94 matches found
K19784568: TMM vulnerability CVE-2016-5023
Security Advisory Description Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 HF4 through HF10, 11.5.3 through 11.5.4, 11.6.0 HF5 through HF7, and 12.0.0, when configured with a TCP profile, allow remote attackers to cause a denial of service Traffic Management Microkernel...
K48351130: Linux kernel vulnerability CVE-2019-16714
Security Advisory Description In the Linux kernel before 5.2.14, rds6incinfocopy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. CVE-2019-16714 Impact This vulnerability may allow attackers to obtain...
K98008862: OpenLDAP vulnerability CVE-2019-13565
Security Advisory Description An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any...
K11186236: Linux kernel KVM subsystem vulnerability CVE-2019-6974
Security Advisory Description In the Linux kernel before 4.20.8, kvmioctlcreatedevice in virt/kvm/kvmmain.c mishandles reference counting because of a race condition, leading to a use-after-free. CVE-2019-6974 Impact BIG-IP An attacker may use this vulnerability to cause a vCMP guest to crash,...
F5 Traffix SDC Cross-Site Template Injection Vulnerability
F5 Traffix Signaling Delivery Controller F5 Traffix SDC is a signaling delivery controller from F5 USA, Inc. F5 Traffix SDC is vulnerable to cross-site template injection, which can be exploited by attackers to execute language-specific commands in the template server context...
F5 Traffix SDC Cross-Site Scripting Vulnerability
The F5 Traffix Signaling Delivery Controller F5 Traffix SDC is a signaling delivery controller from F5, Inc. It is used to provide operators with total connectivity, unlimited scalability and total control. A cross-site scripting vulnerability exists in F5 Traffix SDC, which can be exploited by a...
Vulnerabilities fixed in F5 products
Vulnerabilities have been fixed in products from F5, including BIG-IP and Traffix SDC. The vulnerabilities allow a malicious able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of...
CVE-2022-27880
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user...
CVE-2022-27662
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context...
CVE-2022-27880
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user...
Cross site scripting
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user...
Cross site scripting
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context...
CVE-2022-27880
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user...
CVE-2022-27880
CVE-2022-27880 (F5 Traffix SDC) : A stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility. Affected versions are 5.2.x prior to 5.2.2 and 5.1.x prior to 5.1.35. An authenticated attacker can store malicious HTML/JavaScript that exec...
CVE-2022-27662
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context...
CVE-2022-27662
CVE-2022-27662 affects F5 Traffix SDC: stored Cross-Site Template Injection in the Traffix SDC Configuration utility. Affected versions are 5.2.x prior to 5.2.2 and 5.1.x prior to 5.1.35. The underlying issue enables an attacker to execute template language-specific instructions in the server con...
F5 Traffix SDC 安全漏洞
F5 Traffix Signaling Delivery Controller F5 Traffix SDC is a signaling delivery controller from F5 USA, Inc. F5 Traffix SDC is vulnerable to cross-site template injection, which can be exploited by attackers to execute language-specific commands in the template server context...
F5 Traffix SDC 跨站脚本漏洞
The F5 Traffix Signaling Delivery Controller F5 Traffix SDC is a signaling delivery controller from F5, Inc. It is used to provide operators with total connectivity, unlimited scalability and total control. A cross-site scripting vulnerability exists in F5 Traffix SDC, which can be exploited by a...
CVE-2022-27662
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context...
F5 Networks BIG-IP : Linux kernel vulnerability (K40523020)
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdromioctldrivestatus in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940...