Show filters
626 Total Results
Displaying 11-20 of 626
Sort by:
Attacker Value
Unknown
CVE-2024-21793
Disclosure Date: May 08, 2024 (last updated May 09, 2024)
An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
3
Attacker Value
Unknown
CVE-2024-26026
Disclosure Date: May 08, 2024 (last updated May 09, 2024)
An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
2
Attacker Value
Unknown
CVE-2020-5903
Disclosure Date: July 01, 2020 (last updated October 07, 2023)
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.
1
Attacker Value
Unknown
CVE-2021-23050
Disclosure Date: September 14, 2021 (last updated October 07, 2023)
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
1
Attacker Value
Unknown
CVE-2023-38138
Disclosure Date: August 02, 2023 (last updated October 08, 2023)
A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
1
Attacker Value
Unknown
CVE-2012-1493
Disclosure Date: July 09, 2012 (last updated October 04, 2023)
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.
1
Attacker Value
Unknown
CVE-2021-23016
Disclosure Date: May 10, 2021 (last updated October 07, 2023)
On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal restrictions and retrieve static content that is hosted within APM by sending specifically crafted requests to an APM Virtual Server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
1
Attacker Value
High
CVE-2023-5360
Disclosure Date: October 31, 2023 (last updated November 09, 2023)
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
2
Attacker Value
Very High
CVE-2022-31791
Disclosure Date: September 06, 2022 (last updated October 08, 2023)
WatchGuard Firebox and XTM appliances allow a local attacker (that has already obtained shell access) to elevate their privileges and execute code with root permissions. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4.
3
Attacker Value
Unknown
Cisco Prime Infrastructure HA HealthMonitor TarArchive Directory Traversal Remo…
Disclosure Date: May 16, 2019 (last updated October 06, 2023)
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
0
