Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-33612 |
An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Published: May 08, 2024; 11:15:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33608 |
When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Published: May 08, 2024; 11:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33604 |
A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Published: May 08, 2024; 11:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32980 |
Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use `self` requests without a specified URL authority can be induced to make requests to arbitrary hosts via the `Host` HTTP header. The following conditions need to be met for an application to be vulnerable: 1. The environment Spin is deployed in routes requests to the Spin runtime based on the request URL instead of the `Host` header, and leaves the `Host` header set to its original value; 2. The Spin application's component handling the incoming request is configured with an `allow_outbound_hosts` list containing `"self"`; and 3. In reaction to an incoming request, the component makes an outbound request whose URL doesn't include the hostname/port. Spin 2.4.3 has been released to fix this issue. Published: May 08, 2024; 11:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32761 |
Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is beyond an attacker's control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Published: May 08, 2024; 11:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32113 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue. Published: May 08, 2024; 11:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32049 |
BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Published: May 08, 2024; 11:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31156 |
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Published: May 08, 2024; 11:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28889 |
When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Published: May 08, 2024; 11:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28883 |
An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Published: May 08, 2024; 11:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28132 |
Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Published: May 08, 2024; 11:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27202 |
A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Published: May 08, 2024; 11:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-26579 |
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0, the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it. [1] https://github.com/apache/inlong/pull/9694 [2] https://github.com/apache/inlong/pull/9707 Published: May 08, 2024; 11:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-26026 |
An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Published: May 08, 2024; 11:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25560 |
When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Published: May 08, 2024; 11:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25526 |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx. Published: May 08, 2024; 11:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25525 |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx. Published: May 08, 2024; 11:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25524 |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx. Published: May 08, 2024; 11:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25523 |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx. Published: May 08, 2024; 11:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25522 |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx. Published: May 08, 2024; 11:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |