Lucene search

K

F5 Networks, Inc. Security Vulnerabilities

nessus
nessus

F5 Networks BIG-IP : BIND vulnerability (K27155546)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K27155546 advisory. By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a...

7.5CVSS

6.8AI Score

0.003EPSS

2022-10-20 12:00 AM
11
nessus
nessus

F5 Networks BIG-IP : OpenSSL vulnerability (K19559038)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K19559038 advisory. ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding...

7.4CVSS

8.1AI Score

0.004EPSS

2021-10-28 12:00 AM
157
nessus
nessus

F5 Networks BIG-IP : glibc vulnerability (K44945790)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K44945790 advisory. The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input...

7.5CVSS

8.7AI Score

0.013EPSS

2021-10-28 12:00 AM
92
osv
osv

CVE-2018-25086

A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is...

6.1CVSS

6.4AI Score

0.001EPSS

2023-06-01 07:15 AM
8
nessus
nessus

F5 Networks BIG-IP : ZebOS BGP vulnerability (K000137315)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000137315 advisory. The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by...

7.5CVSS

7.5AI Score

0.002EPSS

2023-11-02 12:00 AM
10
nessus
nessus

F5 Networks BIG-IP : iControl REST vulnerability (K11742742)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.5 / 15.1.5 / 16.1.2.1 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K11742742 advisory. On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5,.....

6.5CVSS

6.8AI Score

0.001EPSS

2022-01-19 12:00 AM
6
osv
osv

CVE-2022-34127

The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file...

7.5CVSS

7.7AI Score

0.021EPSS

2023-04-16 03:15 AM
9
nessus
nessus

F5 Networks BIG-IP : Node.js vulnerability (K000139532)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139532 advisory. An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames...

8.2CVSS

6.7AI Score

0.0004EPSS

2024-05-07 12:00 AM
3
nessus
nessus

F5 Networks BIG-IP : OpenLDAP vulnerability (K000138814)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000138814 advisory. A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x()...

7.5CVSS

7.5AI Score

0.003EPSS

2024-03-05 12:00 AM
16
nessus
nessus

F5 Networks BIG-IP : cURL vulnerability (K000138650)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000138650 advisory. This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins...

6.5CVSS

7AI Score

0.001EPSS

2024-02-21 12:00 AM
16
nessus
nessus

F5 Networks BIG-IP : TMM vulnerability (K19634255)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K19634255 advisory. On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when...

7.5CVSS

7.7AI Score

0.001EPSS

2023-11-03 12:00 AM
3
nessus
nessus

F5 Networks BIG-IP : Python vulnerability (K11068141)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K11068141 advisory. The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python)...

7.6AI Score

0.006EPSS

2023-11-02 12:00 AM
nessus
nessus

F5 Networks BIG-IP : SNMPv2 vulnerability (K04463175)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K04463175 advisory. An SNMP community name is the default (e.g. public), null, or missing. (CVE-1999-0517) Note that Nessus has not tested...

8.2AI Score

0.454EPSS

2023-11-02 12:00 AM
10
nessus
nessus

F5 Networks BIG-IP : OpenSSL vulnerability (K000135178)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000135178 advisory. Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very...

6.5CVSS

7.3AI Score

0.001EPSS

2023-06-22 12:00 AM
5
githubexploit
githubexploit

Exploit for CVE-2024-27956

CVE-2024-27956 Note Build wordpress: docker-compose -f...

9.9CVSS

7.2AI Score

0.001EPSS

2024-04-27 11:03 AM
373
osv
osv

Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull

Impact An authenticated user who has access to a game server is able to bypass the previously implemented access control (https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This...

6.4CVSS

6.3AI Score

0.0004EPSS

2024-05-03 08:29 PM
4
github
github

Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull

Impact An authenticated user who has access to a game server is able to bypass the previously implemented access control (https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This...

6.4CVSS

6.8AI Score

0.0004EPSS

2024-05-03 08:29 PM
8
osv
osv

CVE-2023-3545

Improper sanitisation in main/inc/lib/fileUpload.lib.php in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of .htaccess file. This vulnerability may be exploite...

9.8CVSS

10AI Score

0.004EPSS

2023-11-28 07:15 AM
5
nessus
nessus

F5 Networks BIG-IP : iControl SOAP vulnerability (K000130415)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.4 / 15.1.8.2 / 16.1.3.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K000130415 advisory. A format string vulnerability exists in iControl SOAP that allows an authenticated attacker...

8.5CVSS

8.6AI Score

0.001EPSS

2023-06-23 12:00 AM
11
nessus
nessus

F5 Networks BIG-IP : TMUI XSS vulnerability (K92807525)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K92807525 advisory. On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC)...

6.8CVSS

6.5AI Score

0.001EPSS

2022-05-05 12:00 AM
14
osv
osv

CVE-2023-50564

An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP...

8.8CVSS

7.8AI Score

0.001EPSS

2023-12-14 03:15 PM
6
osv
osv

CVE-2023-40315

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and...

8CVSS

7.3AI Score

0.0004EPSS

2023-08-17 08:15 PM
7
osv
osv

CVE-2022-30935

An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed.....

9.1CVSS

7.3AI Score

0.002EPSS

2022-09-28 11:15 AM
3
nessus
nessus

F5 Networks BIG-IP : OpenSSL vulnerability (K000138242)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000138242 advisory. Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters...

5.3CVSS

6.4AI Score

0.001EPSS

2024-01-17 12:00 AM
13
nessus
nessus

F5 Networks BIG-IP : Apache vulnerability (K000137702)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000137702 advisory. Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util)...

