NotCVE - vendor:"F5" product:"Traffix Signaling Delivery Controller" version:"5.2.0"

3 results (0.004 seconds)

CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-27880

https://notcve.org/view.php?id=CVE-2022-27880

05 May 2022 — On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated En F5 Traffix SDC versiones 5.2.x anteriores a 5.2.2 y en versiones 5.1.x anteriores a 5.1.35, Se presenta una vulnerabi... • https://support.f5.com/csp/article/K17341495 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-27662

https://notcve.org/view.php?id=CVE-2022-27662

05 May 2022 — On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated En F5 Traffix SDC versiones 5.2.x anteriores a 5.2.2 y en las versiones 5.1.x anteriores a 5.1.35, Se pres... • https://support.f5.com/csp/article/K24248011 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •

CVSS: 7.5EPSS: 4%CPEs: 60EXPL: 2

CVE-2002-20001

https://notcve.org/view.php?id=CVE-2002-20001

11 Nov 2021 — The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it c... • https://github.com/c0r0n3r/dheater • CWE-400: Uncontrolled Resource Consumption •