| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs. |
| On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event. |
| On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue. |
| On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue. |
| On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management Microkernel (TMM) may restart when processing a specific sequence of packets on IPv6 virtual servers. |
| On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. With the fix of this issue, additional configuration validation logic has been added to prevent this configuration from being applied to a virtual server. There is only data plane exposure to this issue with a non-standard configuration. There is no control plane exposure. |
| On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action. |
| ATTO FibreBridge 7500N firmware version 2.95 is susceptible to a vulnerability which allows attackers to cause a Denial of Service (DoS). |
| Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access. |
| Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user. |
| Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user. |
| NetApp E-Series SANtricity OS Controller Software 11.30 and later version 11.30.5 is susceptible to unauthenticated remote code execution. |
| NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution. |
| NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution. |
| An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information. |
| Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash. |
| An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user. |
| An Improper Input Validation issue was discovered in Nari PCS-9611 relay. An improper input validation vulnerability has been identified that affects a service within the software that may allow a remote attacker to arbitrarily read/access system resources and affect the availability of the system. |
| An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages. |
| The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Server: versions up to and including 7.8.1; 7.9.0; 7.10.0; 7.11.0; 7.12.0. |
