CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5235
https://notcve.org/view.php?id=CVE-2016-5235
01 Jul 2019 — A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe Dashboard 3.9.x and earlier, aka F5 WebSafe Alert Server, allows an unauthenticated user to inject HTML via a crafted alert. Una vulnerabilidad Cross-Site Scripting (XSS) en las versiones de F5 WebSafe Dashboard 3.9.x y anteriores, también conocido como F5 WebSafe Alert Server, permite a un usuario no autenticado inyectar HTML mediante una alerta manipulada. • https://support.f5.com/csp/article/K48572812 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 65EXPL: 0CVE-2019-6615
https://notcve.org/view.php?id=CVE-2019-6615
03 May 2019 — On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems. En BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, y 11.5.2-11.5.8, los roles de Administrador y "Resource Administrator" podrían explotar el acceso TMSH saltandose las restricciones del "Appliance Mode" en sistemas BIG-IP. • http://www.securityfocus.com/bid/108189 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5545
https://notcve.org/view.php?id=CVE-2018-5545
13 Sep 2018 — On F5 WebSafe Alert Server 1.0.0-4.2.6, a malicious, authenticated user can execute code on the alert server by using a maliciously crafted payload. En F5 WebSafe Alert Server 1.0.0-4.2.6, un usuario autenticado malicioso puede ejecutar código en el servidor de alerta mediante el uso de una carga útil maliciosamente manipulada. • http://www.securityfocus.com/bid/105344 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2018-5530
https://notcve.org/view.php?id=CVE-2018-5530
25 Jul 2018 — F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb". Los servidores virtuales F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5 o 11.6.0-11.6.3.1 con perfiles HTTP/2 habilitados son vulnerables a "HPACK Bomb". • http://www.securityfocus.com/bid/104908 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 40EXPL: 0CVE-2018-5537
https://notcve.org/view.php?id=CVE-2018-5537
25 Jul 2018 — A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end. Un atacante remoto podría ser capaz de interrumpir los servicios en F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1 o 11.2.1-11.5.6 si el servidor virtual TMM está configurado con un perfil HTML o Rewrite. ... • https://support.f5.com/csp/article/K94105051 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 13EXPL: 0CVE-2018-5527
https://notcve.org/view.php?id=CVE-2018-5527
27 Jun 2018 — On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel (tmm) to leak memory. As a result, system memory usage increases over time, which may eventually cause a decrease in performance or a system reboot due to memory exhaustion. En BIG-IP 13.1.0-13.1.0.7, un atacante remoto que emplea métodos no revelados contra servidores virt... • http://www.securitytracker.com/id/1041196 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2018-5513
https://notcve.org/view.php?id=CVE-2018-5513
01 Jun 2018 — On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue. En F5 BIG-IP, 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5 o en la versión 11.2.1, un handshake TLS mal formado hace que TMM se cierre inesperadamente, lo que conduce a ... • http://www.securitytracker.com/id/1041017 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 52EXPL: 0CVE-2018-5521
https://notcve.org/view.php?id=CVE-2018-5521
01 Jun 2018 — On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS. En F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5 o 11.2.1, las URL cuidadosamente manipuladas pueden emplearse para reflejar contenido arbitrario en las respuestas de búsqueda GeoIP, exponiendo potencialmente a los clientes a Cross-Site Scripting (XSS). • http://www.securitytracker.com/id/1041021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 65EXPL: 0CVE-2018-5522
https://notcve.org/view.php?id=CVE-2018-5522
01 Jun 2018 — On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash. En F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5 o 11.2.1, al procesar transacciones DIAMETER con pares de atributos de valores de transacciones, TMM podría cerrarse inesperadamente. • http://www.securityfocus.com/bid/104384 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2018-5517
https://notcve.org/view.php?id=CVE-2018-5517
02 May 2018 — On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs. En F5 BIG-IP 13.1.0-13.1.0.5, los paquetes TCP mal formados enviados a una dirección IP propia o a un servidor virtual FastL4 podrían provocar una interrupción en el servicio. El plano de control no se ha visto expuesto a este problema. • http://www.securitytracker.com/id/1040805 • CWE-20: Improper Input Validation •