Page 6 of 37 results (0.005 seconds)

CVSS: 5.9EPSS: 0%CPEs: 50EXPL: 0

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, 11.2.1, in some cases TMM may crash when processing TCP traffic. This vulnerability affects TMM via a virtual server configured with TCP profile. Traffic processing is disrupted while Traffic Management Microkernel (TMM) restarts. If the affected BIG-IP system is configured to be part of a device group, it will trigger a failover to the peer device. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe en versiones de software de la 12.0.0 a la 12.1.2, de la 11.6.0 a la 11.6.1, de la 11.4.0 a la 11.5.4 y en la versión 11.2.1, en algunos casos, TMM podría cerrarse de manera inesperada cuando procesa tráfico TCP. • http://www.securityfocus.com/bid/101635 http://www.securitytracker.com/id/1039673 https://support.f5.com/csp/article/K13421245 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 0%CPEs: 111EXPL: 0

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM y WebSafe 11.5.1 HF6 hasta la versión 11.5.4 HF4, 11.6.0 hasta la versión 11.6.1 HF1 y 12.0.0 hasta la versión 12.1.2 solo en plataformas VIPRION, el script que sincroniza elementos de configuración SafeNet External Network HSM entre hojas en una implementación agrupada registrará la contraseña de partición HSM en texto en claro en el archivo de registro "/var/log/ltm". • http://www.securityfocus.com/bid/101543 http://www.securitytracker.com/id/1039638 https://support.f5.com/csp/article/K74759095 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 5.4EPSS: 0%CPEs: 136EXPL: 0

A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenada en la página de cambio de nombre del dispositivo de la utilidad Configuration en BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM y WebSafe versión 12.0.0 hasta 12.1.2, versión 11.4.0 hasta 11.6.1, y versión 11.2.1, permite a un usuario autenticado inyectar un script web o HTML arbitrario. La explotación requiere administrador de recursos o permisos de administrador, y podría causar que el cliente de la utilidad Configuration se vuelva inestable. • http://www.securityfocus.com/bid/95320 http://www.securitytracker.com/id/1037559 http://www.securitytracker.com/id/1037560 https://support.f5.com/csp/article/K97285349 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 68EXPL: 0

The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1 HF10 may suffer from a memory leak while handling certain types of TCP traffic. Remote attackers may cause a denial of service (DoS) by way of a crafted TCP packet. El Traffic Management Microkernel (TMM) en F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM y WebSafe versión 11.6.0 y anteriores a 11.6.0 HF6, versión 11.5.0 y anteriores a 11.5.3 HF2 , y versión 11.3.0 y anteriores a 11.4.1 HF10, puede sufrir una fuga de memoria al manejar ciertos tipos de tráfico TCP. Los atacantes remotos pueden causar una denegación de servicio (DoS) a través de un paquete TCP manipulado. • http://www.securityfocus.com/bid/94353 http://www.securitytracker.com/id/1037274 https://support.f5.com/csp/#/article/K87416818 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 134EXPL: 0

In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism. En F5 BIG-IP 11.2.1, 11.4.0 a 11.6.1 y 12.0.0 a 12.1.2, un usuario no autenticado con acceso al panel de control puede ser capaz de borrar archivos arbitrarios a través de un mecanismo no revelado. • https://support.f5.com/csp/article/K55792317 • CWE-264: Permissions, Privileges, and Access Controls •