6.5CVSS

7.1AI Score

0.002EPSS

2023-11-27 12:00 AM
7
nessus
nessus

F5 Networks BIG-IP : NTP vulnerability (K04912972)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K04912972 advisory. The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service ...

7.5CVSS

8.4AI Score

0.033EPSS

2023-11-02 12:00 AM
12
nessus
nessus

F5 Networks BIG-IP : libssh vulnerability (K05295501)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K05295501 advisory. A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if...

5.3CVSS

5.5AI Score

0.004EPSS

2023-11-02 12:00 AM
6
nessus
nessus

F5 Networks BIG-IP : jQuery vulnerability (K66544153)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K66544153 advisory. In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from...

6.9CVSS

7.4AI Score

0.019EPSS

2023-11-02 12:00 AM
12
nessus
nessus

F5 Networks BIG-IP : cURL vulnerability (K61186963)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K61186963 advisory. curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP...

7.5CVSS

7.9AI Score

0.007EPSS

2021-10-28 12:00 AM
16
osv
osv

CVE-2024-34068

Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control (GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint....

6.4CVSS

6.3AI Score

0.0004EPSS

2024-05-03 06:15 PM
3
nessus
nessus

F5 Networks BIG-IP TCP profile vulnerability (K000134652)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K000134652 advisory. When TCP Verified Accept is enabled on a TCP profile that is configured on a virtual server, undisclosed...

7.5CVSS

7.7AI Score

0.0005EPSS

2023-10-13 12:00 AM
7
nessus
nessus

F5 Networks BIG-IP : iControl SOAP vulnerability (K59904248)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K59904248 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1,...

4.3CVSS

5AI Score

0.001EPSS

2022-05-05 12:00 AM
38
nessus
nessus

F5 Networks BIG-IP : OpenSSH vulnerability (K000138827)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000138827 advisory. In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell ...

6.5CVSS

6.9AI Score

0.003EPSS

2024-03-06 12:00 AM
29
nessus
nessus

F5 Networks BIG-IP : Binutils vulnerability (K09092524)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K09092524 advisory. An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils...

5.5CVSS

6.4AI Score

0.001EPSS

2023-11-02 12:00 AM
5
nessus
nessus

F5 Networks BIG-IP : Nettle vulnerability (K45616155)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K45616155 advisory. A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian ...

5.7CVSS

5.7AI Score

0.001EPSS

2023-11-02 12:00 AM
4
nessus
nessus

F5 Networks BIG-IP : Java vulnerabilities (K000135555)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K000135555 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). ...

3.7CVSS

5.9AI Score

0.003EPSS

2023-07-24 12:00 AM
7
nessus
nessus

F5 Networks BIG-IP : bzip2 vulnerability (K68713584)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K68713584 advisory. BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors....

9.7AI Score

0.02EPSS

2023-06-01 12:00 AM
5
nessus
nessus

F5 Networks BIG-IP : cURL vulnerability (K63525058)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K63525058 advisory. A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given...

3.7CVSS

6.4AI Score

0.001EPSS

2021-10-28 12:00 AM
17
nessus
nessus

F5 Networks BIG-IP : Node.js vulnerabilities (K53225395)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K53225395 advisory. A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS ...

9.8CVSS

8.8AI Score

0.015EPSS

2021-10-28 12:00 AM
40
osv
osv

CVE-2022-36025

Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including DELEGATECALL) results in...

9.1CVSS

9.4AI Score

0.001EPSS

2022-09-24 02:15 AM
2
nessus
nessus

F5 Networks BIG-IP HTTP/2 DoS (K000133467)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0.3 / 16.1.4.1. It is, therefore, affected by a vulnerability as referenced in the K000133467 advisory. Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate when a client-side HTTP/2...

7.5CVSS

7.7AI Score

0.0005EPSS

2023-10-13 12:00 AM
9
nessus
nessus

F5 Networks BIG-IP : iControl SOAP vulnerability (K94221585)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3 / 15.1.8.1 / 16.1.3.3 / 17.0.0.2 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K94221585 advisory. In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery...

8.8CVSS

8.8AI Score

0.492EPSS

2022-11-16 12:00 AM
60
nessus
nessus

F5 Networks BIG-IP : DNS profile vulnerability (K23454411)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.0.2 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K23454411 advisory. On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x...

7.5CVSS

7.7AI Score

0.001EPSS

2022-05-05 12:00 AM
10
nessus
nessus

F5 Networks BIG-IP : libssh vulnerability (K000138682)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000138682 advisory. A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in...

6.5CVSS

7.5AI Score

0.002EPSS

2024-02-23 12:00 AM
13
nessus
nessus

F5 Networks BIG-IP : GnuTLS vulnerabilities (K000138649)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K000138649 advisory. A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange ...

7.5CVSS

7.6AI Score

0.008EPSS

2024-02-20 12:00 AM
10
nessus
nessus

F5 Networks BIG-IP : glibc vulnerability (K49921213)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K49921213 advisory. A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion...

7CVSS

8.1AI Score

0.001EPSS

2023-11-02 12:00 AM
11
nessus
nessus

F5 Networks BIG-IP : LibTIFF vulnerability (K70117303)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K70117303 advisory. LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2,...

8.8CVSS

8.8AI Score

0.283EPSS

2023-11-02 12:00 AM
9
nessus
nessus

F5 Networks BIG-IP : QEMU vulnerability (K41301038)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K41301038 advisory. QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked....

3.2CVSS

5.6AI Score

0.0005EPSS

2023-11-02 12:00 AM
3
nessus
nessus

F5 Networks BIG-IP : MySQL vulnerability (K000134469)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000134469 advisory. Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported...

2.7CVSS

2.9AI Score

0.0005EPSS

2023-11-02 12:00 AM
6
Total number of security vulnerabilities314658