Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web security appliance vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-36359
This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP Inspection component. The issue ...
NA
CVE-2024-20353
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote malicious user to cause the device to reload unexpectedly, resulting in a denial of ...
Cisco Adaptive Security Appliance Software 9.16.1
Cisco Adaptive Security Appliance Software 9.8.2
Cisco Adaptive Security Appliance Software 9.8.3.18
Cisco Adaptive Security Appliance Software 9.8.3.26
Cisco Adaptive Security Appliance Software 9.12.2
Cisco Adaptive Security Appliance Software 9.8.2.24
Cisco Adaptive Security Appliance Software 9.8.3.16
Cisco Adaptive Security Appliance Software 9.8.4.29
Cisco Adaptive Security Appliance Software 9.12.2.5
Cisco Adaptive Security Appliance Software 9.12.4.4
Cisco Adaptive Security Appliance Software 9.8.2.20
Cisco Adaptive Security Appliance Software 9.8.4
Cisco Adaptive Security Appliance Software 9.8.4.26
Cisco Adaptive Security Appliance Software 9.14.1.30
Cisco Adaptive Security Appliance Software 9.14.1.15
Cisco Adaptive Security Appliance Software 9.8.2.26
Cisco Adaptive Security Appliance Software 9.8.2.28
Cisco Adaptive Security Appliance Software 9.8.2.33
Cisco Adaptive Security Appliance Software 9.8.2.35
Cisco Adaptive Security Appliance Software 9.8.2.38
Cisco Adaptive Security Appliance Software 9.8.4.8
Cisco Adaptive Security Appliance Software 9.8.4.10
1 Github repository
3 Articles
NA
CVE-2024-20277
A vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote malicious user to perform a command injection and elevate privileges to root. This vulnerability is due to insuf...
Cisco Thousandeyes Enterprise Agent
NA
CVE-2024-21887
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
Ivanti Connect Secure 22.1
Ivanti Connect Secure 22.2
Ivanti Connect Secure 9.1
Ivanti Policy Secure 22.2
Ivanti Policy Secure 22.1
Ivanti Policy Secure 9.1
Ivanti Connect Secure 22.5
Ivanti Connect Secure 22.4
Ivanti Connect Secure 22.3
Ivanti Connect Secure 22.6
Ivanti Policy Secure 22.3
Ivanti Policy Secure 22.6
Ivanti Policy Secure 22.5
Ivanti Policy Secure 22.4
Ivanti Connect Secure 9.0
Ivanti Policy Secure 9.0
2 Metasploit modules
14 Github repositories
11 Articles
NA
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0
Nghttp2 Nghttp2
Netty Netty
Envoyproxy Envoy 1.27.0
Envoyproxy Envoy 1.26.4
Envoyproxy Envoy 1.25.9
Envoyproxy Envoy 1.24.10
Eclipse Jetty
Caddyserver Caddy
Golang Http2
Golang Go
Golang Networking
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
35 Github repositories
2 Articles
NA
CVE-2023-41373
A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated malicious user to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the malicious user to cross a secur...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Local Traffic Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
NA
CVE-2023-43746
When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the malicious user to cross a security boundary. Note: So...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Local Traffic Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
NA
CVE-2023-20215
A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote malicious user to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper...
Cisco Asyncos 11.7.0-406
Cisco Asyncos 11.7.0-418
Cisco Asyncos 11.7.1-006
Cisco Asyncos 11.7.1-020
Cisco Asyncos 11.7.1-049
Cisco Asyncos 11.7.2-011
Cisco Asyncos 11.8.0-414
Cisco Asyncos 11.8.1-023
Cisco Asyncos 11.8.3-018
Cisco Asyncos 11.8.3-021
Cisco Asyncos 12.0.1-268
Cisco Asyncos 12.0.3-007
Cisco Asyncos 12.5.1-011
Cisco Asyncos 12.5.2-007
Cisco Asyncos 12.5.4-005
Cisco Asyncos 12.5.5-004
Cisco Asyncos 14.0.2-012
Cisco Asyncos 14.0.3-014
Cisco Asyncos 14.0.4-005
Cisco Asyncos 14.5.0-498
Cisco Asyncos 14.5.1-008
Cisco Asyncos 14.5.1-016
NA
CVE-2023-20028
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA),...
Cisco Secure Email Gateway 14.0.1-053
Cisco Web Security Appliance 14.0.1-053
Cisco Secure Email And Web Manager 14.0.1-053
Cisco Secure Email And Web Manager 15.0.0-256
Cisco Secure Email Gateway 15.0.0-256
Cisco Web Security Appliance 15.0.0-256
Cisco Secure Email And Web Manager 14.0.1-033
Cisco Secure Email Gateway 14.0.1-033
Cisco Web Security Appliance 14.0.1-033
Cisco Secure Email And Web Manager 14.0.0-418
Cisco Secure Email Gateway 14.0.0-418
Cisco Web Security Appliance 14.0.0-418
Cisco Secure Email And Web Manager 15.0.0-050
Cisco Secure Email Gateway 15.0.0-050
Cisco Web Security Appliance 15.0.0-050
NA
CVE-2023-20119
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance (SMA) could allow an unauthenticated, remote malicious user to conduct a cross-site scripting (XSS) atta...
Cisco Secure Email Gateway 14.0.1-053
Cisco Web Security Appliance 14.0.1-053
Cisco Secure Email And Web Manager 14.0.1-053
Cisco Secure Email And Web Manager 15.0.0-256
Cisco Secure Email Gateway 15.0.0-256
Cisco Web Security Appliance 15.0.0-256
Cisco Secure Email And Web Manager 14.0.1-033
Cisco Secure Email Gateway 14.0.1-033
Cisco Web Security Appliance 14.0.1-033
Cisco Secure Email And Web Manager 14.0.0-418
Cisco Secure Email Gateway 14.0.0-418
Cisco Web Security Appliance 14.0.0-418
Cisco Secure Email And Web Manager 15.0.0-050
Cisco Secure Email Gateway 15.0.0-050
Cisco Web Security Appliance 15.0.0-050
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »