Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-32761
Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is beyond an a...
NA
CVE-2024-32113
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: prior to 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue.
NA
CVE-2024-25526
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx.
NA
CVE-2024-25525
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx.
NA
CVE-2024-25560
When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
NA
CVE-2024-28883
An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an malicious user to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not ...
NA
CVE-2024-26579
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 up to and including 1.11.0, the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], ...
NA
CVE-2024-28889
When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions w...
NA
CVE-2024-27202
A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an malicious user to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technica...
NA
CVE-2024-28132
Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »