Lucene search

K

F5 Networks, Inc. Security Vulnerabilities

nessus
nessus

F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K83284425)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3 / 15.1.8.1 / 16.1.3.3 / 17.0.0.2 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K83284425 advisory. In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before...

4.9CVSS

5.9AI Score

0.001EPSS

2023-06-23 12:00 AM
6
nessus
nessus

F5 Networks BIG-IP : BIG-IP SIP profile vulnerability (K34525368)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3 / 15.1.8 / 16.1.3.3. It is, therefore, affected by a vulnerability as referenced in the K34525368 advisory. On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all...

7.5CVSS

7.7AI Score

0.001EPSS

2023-06-23 12:00 AM
7
nessus
nessus

F5 Networks BIG-IP : BIG-IP APM OAuth vulnerability (K20717585)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3. It is, therefore, affected by a vulnerability as referenced in the K20717585 advisory. On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the...

7.5CVSS

7.8AI Score

0.001EPSS

2023-06-23 12:00 AM
6
nessus
nessus

F5 Networks BIG-IP : BIG-IP Virtual Edition vulnerability (K24572686)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3 / 15.1.8. It is, therefore, affected by a vulnerability as referenced in the K24572686 advisory. On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to...

7.5CVSS

7.7AI Score

0.001EPSS

2023-06-23 12:00 AM
3
nessus
nessus

F5 Networks BIG-IP : BIG-IP Packet Filters vulnerability (K31856317)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K31856317 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x...

5.8AI Score

0.001EPSS

2023-05-25 12:00 AM
14
nessus
nessus

F5 Networks BIG-IP : BIG-IP iQuery mesh vulnerability (K000132972)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.4 / 15.1.8.2 / 16.1.3.4 / 17.1.0.1. It is, therefore, affected by a vulnerability as referenced in the K000132972 advisory. When DNS is provisioned, an authenticated remote command execution vulnerability exists in...

8.9AI Score

0.001EPSS

2023-05-18 12:00 AM
4
nessus
nessus

F5 Networks BIG-IP : BIG-IP UDP profile vulnerability (K20145107)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.4 / 15.1.8.2 / 16.1.3.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K20145107 advisory. When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual...

7.7AI Score

0.001EPSS

2023-05-12 12:00 AM
25
nessus
nessus

F5 Networks BIG-IP : BIG-IP CGNAT LSN vulnerability (K54082580)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.0 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K54082580 advisory. On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and...

7.5CVSS

7.7AI Score

0.001EPSS

2022-05-05 12:00 AM
25
nessus
nessus

F5 Networks BIG-IP : BIG-IP Stream profile vulnerability (K99123750)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K99123750 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, when the stream profile is configured on a virtual server, ...

7.5CVSS

7.7AI Score

0.001EPSS

2022-05-05 12:00 AM
12
nessus
nessus

F5 Networks BIG-IP : BIG-IP DNS resolver vulnerability (K85054496)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K85054496 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, when a BIG-IP...

5.9CVSS

6.2AI Score

0.001EPSS

2022-05-05 12:00 AM
7
nessus
nessus

F5 Networks BIG-IP : BIG-IP SSL/TLS vulnerability (K09121542)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.0.0. It is, therefore, affected by a vulnerability as referenced in the K09121542 advisory. On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation...

4.8CVSS

5.1AI Score

0.001EPSS

2021-02-11 12:00 AM
32
osv
osv

OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled

Impact OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they come from networks that are not configured as localNetworks, by...

7.1CVSS

7.1AI Score

0.0004EPSS

2024-05-14 08:13 PM
4
nessus
nessus

F5 Networks BIG-IP : BIG-IP HTTP profile vulnerability (K96924184)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K96924184 advisory. On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is configured on a virtual server, undisclosed...

7.5CVSS

7.7AI Score

0.001EPSS

2022-07-22 12:00 AM
23
nessus
nessus

F5 Networks BIG-IP : BIG-IP MRF Diameter vulnerability (K82793463)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.4 / 15.1.4.1 / 16.1.2. It is, therefore, affected by a vulnerability as referenced in the K82793463 advisory. On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all...

7.5CVSS

7.7AI Score

0.001EPSS

2022-01-19 12:00 AM
16
vulnrichment
vulnrichment

CVE-2024-5179 Cowidgets – Elementor Addons <= 1.1.1 - Authenticated (Contributor+) Local File Inclusion

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...

8.8CVSS

7.7AI Score

0.001EPSS

2024-06-06 02:03 AM
osv
osv

@workos-inc/authkit-nextjs session replay vulnerability

Impact A user can reuse an expired session by controlling the x-workos-session header. Patches Patched in...

4.8CVSS

5.2AI Score

0.0004EPSS

2024-03-29 08:16 PM
6
vulnrichment
vulnrichment

CVE-2023-30306

An issue discovered in Mercury x30g, Mercury YR1800XG routers allows attackers to hijack TCP sessions which could lead to a denial of...

6.8AI Score

EPSS

1976-01-01 12:00 AM
osv
osv

CVE-2023-0583

The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_vk_blocks_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default...

4.3CVSS

6.9AI Score

0.001EPSS

2023-06-03 02:15 AM
3
cve
cve

CVE-2024-4362

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-22 09:15 AM
27
osv
osv

CVE-2022-31153

OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts (vanilla and ethereum flavors) in the...

6.5CVSS

6.5AI Score

0.003EPSS

2022-07-15 06:15 PM
6
github
github

@workos-inc/authkit-nextjs session replay vulnerability

Impact A user can reuse an expired session by controlling the x-workos-session header. Patches Patched in...

4.8CVSS

7.1AI Score

0.0004EPSS

2024-03-29 08:16 PM
10
nessus
nessus

F5 Networks BIG-IP : Side-channel processor vulnerability (K35135935)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K35135935 advisory. Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an...

5.6CVSS

5.4AI Score

0.001EPSS

2023-11-03 12:00 AM
3
nessus
nessus

F5 Networks BIG-IP : BIG-IP DHCPv6 vulnerability (K36228121)

An attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured with a DHCPv6 profile may be able to cause the Traffic Management Microkernel (TMM) process to produce a core file. (CVE-2019-6643) Impact This vulnerability may allow an attacker who can route...

7.5CVSS

7.4AI Score

0.001EPSS

2019-08-12 12:00 AM
9
cve
cve

CVE-2024-4611

The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the...

8.1CVSS

6.8AI Score

0.001EPSS

2024-05-29 05:16 AM
3
cvelist
cvelist

CVE-2024-4611 AppPresser <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass

The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the...

8.1CVSS

8AI Score

0.001EPSS

2024-05-29 04:30 AM
1
vulnrichment
vulnrichment

CVE-2024-4611 AppPresser <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass

The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the...

8.1CVSS

6.9AI Score

0.001EPSS

2024-05-29 04:30 AM
1
nessus
nessus

F5 Networks BIG-IP : GNU C Library vulnerability (K64119434)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K64119434 advisory. In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives,...

7.5CVSS

7.5AI Score

0.005EPSS

2022-09-20 12:00 AM
18
cvelist
cvelist

CVE-2024-4362 SiteOrigin Widgets Bundle <= 1.60.0 - - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-22 08:31 AM
nessus
nessus

F5 Networks BIG-IP : Apache Commons FileUpload vulnerability (K000133052)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000133052 advisory. Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the...

7.5CVSS

8.1AI Score

0.034EPSS

2023-06-23 12:00 AM
13
nessus
nessus

F5 Networks BIG-IP : Linux kernel vulnerability for (K52379673)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K52379673 advisory. A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file...

7CVSS

7.4AI Score

0.0004EPSS

2022-05-05 12:00 AM
57
vulnrichment
vulnrichment

CVE-2024-1467 Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.1.6 - Authenticated (Contributor+) Server-Side Request Forgery

The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request(). This makes it possible for authenticated attackers, with contributor-level access and...

4.3CVSS

6.5AI Score

0.001EPSS

2024-05-09 08:03 PM
1
osv
osv

CVE-2023-34237

SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the...

9.8CVSS

8.8AI Score

0.022EPSS

2023-06-07 08:15 PM
5
nessus
nessus

F5 Networks BIG-IP : BIG-IP PEM vulnerability (K000135946)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000135946 advisory. When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the...

7.5CVSS

7.8AI Score

0.0004EPSS

2024-02-14 12:00 AM
8
nessus
nessus

F5 Networks BIG-IP : SSB Variant 4 vulnerability (K29146534)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K29146534 advisory. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the...

5.5CVSS

6.8AI Score

0.003EPSS

2023-11-02 12:00 AM
3
nvd
nvd

CVE-2024-2793

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....

7.2CVSS

6.4AI Score

0.001EPSS

2024-05-31 05:15 AM
1
cve
cve

CVE-2023-30307

An issue discovered in TP-LINK TL-R473GP-AC, TP-LINK XDR6020, TP-LINK TL-R479GP-AC, TP-LINK TL-R4239G, TP-LINK TL-WAR1200L, and TP-LINK TL-R476G routers allows attackers to hijack TCP sessions which could lead to a denial of...

