000138728)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000138728 advisory. When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to...

7.5CVSS

7AI Score

0.0004EPSS

2024-05-15 12:00 AM
1
nessus
nessus

F5 Networks BIG-IP : TMM vulnerability (K57111075)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K57111075 advisory. On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual...

7.5CVSS

7.8AI Score

0.001EPSS

2022-01-19 12:00 AM
7
osv
osv

CVE-2023-0871

XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The...

6.1CVSS

7.5AI Score

0.0004EPSS

2023-08-11 05:15 PM
2
osv
osv

CVE-2023-40313

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer....

8.8CVSS

7.8AI Score

0.001EPSS

2023-08-17 07:15 PM
5
nessus
nessus

F5 Networks BIG-IP IPsec DoS (K000132420)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K000132420 advisory. When TCP Verified Accept is enabled on a TCP profile that is configured on a virtual server, undisclosed...

7.5CVSS

7.7AI Score

0.0005EPSS

2023-10-13 12:00 AM
8
nessus
nessus

F5 Networks BIG-IP : BIG-IP SSL vulnerability (K000138912)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.4 / 16.1.4.3 / 17.1.1.3. It is, therefore, affected by a vulnerability as referenced in the K000138912 advisory. When an SSL profile with alert timeout is configured with a non-default value on a virtual...

5.9CVSS

5.8AI Score

0.0004EPSS

2024-05-15 12:00 AM
7
cvelist
cvelist

CVE-2024-1446 NextScripts: Social Networks Auto-Poster <= 4.4.3 - Cross-Site Request Forgery to Arbitrary Post Deletion

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to...

5.4CVSS

5.7AI Score

0.0005EPSS

2024-05-22 06:50 AM
1
hackread
hackread

Cinterion Modem Vulnerabilities Leave IoT and Industrial Networks Exposed

By Waqas Millions of IoT and industrial devices at risk! Critical vulnerabilities in Cinterion cellular modems allow remote attackers to take control. This is a post from HackRead.com Read the original post: Cinterion Modem Vulnerabilities Leave IoT and Industrial Networks...

7.7AI Score

2024-05-13 06:27 PM
6
osv
osv

CVE-2022-45962

Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via...

6.5CVSS

7AI Score

0.002EPSS

2023-02-13 09:15 PM
9
osv
osv

CVE-2023-3545

Improper sanitisation in main/inc/lib/fileUpload.lib.php in Chamilo LMS &lt;= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of .htaccess file. This vulnerability may be exploite...

9.8CVSS

10AI Score

0.004EPSS

2023-11-28 07:15 AM
7
nessus
nessus

F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K000138520)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.4 / 16.1.4.3 / 17.1.1.3. It is, therefore, affected by a vulnerability as referenced in the K000138520 advisory. A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP ...

4.7CVSS

5.8AI Score

0.0004EPSS

2024-05-15 12:00 AM
2
nvd
nvd

CVE-2023-30312

An issue discovered in OpenWrt 18.06, 19.07, 21.02, 22.03, and beyond allows off-path attackers to hijack TCP sessions, which could lead to a denial of service, impersonating the client to the server (e.g., for access to files over FTP), and impersonating the server to the client (e.g., to deliver....

6.5AI Score

0.0004EPSS

2024-05-28 10:15 PM
osv
osv

CVE-2023-0870

A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an attacker to gain access to confidential information and compromise integrity. The solution is to upgrade to Meridian 2023.1.1 or Horizon 31.0.6 or newer....

8.1CVSS

6.9AI Score

0.0004EPSS

2023-03-22 07:15 PM
1
oraclelinux
oraclelinux

libreoffice security fix update

[1:5.3.6.1-26.0.1] - adjust color palette to match Redwood style. - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile - Build with --with-vendor='Oracle America, Inc.' [1:5.3.6.1-26] - Fix CVE-2022-38745 Empty entry in Java class path - Fix...

8.8CVSS

7AI Score

0.001EPSS

2024-05-23 12:00 AM
7
cve
cve

CVE-2024-2830

The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'st_tag_cloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied attributes....

6.4CVSS

7.6AI Score

0.0004EPSS

2024-04-04 03:15 AM
33
nessus
nessus

F5 Networks BIG-IP TCP profile vulnerability (K000134652)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K000134652 advisory. When TCP Verified Accept is enabled on a TCP profile that is configured on a virtual server, undisclosed...

7.5CVSS

7.7AI Score

0.0005EPSS

2023-10-13 12:00 AM
7
nessus
nessus

F5 Networks BIG-IP : iControl SOAP vulnerability (K59904248)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K59904248 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1,...

4.3CVSS

5AI Score

0.001EPSS

2022-05-05 12:00 AM
38
nessus
nessus

Palo Alto Networks PAN-OS 9.0.x < 9.0.17-h4 / 9.1.x < 9.1.17 / 10.1.x < 10.1.12 / 10.2.x < 10.2.8 / 11.0.x < 11.0.3 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 9.0.x prior to 9.0.17-h4 or 9.1.x prior to 9.1.17 or 10.1.x prior to 10.1.12 or 10.2.x prior to 10.2.8 or 11.0.x prior to 11.0.3. It is, therefore, affected by a vulnerability. An improper authorization vulnerability in Palo...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-03-13 12:00 AM
20
osv
osv

CVE-2022-34127

The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file...

