Page 40 of 225 results (0.004 seconds)

CVSS: 9.1EPSS: 0%CPEs: 92EXPL: 0

F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings. F5 BIG-IP versiones 15.0.0, 14.1.0 hasta 14.1.0.6, 14.0.0 hasta 14.0.0.5, 13.0.0 hasta 13.1.1.5, 12.1.0 hasta 12.1.4.1, 11.6.0 hasta 11.6.4 y 11.5.1 hasta 11.5.9 y Enterprise Manager versión 3.1.1, pueden exponer información confidencial y permitir que la configuración del sistema sea modificada cuando se usen configuraciones ConfigSync no predeterminadas. • https://support.f5.com/csp/article/K05123525 •

CVSS: 9.1EPSS: 2%CPEs: 81EXPL: 2

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. Las versiones de lodash inferiores a 4.17.12, son vulnerables a la Contaminación de Prototipo. La función defaultsDeep podría ser engañada para agregar o modificar las propiedades de Object.prototype usando una carga útil de constructor. A Prototype Pollution vulnerability was found in lodash. • https://github.com/ossf-cve-benchmark/CVE-2019-10744 https://access.redhat.com/errata/RHSA-2019:3024 https://security.netapp.com/advisory/ntap-20191004-0005 https://snyk.io/vuln/SNYK-JS-LODASH-450202 https://support.f5.com/csp/article/K47105354?utm_source=f5support&amp%3Butm_medium=RSS https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuoct2020.html https://access.redhat.com/security/cve/CVE-2019-10744 https://bugzilla.redhat.com/show_ • CWE-20: Improper Input Validation CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •

CVSS: 5.3EPSS: 0%CPEs: 78EXPL: 0

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, SNMP exposes sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is inserted into various profile types and accessed using SNMPv2. En BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4 y 11.5.1-11.5 .8, SNMP expone objetos de configuración sensibles sobre canales de transmisión no seguros. Este problema se expone cuando una frase de contraseña se inserta en varios tipos de perfil y se accede mediante SNMPv2. • http://www.securityfocus.com/bid/109089 https://support.f5.com/csp/article/K40443301 https://support.f5.com/csp/article/K40443301?utm_source=f5support&amp%3Butm_medium=RSS • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 4.8EPSS: 0%CPEs: 12EXPL: 0

On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting (XSS) issue. This is a control plane issue only and is not accessible from the data plane. The attack requires a malicious resource administrator to store the XSS. En BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, y 11.5.1-11.5.8, las páginas TMUI no reveladas para AFM y PEM Subscriber management son vulnerables a un problema almacenado de scripts Cross-Site (XSS). Este es solo un problema del plano de control y no es accesible desde el plano de datos. • http://www.securityfocus.com/bid/109064 https://support.f5.com/csp/article/K61002104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0

On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process. En BIG-IP 14.1.0-14.1.0.5 y 14.0.0-14.0.0.4, las solicitudes http mal formadas realizadas en un punto final REST de iControl no revelado pueden llevar a un bucle infinito del proceso de restjavad. • http://www.securityfocus.com/bid/109106 https://support.f5.com/csp/article/K67825238 https://support.f5.com/csp/article/K67825238?utm_source=f5support&amp%3Butm_medium=RSS • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •