CVE-2016-5235
https://notcve.org/view.php?id=CVE-2016-5235
A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe Dashboard 3.9.x and earlier, aka F5 WebSafe Alert Server, allows an unauthenticated user to inject HTML via a crafted alert. Una vulnerabilidad Cross-Site Scripting (XSS) en las versiones de F5 WebSafe Dashboard 3.9.x y anteriores, también conocido como F5 WebSafe Alert Server, permite a un usuario no autenticado inyectar HTML mediante una alerta manipulada. • https://support.f5.com/csp/article/K48572812 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-6615
https://notcve.org/view.php?id=CVE-2019-6615
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems. En BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, y 11.5.2-11.5.8, los roles de Administrador y "Resource Administrator" podrían explotar el acceso TMSH saltandose las restricciones del "Appliance Mode" en sistemas BIG-IP. • http://www.securityfocus.com/bid/108189 https://support.f5.com/csp/article/K87659521 •
CVE-2018-5545
https://notcve.org/view.php?id=CVE-2018-5545
On F5 WebSafe Alert Server 1.0.0-4.2.6, a malicious, authenticated user can execute code on the alert server by using a maliciously crafted payload. En F5 WebSafe Alert Server 1.0.0-4.2.6, un usuario autenticado malicioso puede ejecutar código en el servidor de alerta mediante el uso de una carga útil maliciosamente manipulada. • http://www.securityfocus.com/bid/105344 https://support.f5.com/csp/article/K20226900 • CWE-20: Improper Input Validation •
CVE-2018-5530
https://notcve.org/view.php?id=CVE-2018-5530
F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb". Los servidores virtuales F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5 o 11.6.0-11.6.3.1 con perfiles HTTP/2 habilitados son vulnerables a "HPACK Bomb". • http://www.securityfocus.com/bid/104908 https://support.f5.com/csp/article/K45611803 • CWE-400: Uncontrolled Resource Consumption •
CVE-2018-5537
https://notcve.org/view.php?id=CVE-2018-5537
A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end. Un atacante remoto podría ser capaz de interrumpir los servicios en F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1 o 11.2.1-11.5.6 si el servidor virtual TMM está configurado con un perfil HTML o Rewrite. TMM podría reiniciarse al procesar contenido HTML preparado del back end. • https://support.f5.com/csp/article/K94105051 • CWE-20: Improper Input Validation •