CVSS: 6.5EPSS: 0%CPEs: 66EXPL: 0CVE-2021-23043
https://notcve.org/view.php?id=CVE-2021-23043
14 Sep 2021 — On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to access arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP, en todas las versiones 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x y 11.6.x, se presenta una vulnerabilidad de salto de directorio en una página no divulgada de ... • https://support.f5.com/csp/article/K63163637 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 55EXPL: 0CVE-2021-23041
https://notcve.org/view.php?id=CVE-2021-23041
14 Sep 2021 — On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En versiones 16.0.x anteriores a 16.0.1.2, versiones 15.1.x anterio... • https://support.f5.com/csp/article/K42526507 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2021-23049
https://notcve.org/view.php?id=CVE-2021-23049
14 Sep 2021 — On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, when the iRules RESOLVER::summarize command is used on a virtual server, undisclosed requests can cause an increase in Traffic Management Microkernel (TMM) memory utilization resulting in an out-of-memory condition and a denial-of-service (DoS). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.2 y versiones 15.1.x anteriores a 15.1.3, cuando es usado ... • https://support.f5.com/csp/article/K65397301 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 66EXPL: 0CVE-2021-23048
https://notcve.org/view.php?id=CVE-2021-23048
14 Sep 2021 — On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when GPRS Tunneling Protocol (GTP) iRules commands or a GTP profile is configured on a virtual server, undisclosed GTP messages can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.2, versiones 15.1.x anter... • https://support.f5.com/csp/article/K19012930 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 32EXPL: 1CVE-2021-23007
https://notcve.org/view.php?id=CVE-2021-23007
31 Mar 2021 — On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic Management Microkernel (TMM) process handles certain undisclosed traffic, it may start dropping all fragmented IP traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 14.1.4 y 16.0.1.1, cuando el proceso Traffic Management Microkernel (TMM) maneja cierto tráfico no revelado, puede comenzar a eliminar todo el tráfico IP fragmentado. Nota: No se evalúan las versiones de softwa... • https://support.f5.com/csp/article/K37451543 •