7.1AI Score

EPSS

2024-05-28 08:16 PM
21
cvelist
cvelist

CVE-2023-30307

An issue discovered in TP-LINK TL-R473GP-AC, TP-LINK XDR6020, TP-LINK TL-R479GP-AC, TP-LINK TL-R4239G, TP-LINK TL-WAR1200L, and TP-LINK TL-R476G routers allows attackers to hijack TCP sessions which could lead to a denial of...

6.5AI Score

EPSS

1976-01-01 12:00 AM
1
vulnrichment
vulnrichment

CVE-2023-30307

An issue discovered in TP-LINK TL-R473GP-AC, TP-LINK XDR6020, TP-LINK TL-R479GP-AC, TP-LINK TL-R4239G, TP-LINK TL-WAR1200L, and TP-LINK TL-R476G routers allows attackers to hijack TCP sessions which could lead to a denial of...

6.8AI Score

EPSS

1976-01-01 12:00 AM
cve
cve

CVE-2023-30306

An issue discovered in Mercury x30g, Mercury YR1800XG routers allows attackers to hijack TCP sessions which could lead to a denial of...

7AI Score

EPSS

2024-05-28 08:16 PM
20
osv
osv

CVE-2023-0584

The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vk_font_awesome_version' option to an...

4.3CVSS

7AI Score

0.001EPSS

2023-06-03 02:15 AM
6
osv
osv

Tendermint Core vulnerable to Uncontrolled Resource Consumption

Description Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, we added a new Timestamp field to Evidence structs. This timestamp would be calculated using the same algorithm that is used when a block is created and proposed. (This algorithm relies...

6.5CVSS

0.5AI Score

0.001EPSS

2022-10-07 07:23 AM
8
veracode
veracode

Authentication Bypass

OctoPrint is vulnerable to an Authentication Bypass. The vulnerability is due to an unauthenticated attacker being able to bypass authentication by spoofing their IP via the X-Forwarded-For header when the autologinLocal option is enabled, even if they are from networks not configured as...

7.1CVSS

7.4AI Score

0.0004EPSS

2024-05-15 05:34 AM
2
nessus
nessus

F5 Networks BIG-IP Edge Client for macOS Privilege Escalation (K000135040)

The version of F5 Networks BIG-IP installed on the remote macOS host is prior or equal to 17.1.0 / 16.1.4 / 15.1.10 / 14.1.5 / 13.1.5. It is, therefore, affected by a vulnerability as referenced in the K000135040 advisory. An insufficient verification of data may allow an attacker elevation of...

7.8CVSS

7.7AI Score

0.001EPSS

2023-10-13 12:00 AM
14
nessus
nessus

F5 Networks BIG-IP : BIG-IP APM virtual server vulnerability (K95503300)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3 / 15.1.7 / 16.1.3.3 / 17.0.0.2 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K95503300 advisory. On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7,...

6.1CVSS

6.7AI Score

0.001EPSS

2023-06-23 12:00 AM
8
nessus
nessus

F5 Networks BIG-IP : BIG-IP AFM virtual server vulnerability (K24358905)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.5 / 15.1.4.1 / 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K24358905 advisory. On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before...

7.5CVSS

7.8AI Score

0.001EPSS

2022-01-19 12:00 AM
14
nessus
nessus

F5 Networks BIG-IP : BIG-IP FIPS HSM password vulnerability (K000135449)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4 / 14.1.4 / 15.1.1 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K000135449 advisory. Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password...

6.1CVSS

6.4AI Score

0.001EPSS

2023-08-02 12:00 AM
6
nessus
nessus

F5 Networks BIG-IP : BIG-IP SIP ALG profile vulnerability (K51539421)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4.6 / 15.1.5 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K51539421 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x...

7.5CVSS

7.7AI Score

0.001EPSS

2022-05-05 12:00 AM
7
nessus
nessus

F5 Networks BIG-IP : TMUI authenticated remote command execution vulnerability (K70031188)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.3 / 12.1.5.3 / 13.1.3.6 / 14.1.4 / 15.1.2.1 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K70031188 advisory. On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before...

8.8CVSS

9.4AI Score

0.002EPSS

2021-03-10 12:00 AM
15
nessus
nessus

F5 Networks BIG-IP : BIG-IP Configuration utility XSS vulnerability (K000132726)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.4 / 15.1.8.2 / 16.1.3.4 / 17.1.0.1. It is, therefore, affected by a vulnerability as referenced in the K000132726 advisory. Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of.....

6.5AI Score

0.0005EPSS

2023-05-12 12:00 AM
39
nessus
nessus

F5 Networks BIG-IP : BIG-IP Net HSM script vulnerability (K47662005)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4.6 / 15.1.5.1 / 16.1.0 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K47662005 advisory. On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when...

6.5CVSS

6.8AI Score

0.001EPSS

2022-05-05 12:00 AM
11
Total number of security vulnerabilities315051