Page 2 of 57 results (0.003 seconds)

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una verificación insuficiente de la vulnerabilidad de los datos en BIG-IP Edge Client Installer en macOS que puede permitir que un atacante aumente sus privilegios durante el proceso de instalación. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000135040 • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 7.5EPSS: 83%CPEs: 444EXPL: 7

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 0

BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Los clientes BIG-IP APM pueden enviar tráfico IP fuera del túnel VPN. Nota: Las versiones de software que han llegado al Final del Soporte Técnico (EoTS) no se evalúan • https://my.f5.com/manage/s/article/K000136909 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0

BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Los clientes BIG-IP APM pueden enviar tráfico IP fuera del túnel VPN. Nota: Las versiones de software que han llegado al Final del Soporte Técnico (EoTS) no se evalúan • https://my.f5.com/manage/s/article/K000136907 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 5.4EPSS: 0%CPEs: 95EXPL: 0

A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de Cross-Site Scripting (XSS) en una página no revelada de la utilidad de configuración de BIG-IP que permite a un atacante ejecutar JavaScript en el contexto del usuario actualmente conectado. Nota: No se evalúan las versiones de software que han alcanzado el fin de soporte técnico (EoTS). • https://my.f5.com/manage/s/article/K000134535 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •