F5 Networks, Inc. Security Vulnerabilities

OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled

Impact OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they come from networks that are not configured as localNetworks, by...

CVE-2022-31153

OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts (vanilla and ethereum flavors) in the...

CVE-2024-2793

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....

CVE-2024-2618

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-2618 Elementor Header & Footer Builder <= 1.6.26 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-0583

The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_vk_blocks_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default...

F5 Networks BIG-IP APM Guided Configuration Information Disclosure (K47756555)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.8. It is, therefore, affected by a vulnerability as referenced in the K47756555 advisory. When BIG-IP APM Guided Configuration is configured, undisclosed sensitive information may be logged in the...

F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K000134535)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.5 / 15.1.9.1 / 16.1.3.5 / 17.1.0.2. It is, therefore, affected by a vulnerability as referenced in the K000134535 advisory. A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP...

F5 Networks BIG-IP : BIG-IP TMM SSL vulnerability (K000133132)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.5 / 16.1.2.1 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K000133132 advisory. When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU...

F5 Networks BIG-IP : BIG-IP FTP profile vulnerability (K82034427)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K82034427 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1,...

F5 Networks BIG-IP : BIG-IP iControl REST vulnerability (K23605346)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K23605346 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1,...

CVE-2023-34237

SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the...

Juniper Junos OS Vulnerability (JSA69503)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA69503 advisory. An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally...

Tendermint Core vulnerable to Uncontrolled Resource Consumption

Description Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, we added a new Timestamp field to Evidence structs. This timestamp would be calculated using the same algorithm that is used when a block is created and proposed. (This algorithm relies...

CVE-2024-5862 User Enumeration in Mia Technology's Mia-Med Health Aplication

Improper Restriction of Excessive Authentication Attempts vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Interface Manipulation.This issue affects Mia-Med Health Aplication: before...

CVE-2024-5862 User Enumeration in Mia Technology's Mia-Med Health Aplication

Improper Restriction of Excessive Authentication Attempts vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Interface Manipulation.This issue affects Mia-Med Health Aplication: before...

CVE-2024-5862

Improper Restriction of Excessive Authentication Attempts vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Interface Manipulation.This issue affects Mia-Med Health Aplication: before...

CVE-2024-5862

Improper Restriction of Excessive Authentication Attempts vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Interface Manipulation.This issue affects Mia-Med Health Aplication: before...

F5 Networks BIG-IP : BIG-IP HTTP/2 DoS (K000137106)

The version of F5 Networks BIG-IP installed on the remote host is prior or equal to 17.1.0 / 16.1.4 / 15.1.10 / 14.1.5 / 13.1.5. It is, therefore, affected by a vulnerability as referenced in the K000137106 advisory. The HTTP/2 protocol allows a denial of service (server resource consumption)...

F5 Networks BIG-IP : BIG-IP Configuration utility RCE (K000135689)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0.3 / 16.1.4.1 / 15.1.10.2 / 14.1.5.6. It is, therefore, affected by a vulnerability as referenced in the K000135689 advisory. A directory traversal vulnerability exists in the BIG-IP Configuration utility that may...

F5 Networks BIG-IP : BIG-IP DNS profile vulnerability (K37708118)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3 / 15.1.8.1 / 16.1.3.3 / 17.0.0.2 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K37708118 advisory. On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before...

F5 Networks BIG-IP : BIG-IP SIP profile vulnerability (K08182564)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3 / 15.1.8.1 / 16.1.3.3 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K08182564 advisory. On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and.....

F5 Networks BIG-IP : BIG-IP HTTP profile vulnerability (K58550078)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.3.3 / 17.0.0.2 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K58550078 advisory. In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when...

F5 Networks BIG-IP : Appliance mode iControl REST vulnerability (K13325942)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3 / 15.1.8.1 / 16.1.3.3 / 17.0.0.2 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K13325942 advisory. In all versions of BIG-IP, when running in Appliance mode, an authenticated user...

F5 Networks BIG-IP : BIG-IP RTSP profile vulnerability (K37155600)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K37155600 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x.....

F5 Networks BIG-IP : BIG-IP DNS resolver vulnerability (K03755971)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.5.1 / 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K03755971 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2 and 15.1.x versions prior to 15.1.5.1, when the DNS...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Kubernetes

Summary Multiple vulnerabilities in Kubernetes used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2020-8562 DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to obtain sensitive information, caused by a time-of-check time-of-use...

F5 Networks BIG-IQ iControl REST Arbitrary File Upload (K000132719)

The version of F5 Networks BIG-IQ Centralized Management installed on the remote host is affected by an arbitrary file upload vulnerability as referenced in the K000132719 advisory. An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ system can upload arbitrary files using an...

F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K000132768)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.4 / 15.1.8.2 / 16.1.3.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K000132768 advisory. A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration.....

F5 Networks BIG-IP : BIG-IP ICAP profile vulnerability (K16187341)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K16187341 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1,...

F5 Networks BIG-IP : BIG-IP IPsec ALG vulnerability (K06323049)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.5 / 15.1.5.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K06323049 advisory. On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x...

F5 Networks BIG-IP : BIG-IP TMUI CSRF vulnerability (K49905324)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K49905324 advisory. On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request...

F5 Networks BIG-IP : BIG-IP SIP ALG vulnerability (K44110411)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.4 / 15.1.4 / 16.1.1. It is, therefore, affected by a vulnerability as referenced in the K44110411 advisory. On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all...

Code Injection Vulnerability in Citrix NetScaler ADC and NetScaler Gateway

NetScaler ADC is an application delivery controller. NetScaler Gateway is an access gateway with an SSL VPN solution that provides single sign-on and authentication for remote end users of network assets. Both are Citrix products. A code injection vulnerability exists in Citrix NetScaler ADC and...

F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K000133474)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.5 / 15.1.9.1 / 16.1.3.5 / 17.1.0.2. It is, therefore, affected by a vulnerability as referenced in the K000133474 advisory. A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the...

F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K83284425)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3 / 15.1.8.1 / 16.1.3.3 / 17.0.0.2 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K83284425 advisory. In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before...

F5 Networks BIG-IP : BIG-IP SIP profile vulnerability (K34525368)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3 / 15.1.8 / 16.1.3.3. It is, therefore, affected by a vulnerability as referenced in the K34525368 advisory. On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all...

F5 Networks BIG-IP : BIG-IP APM OAuth vulnerability (K20717585)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3. It is, therefore, affected by a vulnerability as referenced in the K20717585 advisory. On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the...

F5 Networks BIG-IP : BIG-IP Virtual Edition vulnerability (K24572686)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3 / 15.1.8. It is, therefore, affected by a vulnerability as referenced in the K24572686 advisory. On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to...

F5 Networks BIG-IP : BIG-IP Packet Filters vulnerability (K31856317)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K31856317 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x...

F5 Networks BIG-IP : BIG-IP iQuery mesh vulnerability (K000132972)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.4 / 15.1.8.2 / 16.1.3.4 / 17.1.0.1. It is, therefore, affected by a vulnerability as referenced in the K000132972 advisory. When DNS is provisioned, an authenticated remote command execution vulnerability exists in...

F5 Networks BIG-IP : BIG-IP UDP profile vulnerability (K20145107)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.4 / 15.1.8.2 / 16.1.3.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K20145107 advisory. When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual...

F5 Networks BIG-IP : BIG-IP CGNAT LSN vulnerability (K54082580)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.0 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K54082580 advisory. On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and...

F5 Networks BIG-IP : BIG-IP Stream profile vulnerability (K99123750)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K99123750 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, when the stream profile is configured on a virtual server, ...

F5 Networks BIG-IP : BIG-IP DNS resolver vulnerability (K85054496)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K85054496 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, when a BIG-IP...

F5 Networks BIG-IP : BIG-IP SSL/TLS vulnerability (K09121542)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.0.0. It is, therefore, affected by a vulnerability as referenced in the K09121542 advisory. On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation...

F5 Networks BIG-IP : BIG-IP HTTP profile vulnerability (K96924184)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K96924184 advisory. On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is configured on a virtual server, undisclosed...

F5 Networks BIG-IP : BIG-IP MRF Diameter vulnerability (K82793463)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.4 / 15.1.4.1 / 16.1.2. It is, therefore, affected by a vulnerability as referenced in the K82793463 advisory. On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all...

CVE-2024-3264

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Signature Spoofing by Improper Validation.This issue affects Mia-Med Health Aplication: before...

CVE-2024-3264 Broken or Risky Cryptographic Algorithm in Mia Technology's Mia-Med Health Aplication

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Signature Spoofing by Improper Validation.This issue affects Mia-Med Health Aplication: before...