Export limit exceeded: 363821 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363821 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363821 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-27736 | 1 Siemens | 6 Nucleus Net, Nucleus Readystart V3, Nucleus Readystart V4 and 3 more | 2024-11-21 | 6.5 Medium |
| A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the read memory. | ||||
| CVE-2020-27735 | 1 Wftpserver | 1 Wing Ftp Server | 2024-11-21 | 6.1 Medium |
| An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser. | ||||
| CVE-2020-27733 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 8.8 High |
| Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. | ||||
| CVE-2020-27730 | 2 F5, Netapp | 2 Nginx Controller, Cloud Backup | 2024-11-21 | 9.8 Critical |
| In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities. | ||||
| CVE-2020-27729 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 6.1 Medium |
| In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, an undisclosed link on the BIG-IP APM virtual server allows a malicious user to build an open redirect URI. | ||||
| CVE-2020-27728 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2024-11-21 | 7.5 High |
| On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, under certain conditions, Analytics, Visibility, and Reporting daemon (AVRD) may generate a core file and restart on the BIG-IP system when processing requests sent from mobile devices. | ||||
| CVE-2020-27727 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 4.9 Medium |
| On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, when an authenticated administrative user installs RPMs using the iAppsLX REST installer, the BIG-IP system does not sufficiently validate user input, allowing the user read access to the filesystem. | ||||
| CVE-2020-27726 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 6.1 Medium |
| In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. | ||||
| CVE-2020-27725 | 1 F5 | 3 Big-ip Domain Name System, Big-ip Global Traffic Manager, Big-ip Link Controller | 2024-11-21 | 4.3 Medium |
| In version 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 of BIG-IP DNS, GTM, and Link Controller, zxfrd leaks memory when listing DNS zones. Zones can be listed via TMSH, iControl or SNMP; only users with access to those services can trigger this vulnerability. | ||||
| CVE-2020-27724 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 6.5 Medium |
| In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, on systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic over the tunnel. | ||||
| CVE-2020-27723 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 7.5 High |
| In versions 14.1.0-14.1.3 and 13.1.0-13.1.3.4, a BIG-IP APM virtual server processing PingAccess requests may lead to a restart of the Traffic Management Microkernel (TMM) process. | ||||
| CVE-2020-27722 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 6.5 Medium |
| In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, under certain conditions, the VDI plugin does not observe plugin flow-control protocol causing excessive resource consumption. | ||||
| CVE-2020-27721 | 1 F5 | 2 Big-ip Domain Name System, Big-ip Global Traffic Manager | 2024-11-21 | 7.5 High |
| In versions 16.0.0-16.0.0.1, 15.1.0-15.1.1, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, in a BIG-IP DNS / BIG-IP LTM GSLB deployment, under certain circumstances, the BIG-IP DNS system may stop using a BIG-IP LTM virtual server for DNS response. | ||||
| CVE-2020-27720 | 1 F5 | 2 Big-ip Carrier-grade Nat, Big-ip Local Traffic Manager | 2024-11-21 | 7.5 High |
| On BIG-IP LTM/CGNAT version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, when processing NAT66 traffic with Port Block Allocation (PBA) mode and SP-DAG enabled, and dag-ipv6-prefix-len configured with a value less than the default of 128, an undisclosed traffic pattern may cause the Traffic Management Microkernel (TMM) to restart. | ||||
| CVE-2020-27719 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-11-21 | 6.1 Medium |
| On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. | ||||
| CVE-2020-27718 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2024-11-21 | 7.5 High |
| When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, or 11.6.1-11.6.5.2 processes requests with JSON payload, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. | ||||
| CVE-2020-27717 | 1 F5 | 1 Big-ip Domain Name System | 2024-11-21 | 7.5 High |
| On BIG-IP DNS 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, undisclosed series of DNS requests may cause TMM to restart and generate a core file. | ||||
| CVE-2020-27716 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 7.5 High |
| On versions 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when a BIG-IP APM virtual server processes traffic of an undisclosed nature, the Traffic Management Microkernel (TMM) stops responding and restarts. | ||||
| CVE-2020-27715 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 7.5 High |
| On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the BIG-IP management interface via port 443 can cause high (~100%) CPU utilization by the httpd daemon. | ||||
| CVE-2020-27714 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2024-11-21 | 7.5 High |
| On the BIG-IP AFM version 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, when a Protocol Inspection Profile is attached to a FastL4 virtual server with the protocol field configured to either Other or All Protocols, the TMM may experience a restart if the profile processes non-TCP traffic. | ||||