Page 8 of 42 results (0.010 seconds)

CVSS: 4.4EPSS: 0%CPEs: 21EXPL: 0

The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory via unspecified vectors. Los componentes Edge Client en F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, y 14.x, BIG-IP Edge Gateway 10.x y 11.x y FirePass 7.0.0 permiten a atacantes obtener información sensible de la memoria de procesos a través de vectores no especificados. • http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14969.html http://www.kb.cert.org/vuls/id/146430 http://www.securityfocus.com/bid/65422 https://support.f5.com/csp/article/K14969 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 1%CPEs: 86EXPL: 0

The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.4.1; and WebAccelerator 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.3.0 might change a TCP connection to the ESTABLISHED state before receiving the ACK packet, which allows remote attackers to cause a denial of service (SIGFPE or assertion failure and TMM restart) via unspecified vectors. The Traffic Management Microkernel (TMM) en F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, y WOM 10.0.0 hasta la versión 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 hasta la versión 9.4.8, 10.0.0 hasta la versión 10.2.4, and 11.0.0 hasta la versión 11.4.1; y WebAccelerator 9.4.0 hasta la versión 9.4.8, 10.0.0 hasta la versión 10.2.4, and 11.0.0 hasta la versión 11.3.0 podría cambiar a una conexión TCP al estado ESTABLISHED antes de recibir el paquete ACK, lo que permite a atacantes remotos provocar una denegación de servicio (SIGFPE o error de aserción y reinicio TMM) a través de vectores no especificados. • http://secunia.com/advisories/55378 http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13233.html http://www.securitytracker.com/id/1029220 https://exchange.xforce.ibmcloud.com/vulnerabilities/88166 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web script or HTML via the LastMRH_Session cookie. Vulnerabilidad XSS en la política de accesos de la página de logout (logout.inc) en F5 BIG-IP APM v10.1.0 hasta v10.2.4 y v11.1.0 hasta v11.3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de la cookie LastMRH_Session. • http://secunia.com/advisories/54941 http://support.f5.com/kb/en-us/solutions/public/14000/700/sol14712.html http://www.securityfocus.com/bid/62596 http://www.securitytracker.com/id/1029079 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. La política de acceso en la página de inicio de sesión (logon.inc) en F5 BIG-IP APM v11.1.0 hasta v11.2.1 permite a atacantes remotos llevar a cabo ataques de clickjacking a través de vectores no especificados. • http://secunia.com/advisories/54844 http://support.f5.com/kb/en-us/solutions/public/14000/700/sol14700.html http://www.securitytracker.com/id/1029079 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 1%CPEs: 23EXPL: 0

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter. Vulnerabilidad de salto de directorio en una firma no especificada de un Applet Java en un componente client-side en F5 BIG-IP APM v10.1.0 hasta v10.2.4 y v11.0.0 hasta v11.3.0, FirePass v6.0.0 hasta v6.1.0 y v7.0.0, y otros productos "cuando APM se aprovisiona," permite que atacantes remotos puedan subir y ejecutar fichero de su elección a través de .. (punto punto) en el parámetro nombre de fichero. • http://secunia.com/advisories/53477 http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •