Page 46 of 304 results (0.013 seconds)

CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0

When BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 are processing certain rare data sequences occurring in PPTP VPN traffic, the BIG-IP system may execute incorrect logic. The TMM may restart and produce a core file as a result of this condition. The BIG-IP system provisioned with the CGNAT module and configured with a virtual server using a PPTP profile is exposed to this vulnerability. Cuando BIG-IP versión 14.0.0- versión 14.1.0.1,versión 13.0.0-versión 13.1.1.4,versión 12.1.0-versión 12.1.4, versión 11.6.1-versión 11.6.3.4 y versión 11.5.2- versión 11.5.8 están procesando ciertas secuencias de datos raras ocurriendo en el tráfico PPTP VPN, el sistema BIG-IP puede ejecutar una lógica incorrecta. El TMM puede reiniciarse y generar un archivo principal como resultado de esta condición. • http://www.securityfocus.com/bid/108187 https://support.f5.com/csp/article/K47527163 •

CVSS: 8.6EPSS: 0%CPEs: 78EXPL: 0

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. • https://kb.isc.org/docs/cve-2018-5743 https://support.f5.com/csp/article/K74009656?utm_source=f5support&amp%3Butm_medium=RSS https://www.synology.com/security/advisory/Synology_SA_19_20 https://access.redhat.com/security/cve/CVE-2018-5743 https://bugzilla.redhat.com/show_bug.cgi?id=1702541 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 9.8EPSS: 0%CPEs: 351EXPL: 0

Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1 HF2-12.1.4, the secureKeyCapable attribute was not set which causes secure vault to not use the F5 hardware support to store the unit key. Instead the unit key is stored in plaintext on disk as would be the case for Z100 systems. Additionally this causes the unit key to be stored in UCS files taken on these platforms. • https://support.f5.com/csp/article/K18535734 • CWE-522: Insufficiently Protected Credentials •

CVSS: 7.1EPSS: 0%CPEs: 52EXPL: 0

On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, the snmpd daemon may leak memory on a multi-blade BIG-IP vCMP guest when processing authorized SNMP requests. En BIG-IP, 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1 y 14.0.0-14.0.0.2, bajo ciertas circunstancias, el demonio snmpd podría divulgar memoria en un invitado BIG-IP vCMP con varios blades al procesar peticiones SNMP autorizadas. • https://support.f5.com/csp/article/K12139752 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0

On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, there is a stored cross-site scripting vulnerability in an ASM violation viewed in the Configuration utility. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. En BIG-IP ASM, en versiones 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.3 y 14.0.0-14.0.0.2, hay una vulnerabilidad de Cross-Site Scripting (XSS) persistente en una violación ASM visualizada en la utilidad "Configuration". En el peor de los casos, un atacante puede almacenar un Cross-Site Request Forgery (CSRF), lo que conduce a la ejecución de código como el usuario administrador. • http://www.securityfocus.com/bid/107630 https://support.f5.com/csp/article/K14812883 • CWE-352: Cross-Site Request Forgery (CSRF) •