F5 Networks, Inc. Security Vulnerabilities

F5 Networks BIG-IP : BIG-IP iQuery mesh vulnerability (K000132972)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.4 / 15.1.8.2 / 16.1.3.4 / 17.1.0.1. It is, therefore, affected by a vulnerability as referenced in the K000132972 advisory. When DNS is provisioned, an authenticated remote command execution vulnerability exists in...

F5 Networks BIG-IP : BIG-IP UDP profile vulnerability (K20145107)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.4 / 15.1.8.2 / 16.1.3.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K20145107 advisory. When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual...

F5 Networks BIG-IP : BIG-IP Stream profile vulnerability (K99123750)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K99123750 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, when the stream profile is configured on a virtual server, ...

F5 Networks BIG-IP : BIG-IP CGNAT LSN vulnerability (K54082580)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.0 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K54082580 advisory. On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and...

F5 Networks BIG-IP : BIG-IP DNS resolver vulnerability (K85054496)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K85054496 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, when a BIG-IP...

F5 Networks BIG-IP : BIG-IP SSL/TLS vulnerability (K09121542)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.0.0. It is, therefore, affected by a vulnerability as referenced in the K09121542 advisory. On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation...

F5 Networks BIG-IP : GNU C Library vulnerability (K64119434)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K64119434 advisory. In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives,...

F5 Networks BIG-IQ iControl REST Arbitrary File Upload (K000132719)

The version of F5 Networks BIG-IQ Centralized Management installed on the remote host is affected by an arbitrary file upload vulnerability as referenced in the K000132719 advisory. An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ system can upload arbitrary files using an...

F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K000132768)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.4 / 15.1.8.2 / 16.1.3.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K000132768 advisory. A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration.....

F5 Networks BIG-IP : BIG-IP TMUI CSRF vulnerability (K49905324)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K49905324 advisory. On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request...

F5 Networks BIG-IP : BIG-IP ICAP profile vulnerability (K16187341)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K16187341 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1,...

F5 Networks BIG-IP : BIG-IP IPsec ALG vulnerability (K06323049)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.5 / 15.1.5.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K06323049 advisory. On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x...

F5 Networks BIG-IP : BIG-IP SIP ALG vulnerability (K44110411)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.4 / 15.1.4 / 16.1.1. It is, therefore, affected by a vulnerability as referenced in the K44110411 advisory. On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all...

CVE-2024-1446

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to...

F5 Networks BIG-IP APM Guided Configuration Information Disclosure (K47756555)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.8. It is, therefore, affected by a vulnerability as referenced in the K47756555 advisory. When BIG-IP APM Guided Configuration is configured, undisclosed sensitive information may be logged in the...

F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K000134535)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.5 / 15.1.9.1 / 16.1.3.5 / 17.1.0.2. It is, therefore, affected by a vulnerability as referenced in the K000134535 advisory. A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP...

F5 Networks BIG-IP : BIG-IP TMM SSL vulnerability (K000133132)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.5 / 16.1.2.1 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K000133132 advisory. When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU...

F5 Networks BIG-IP : BIG-IP FTP profile vulnerability (K82034427)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K82034427 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1,...

F5 Networks BIG-IP : BIG-IP iControl REST vulnerability (K23605346)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K23605346 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1,...

F5 Networks BIG-IP : BIG-IP HTTP profile vulnerability (K96924184)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K96924184 advisory. On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is configured on a virtual server, undisclosed...

F5 Networks BIG-IP : BIG-IP MRF Diameter vulnerability (K82793463)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.4 / 15.1.4.1 / 16.1.2. It is, therefore, affected by a vulnerability as referenced in the K82793463 advisory. On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all...

CVE-2024-2830

The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'st_tag_cloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied attributes....

CVE-2022-48197

Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the...

F5 Networks BIG-IP : Apache Commons FileUpload vulnerability (K000133052)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000133052 advisory. Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the...

F5 Networks BIG-IP : Linux kernel vulnerability for (K52379673)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K52379673 advisory. A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file...

CVE-2023-52160

The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2...

F5 Networks BIG-IP : Side-channel processor vulnerability (K35135935)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K35135935 advisory. Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an...

F5 Networks BIG-IP : BIG-IP DHCPv6 vulnerability (K36228121)

An attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured with a DHCPv6 profile may be able to cause the Traffic Management Microkernel (TMM) process to produce a core file. (CVE-2019-6643) Impact This vulnerability may allow an attacker who can route...

F5 Networks BIG-IP : BIG-IP PEM vulnerability (K000135946)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000135946 advisory. When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the...

F5 Networks BIG-IP : SSB Variant 4 vulnerability (K29146534)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K29146534 advisory. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the...

CVE-2019-25093

A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip...

CVE-2024-2830

The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'st_tag_cloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied attributes....

Exploit for SQL Injection in Microsoft

nate158 https://t.me/Nate158digimon gcloud compute addresses...

CVE-2023-0584

The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vk_font_awesome_version' option to an...

Palo Alto Networks PAN-OS 10.2.x < 10.2.9-h1 / 11.0.x < 11.0.4-h1 / 11.1.x < 11.1.2-h3 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.2.x prior to 10.2.9-h1 or 11.0.x prior to 11.0.4-h1 or 11.1.x prior to 11.1.2-h3. It is, therefore, affected by a vulnerability. A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect...

F5 Networks BIG-IP : BIG-IP FIPS HSM password vulnerability (K000135449)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4 / 14.1.4 / 15.1.1 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K000135449 advisory. Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password...

F5 Networks BIG-IP : BIG-IP SIP ALG profile vulnerability (K51539421)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4.6 / 15.1.5 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K51539421 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x...

F5 Networks BIG-IP : TMUI authenticated remote command execution vulnerability (K70031188)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.3 / 12.1.5.3 / 13.1.3.6 / 14.1.4 / 15.1.2.1 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K70031188 advisory. On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before...

F5 Networks BIG-IP : BIG-IP iControl REST Privilege Escalation (K26910459)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K26910459 advisory. The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. ...

F5 Networks BIG-IP : BIG-IP HTTP/2 profile vulnerability (K56676554)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.3.3 / 17.0.0.2 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K56676554 advisory. On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in...

Inter-Blockchain Communication (IBC) protocol "Huckleberry" vulnerability in github.com/cosmos/ibc-go

The ibc-go module is affected by the Inter-Blockchain Communication (IBC) protocol "Huckleberry" vulnerability. The vulnerability allowed an attacker to send arbitrary transactions onto target chains and trigger arbitrary state transitions, including but not limited to, theft of funds. It was...

F5 Networks BIG-IP : The BIG-IP system may fail to block HTTP Request Smuggling attacks (K000132430)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K000132430 advisory. The BIG-IP system may fail to block non-RFC-compliant HTTP requests to the pool member, which may lead to ...

CVE-2024-1416

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on several functions in all versions up to, and including, 1.8.9. This makes it possible for unauthenticated attackers to invoke....

F5 Networks BIG-IP : Intel I210 network adapter vulnerability (K37283878)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K37283878 advisory. Improper initialization in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before...

F5 Networks BIG-IP : Intel I210 network adapter vulnerability (K31445234)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K31445234 advisory. Improper access control in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before...

OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled

Impact OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they come from networks that are not configured as localNetworks, by...

F5 Networks BIG-IP : BIG-IP Configuration utility XSS vulnerability (K000132726)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.4 / 15.1.8.2 / 16.1.3.4 / 17.1.0.1. It is, therefore, affected by a vulnerability as referenced in the K000132726 advisory. Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of.....

F5 Networks BIG-IP : BIG-IP Net HSM script vulnerability (K47662005)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4.6 / 15.1.5.1 / 16.1.0 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K47662005 advisory. On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when...

F5 Networks BIG-IP : Advanced WAF/ASM buffer-overflow vulnerability (K52510511)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.3 / 12.1.5.3 / 13.1.3.6 / 14.1.4 / 15.1.2.1 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K52510511 advisory. On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before...

CVE-2024-1416

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on several functions in all versions up to, and including, 1.8.9. This makes it possible for unauthenticated attackers to invoke....