CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5928
https://notcve.org/view.php?id=CVE-2020-5928
26 Aug 2020 — In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, BIG-IP ASM Configuration utility CSRF protection token can be reused multiple times. En las versiones 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1 y 11.6.1-11.6.5.1 , el token de protección de CSRF de la utilidad BIG-IP ASM Configuration puede ser reutilizada varias veces • https://support.f5.com/csp/article/K40843345 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5914
https://notcve.org/view.php?id=CVE-2020-5914
26 Aug 2020 — In BIG-IP ASM versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed server cookie scenario may cause BD to restart under some circumstances. En BIG-IP ASM versiones 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1 y 11.6.1 -11.6.5.1, un escenario de cookie de servidor no revelada puede causar que BD se reinicie bajo algunas circunstancias • https://support.f5.com/csp/article/K37466356 •
CVSS: 7.2EPSS: 0%CPEs: 55EXPL: 0CVE-2020-5907
https://notcve.org/view.php?id=CVE-2020-5907
01 Jul 2020 — In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an authorized user provided with access only to the TMOS Shell (tmsh) may be able to conduct arbitrary file read/writes via the built-in sftp functionality. En BIG-IP versiones 15.0.0 hasta 15.1.0.3, 14.1.0 hasta 14.1.2.3, 13.1.0 hasta 13.1.3.3, 12.1.0 hasta 12.1.5.1 y 11.6.1 hasta 11.6.5.1, un usuario autorizado proporcionado con acceso solo a TMOS Shell (tmsh) puede ser capaz de conducir lecturas y ... • https://support.f5.com/csp/article/K00091341 •
CVSS: 7.8EPSS: 0%CPEs: 68EXPL: 0CVE-2020-5858
https://notcve.org/view.php?id=CVE-2020-5858
27 Mar 2020 — On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated privilege via a crafted tmsh command. En BIG-IP versiones 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5 y 11.5.2-11.6.5.1 y BIG-IQ versiones 7.0. 0, 6.0.0-6.1.0 y 5.2.0-5.4.0, los usuarios con roles ... • https://support.f5.com/csp/article/K36814487 •
CVSS: 8.1EPSS: 0%CPEs: 58EXPL: 0CVE-2020-5860
https://notcve.org/view.php?id=CVE-2020-5860
27 Mar 2020 — On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in Device Service Cluster (DSC), the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security (TLS). En BIG-IP versiones 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1 y 11.5.2-11.6.5.1 y BIG-IQ versiones 7.0. 0, 6.... • https://support.f5.com/csp/article/K67472032 • CWE-287: Improper Authentication CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2020-5857
https://notcve.org/view.php?id=CVE-2020-5857
27 Mar 2020 — On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service. En BIG-IP versiones 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5 y 11.5.2-11.6.5.1, un comportamiento HTTP no revelado puede conllevar a una denegación de servicio. • https://support.f5.com/csp/article/K70275209 •
CVSS: 5.9EPSS: 0%CPEs: 45EXPL: 2CVE-2013-3587
https://notcve.org/view.php?id=CVE-2013-3587
21 Feb 2020 — The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. El protocolo HTTPS, como es usado en aplicaci... • http://breachattack.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 84EXPL: 0CVE-2020-5854
https://notcve.org/view.php?id=CVE-2020-5854
06 Feb 2020 — On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made. En BIG-IP versiones 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5 y 11.6.0-11.6.5.1, el tmm se bloquea en determinadas circunstancias cuando se usa el perfil connector si una secuencia específica de conexiones es realizada. • https://support.f5.com/csp/article/K50046200 •
CVSS: 7.5EPSS: 0%CPEs: 39EXPL: 0CVE-2020-5852
https://notcve.org/view.php?id=CVE-2020-5852
14 Jan 2020 — Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. This issue only impacts specific engineering hotfixes. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. • https://support.f5.com/csp/article/K53590702 •
CVSS: 5.3EPSS: 0%CPEs: 77EXPL: 0CVE-2014-5209
https://notcve.org/view.php?id=CVE-2014-5209
08 Jan 2020 — An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. Existe una vulnerabilidad de Divulgación de Información en los mensajes privados (modo 6/7) de NTP versión 4.2.7p25 por medio de un mensaje de control GET_RESTRICT, que podría permitir a un usuario malicioso obtener información confidencial. • https://exchange.xforce.ibmcloud.com/vulnerabilities/95841 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •