F5 Networks, Inc. Security Vulnerabilities

F5 Networks BIG-IP : Intel BIOS vulnerability (K16162257)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K16162257 advisory. Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to ...

CVE-2023-30306

An issue discovered in Mercury x30g, Mercury YR1800XG routers allows attackers to hijack TCP sessions which could lead to a denial of...

CVE-2023-30306

An issue discovered in Mercury x30g, Mercury YR1800XG routers allows attackers to hijack TCP sessions which could lead to a denial of...

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass

Title: Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Advisory ID: ZSL-2024-5814 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary The SIGNUM controller from Elber satellite equipment...

F5 Networks BIG-IP : Intel processors vulnerability (K29100014)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K29100014 advisory. Improper conditions check in multiple Intel Processors may allow an authenticated user to potentially enable...

F5 Networks BIG-IP : Intel CPU vulnerability (K82356391)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K82356391 advisory. Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to ...

F5 Networks BIG-IP : Apache HTTPD vulnerability (K78131906)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K78131906 advisory. A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of...

F5 Networks BIG-IP : RetBleed CPU vulnerability (K83713003)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K83713003 advisory. Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their ...

F5 Networks BIG-IP : Intel BIOS vulnerability (K87351324)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K87351324 advisory. Out-of-bounds write in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user...

F5 Networks BIG-IP : Linux kernel vulnerability (K32380005)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K32380005 advisory. The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability,...

CVE-2024-4362 SiteOrigin Widgets Bundle <= 1.60.0 - - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....

CVE-2024-2973

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Only routers or conductors that are running in....

CVE-2024-4611

The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the...

CVE-2024-4611 AppPresser <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass

The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the...

CVE-2024-4611 AppPresser <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass

The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the...

F5 Networks BIG-IP : procps-ng vulnerability (K00409335)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K00409335 advisory. procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME...

F5 Networks BIG-IP : Linux kernel vulnerability (K01043241)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K01043241 advisory. net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability...

F5 Networks BIG-IP : AMD processors vulnerability (K43357358)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K43357358 advisory. A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to...

F5 Networks BIG-IP : Eclipse Jetty vulnerabilities (K10002140)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K10002140 advisory. In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default ...

F5 Networks BIG-IP : Apache Tomcat vulnerability (K32469285)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K32469285 advisory. Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP ...

F5 Networks BIG-IP : Intel processor vulnerabilities (K41043270)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K41043270 advisory. Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an ...

VMware vCenter Detect

VMware vCenter is running on the remote host. It is an enterprise- grade computer virtualization product from VMware,...

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config

Title: Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config Advisory ID: ZSL-2024-5815 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary The SIGNUM controller from Elber satellite equipment demodulates...

F5 Networks BIG-IP : Apache Tomcat vulnerability (K000138178)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000138178 advisory. Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from...

F5 Networks BIG-IP : Apache Struts vulnerabilities (K35226442)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K35226442 advisory. An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when ...

F5 Networks BIG-IP : Apache Tomcat vulnerability (K24551552)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K24551552 advisory. When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was...

F5 Networks BIG-IP : Linux kernel vulnerability (K07721343)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K07721343 advisory. A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the...

F5 Networks BIG-IP : Intel BIOS vulnerability (K000137202)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000137202 advisory. Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to ...

F5 Networks BIG-IP : Intel BIOS vulnerability (K000130240)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000130240 advisory. Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to ...

F5 Networks BIG-IP : Intel BIOS vulnerability (K04303225)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K04303225 advisory. Uncaught exception in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially...

F5 Networks BIG-IP : Intel BIOS vulnerability (K14454359)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K14454359 advisory. Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially...

F5 Networks BIG-IP : Linux kernel vulnerability (K84900646)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K84900646 advisory. A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can...

F5 Networks BIG-IP : Java SE vulnerability (K85742355)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K85742355 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that...

F5 Networks BIG-IP : Apache Struts vulnerabilities (K24608264)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K24608264 advisory. Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code ...

F5 Networks BIG-IP : Linux kernel vulnerability (K13213573)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K13213573 advisory. Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or...

F5 Networks BIG-IP : IPsec IKEv1 vulnerability (K42378447)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K42378447 advisory. The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key...

F5 Networks BIG-IP : Rowhammer hardware vulnerability (K60570139)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K60570139 advisory. Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal ...

F5 Networks BIG-IP : Linux kernel vulnerability (K40540405)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K40540405 advisory. The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a...

F5 Networks BIG-IP : procps-ng vulnerability (K16124204)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K16124204 advisory. procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in...

F5 Networks BIG-IP : Linux kernel vulnerability (K15412203)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K15412203 advisory. The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through ...

F5 Networks BIG-IP : Intel processor vulnerability (K000133630)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000133630 advisory. Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to ...

F5 Networks BIG-IP : Python urllib.parse vulnerability (K000135921)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000135921 advisory. An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by...

F5 Networks BIG-IP : Apache Tomcat vulnerability (K000135262)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000135262 advisory. The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to...

F5 Networks BIG-IP : Intel Processor vulnerability (K11601010)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K11601010 advisory. Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable...

F5 Networks BIG-IP : Intel BIOS vulnerability (K53252134)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K53252134 advisory. Unchecked return value in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially...

F5 Networks BIG-IP : Intel processors vulnerability (K14335949)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K14335949 advisory. Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user...

F5 Networks BIG-IP : Intel BIOS vulnerability (K55051330)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K55051330 advisory. Improper access control in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged...

Juniper Junos OS Evolved DoS (JSA69505)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA69505 advisory. An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008...

CVE-2024-25095 WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

CVE-2019-25093

A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip...