25 matches found
CVE-2019-8331
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CVE-2014-0196
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition in...
CVE-2019-6638
On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process.
CVE-2019-6641
On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl REST processes to crash. The attack can only come from an authenticated user; all roles are capable of performing the attack. Unauthenticated users cannot perform this attack.
CVE-2019-6657
On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility.
CVE-2019-6634
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, a high volume of malformed analytics report requests leads to instability in restjavad process. This causes issues with both iControl REST and some portions of TMUI. The attack requires an authenticated user with any ro...
CVE-2019-6662
On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data.
CVE-2020-5892
In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory.
CVE-2023-41964
The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2019-6625
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI) also known as the BIG-IP Configuration utility.
CVE-2019-6600
In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the login page. This can lead to ...
CVE-2018-15315
On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a reflected Cross Site Scripting (XSS) vulnerability in an undisclosed Configuration Utility page.
CVE-2019-6589
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility.
CVE-2018-15322
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause ...
CVE-2019-6604
On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, hardware systems with a High-Speed Bridge and using non-default Layer 2 forwarding configurations may experience a lockup of the High-Speed Bridge.
CVE-2023-3470
Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information re...
CVE-2017-6158
In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 there is a vulnerability in TMM related to handling of invalid IP addresses.
CVE-2015-6546
The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, and LTM 11.0.0 before 11.6.0, BIG-IP AAM 11.4.0 before 11.6.0, BIG-IP AFM and PEM 11.3.0 before 11.6.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0, BIG-IP PSM 11.0.0 through 11.4.1 allows remote attackers ...
CVE-2018-15312
On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an authenticated user to execute JavaScript for the currently logged-in user.
CVE-2019-6617
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. This is contrary to o...
CVE-2018-5521
On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS.
CVE-2019-6614
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite ar...
CVE-2017-6156
When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary credenti...
CVE-2018-5515
On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event.
CVE-2020-5915
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored XSS when BIG-IP systems are setup in a device trust.