7.5CVSS

7.7AI Score

0.021EPSS

2023-04-16 03:15 AM
10
fedora
fedora

[SECURITY] Fedora 40 Update: wireshark-4.2.5-1.fc40

Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless (WiFi or Bluetooth) networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...

6.4CVSS

6.3AI Score

0.0004EPSS

2024-05-31 01:17 AM
2
nessus
nessus

F5 Networks BIG-IP : ZebOS BGP vulnerability (K000137315)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000137315 advisory. The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by...

7.5CVSS

7.5AI Score

0.002EPSS

2023-11-02 12:00 AM
10
nessus
nessus

F5 Networks BIG-IP : iControl REST vulnerability (K11742742)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.5 / 15.1.5 / 16.1.2.1 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K11742742 advisory. On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5,.....

6.5CVSS

6.8AI Score

0.001EPSS

2022-01-19 12:00 AM
6
nessus
nessus

F5 Networks BIG-IP : iControl SOAP vulnerability (K000130415)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.4 / 15.1.8.2 / 16.1.3.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K000130415 advisory. A format string vulnerability exists in iControl SOAP that allows an authenticated attacker...

8.5CVSS

8.6AI Score

0.001EPSS

2023-06-23 12:00 AM
11
nessus
nessus

F5 Networks BIG-IP : TMUI XSS vulnerability (K92807525)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K92807525 advisory. On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC)...

6.8CVSS

6.5AI Score

0.001EPSS

2022-05-05 12:00 AM
15
zdt
zdt

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference Vulnerability

Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure...

7.5AI Score

2024-04-22 12:00 AM
61
nessus
nessus

F5 Networks BIG-IP : HTTP profile vulnerability (K43881487)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.3.3 / 17.0.0.2 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K43881487 advisory. On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the...

7.5CVSS

7.8AI Score

0.001EPSS

2023-06-23 12:00 AM
4
nessus
nessus

F5 Networks BIG-IP : iControl REST vulnerability (K15101402)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K15101402 advisory. On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated...

4.3CVSS

5.1AI Score

0.001EPSS

2022-05-06 12:00 AM
9
nessus
nessus

F5 Networks BIG-IP : TMUI XSS vulnerability (K25451853)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K25451853 advisory. On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x...

8.8CVSS

8.1AI Score

0.002EPSS

2022-05-05 12:00 AM
9
osv
osv

CVE-2022-48197

Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the...

6.1CVSS

5.9AI Score

0.006EPSS

2023-01-02 04:15 PM
5
osv
osv

CVE-2024-32977

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they....

7.1CVSS

6.8AI Score

0.0004EPSS

2024-05-14 04:17 PM
3
nessus
nessus

F5 Networks BIG-IP HTTP/2 DoS (K000133467)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0.3 / 16.1.4.1. It is, therefore, affected by a vulnerability as referenced in the K000133467 advisory. Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate when a client-side HTTP/2...

7.5CVSS

7.7AI Score

0.0005EPSS

2023-10-13 12:00 AM
9
nessus
nessus

F5 Networks BIG-IP : iControl SOAP vulnerability (K94221585)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3 / 15.1.8.1 / 16.1.3.3 / 17.0.0.2 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K94221585 advisory. In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery...

8.8CVSS

8.8AI Score

0.492EPSS

2022-11-16 12:00 AM
61
nessus
nessus

F5 Networks BIG-IP : DNS profile vulnerability (K23454411)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.0.2 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K23454411 advisory. On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x...

7.5CVSS

7.7AI Score

0.001EPSS

2022-05-05 12:00 AM
10
packetstorm

7.4AI Score

2024-04-18 12:00 AM
100
nessus
nessus

F5 Networks BIG-IP : OpenSSH vulnerability (K000138827)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000138827 advisory. In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell ...

6.5CVSS

6.9AI Score

0.003EPSS

2024-03-06 12:00 AM
29
nessus
nessus

F5 Networks BIG-IP : Nettle vulnerability (K45616155)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K45616155 advisory. A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian ...

5.7CVSS

5.7AI Score

0.001EPSS

2023-11-02 12:00 AM
4
nessus
nessus

F5 Networks BIG-IP : Binutils vulnerability (K09092524)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K09092524 advisory. An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils...

5.5CVSS

6.4AI Score

0.001EPSS

2023-11-02 12:00 AM
6
nessus
nessus

F5 Networks BIG-IP : Java vulnerabilities (K000135555)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K000135555 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). ...

3.7CVSS

5.9AI Score

0.003EPSS

2023-07-24 12:00 AM
8
nessus
nessus

F5 Networks BIG-IP : bzip2 vulnerability (K68713584)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K68713584 advisory. BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors....

9.7AI Score

0.02EPSS

2023-06-01 12:00 AM
6
nessus
nessus

F5 Networks BIG-IP : cURL vulnerability (K63525058)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K63525058 advisory. A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given...

3.7CVSS

6.4AI Score

0.001EPSS

2021-10-28 12:00 AM
17
nessus
nessus

F5 Networks BIG-IP : Node.js vulnerabilities (K53225395)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K53225395 advisory. A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS ...

9.8CVSS

8.8AI Score

0.015EPSS

2021-10-28 12:00 AM
40
cve
cve

CVE-2024-1446

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to...

5.4CVSS

6.4AI Score

0.0005EPSS

2024-05-22 07:15 AM
29
Total number of security vulnerabilities315051