Category: CVSS3 - MEDIUM
CVE-2023-37552

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component ...

Continue Reading

August 03, 2023

CVE-2023-37557

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based b ...

Continue Reading

August 03, 2023

CVE-2023-37555

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component ...

Continue Reading

August 03, 2023

CVE-2023-37545

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component t ...

Continue Reading

August 03, 2023

CVE-2023-38419

An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.  Note: Software versions which have reached End of Tec ...

Continue Reading

August 02, 2023

CVE-2023-38423

A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. ...

Continue Reading

August 02, 2023

CVE-2023-3470

Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account.  The predictable nature of the password allows an authenticated user wi ...

Continue Reading

August 02, 2023

CVE-2023-36494

Audit logs on F5OS-A may contain undisclosed sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.Read More ...

Continue Reading

August 02, 2023

CVE-2023-38419

An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.  Note: Software versions which have reached End of Tec ...

Continue Reading

August 02, 2023

CVE-2023-4067

The Bus Ticket Booking with Seat Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab_date' and 'tab_date_r' parameters in versions up to, and including, 5.2.3 ...

Continue Reading

August 02, 2023

Load more