Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
user access manager vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2021-40124
A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local malicious user to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to script...
Cisco Anyconnect Secure Mobility Client
6.8
CVSSv2
CVE-2020-5948
On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user ...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Access Policy Manager 16.0.0
F5 Big-ip Advanced Firewall Manager 16.0.0
F5 Big-ip Analytics 16.0.0
F5 Big-ip Application Acceleration Manager 16.0.0
F5 Big-ip Application Security Manager 16.0.0
F5 Big-ip Domain Name System 16.0.0
F5 Big-ip Fraud Protection Service 16.0.0
F5 Big-ip Global Traffic Manager 16.0.0
F5 Big-ip Link Controller 16.0.0
F5 Big-ip Local Traffic Manager 16.0.0
F5 Big-ip Policy Enforcement Manager 16.0.0
2.1
CVSSv2
CVE-2018-11055
RSA BSAFE Micro Edition Suite, versions before 4.0.11 (in 4.0.x) and before 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing th...
Dell Bsafe
Oracle Application Testing Suite 13.3.0.1
Oracle Communications Analytics 12.1.1
Oracle Communications Ip Service Activator 7.3.0
Oracle Communications Ip Service Activator 7.4.0
Oracle Core Rdbms 11.2.0.4
Oracle Core Rdbms 12.1.0.2
Oracle Core Rdbms 12.2.0.1
Oracle Core Rdbms 18c
Oracle Core Rdbms 19c
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Enterprise Manager Ops Center 12.4.0
Oracle Goldengate Application Adapters 12.3.2.1.0
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Real User Experience Insight 13.1.2.1
Oracle Real User Experience Insight 13.2.3.1
Oracle Real User Experience Insight 13.3.1.0
Oracle Retail Predictive Application Server 15.0.3
Oracle Retail Predictive Application Server 16.0.3.0
Oracle Security Service 11.1.1.9.0
Oracle Security Service 12.1.3.0.0
Oracle Security Service 12.2.1.3.0
6
CVSSv2
CVE-2022-27878
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC) all versions before 9.0, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an ...
F5 Big-ip Local Traffic Manager 13.1.0
F5 Big-ip Application Acceleration Manager 13.1.0
F5 Big-ip Advanced Firewall Manager 13.1.0
F5 Big-ip Analytics 13.1.0
F5 Big-ip Access Policy Manager 13.1.0
F5 Big-ip Application Security Manager 13.1.0
F5 Big-ip Global Traffic Manager 13.1.0
F5 Big-ip Link Controller 13.1.0
F5 Big-ip Policy Enforcement Manager 13.1.0
F5 Big-ip Domain Name System 13.1.0
F5 Big-ip Access Policy Manager 14.1.0
F5 Big-ip Advanced Firewall Manager 14.1.0
F5 Big-ip Advanced Firewall Manager 15.1.0
F5 Big-ip Analytics 14.1.0
F5 Big-ip Application Acceleration Manager 14.1.0
F5 Big-ip Application Acceleration Manager 15.1.0
F5 Big-ip Application Security Manager 14.1.0
F5 Big-ip Domain Name System 14.1.0
F5 Big-ip Domain Name System 15.1.0
F5 Big-ip Fraud Protection Service 13.1.0
F5 Big-ip Fraud Protection Service 14.1.0
F5 Big-ip Fraud Protection Service 15.1.0
10
CVSSv2
CVE-2007-6330
Meridian Prolog Manager 2007, and 7.5 and previous versions, sends all usernames and passwords to the client in a (1) cleartext or (2) weakly encrypted format to support client-side login authentication, which makes it easier for remote malicious users to obtain database access b...
Meridian Software Prolog Manager 7.0
Meridian Software Prolog Manager 7.5
Meridian Software Prolog Manager 2007
3.6
CVSSv2
CVE-2019-6633
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource Administrator roles can bypass Appliance mode restrictions.
F5 Big-ip Local Traffic Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Access Policy Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Edge Gateway
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
3.5
CVSSv2
CVE-2018-5520
On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources.
F5 Big-ip Local Traffic Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Access Policy Manager
F5 Big-ip Application Security Manager
F5 Big-ip Edge Gateway
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
F5 Big-ip Domain Name System
6.4
CVSSv2
CVE-2020-24977
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
Xmlsoft Libxml2 2.9.10
Debian Debian Linux 9.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Opensuse Leap 15.1
Opensuse Leap 15.2
Netapp Snapdrive -
Netapp Clustered Data Ontap -
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Active Iq Unified Manager
Netapp Manageability Software Development Kit -
Netapp Inventory Collect Tool -
Netapp Hci H410c Firmware -
Oracle Http Server 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Http Server 12.2.1.4.0
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Enterprise Manager Base Platform 13.5.0.0
Oracle Mysql Workbench
Oracle Real User Experience Insight 13.4.1.0
4.3
CVSSv2
CVE-2019-6625
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI) also known as the BIG-IP Configuration utility.
F5 Big-ip Local Traffic Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Access Policy Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Edge Gateway
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
4.3
CVSSv2
CVE-2021-3537
A vulnerability found in libxml2 in versions prior to 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the applic...
Xmlsoft Libxml2
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Jboss Core Services -
Redhat Enterprise Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Netapp Ontap Select Deploy Administration Utility -
Netapp Clustered Data Ontap -
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Snapdrive -
Netapp Active Iq Unified Manager -
Netapp Manageability Software Development Kit -
Netapp Hci H410c Firmware -
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Openjdk 8
Oracle Enterprise Manager Base Platform 13.5.0.0
Oracle Mysql Workbench
Oracle Real User Experience Insight 13.4.1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »