CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-22283 – BIG-IP Edge Client for Windows vulnerability
https://notcve.org/view.php?id=CVE-2023-22283
On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K07143733 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.9EPSS: 0%CPEs: 45EXPL: 2CVE-2013-3587
https://notcve.org/view.php?id=CVE-2013-3587
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. El protocolo HTTPS, como es usado en aplicaciones web no especificadas, puede cifrar datos comprimidos sin ofuscar apropiadamente la longitud de los datos no cifrados, facilitando a atacantes de tipo "man-in-the-middle" obtener valores secretos en texto plano al observar las diferencias de longitud durante una serie de adivinaciones en las que una cadena en una URL de peticiones HTTP coincide potencialmente con una cadena desconocida en un cuerpo de respuesta HTTP, también se conoce como ataque "BREACH", un problema diferente de CVE-2012-4929. • http://breachattack.com http://github.com/meldium/breach-mitigation-rails http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407 http://slashdot.org/story/13/08/05/233216 http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf http://www.kb.cert.org/vuls/id/987798 https://bugzilla.redhat.com/show_bug.cgi?id=995168 https://hackerone.com/reports/254895 https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apach • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 77EXPL: 0CVE-2014-5209
https://notcve.org/view.php?id=CVE-2014-5209
An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. Existe una vulnerabilidad de Divulgación de Información en los mensajes privados (modo 6/7) de NTP versión 4.2.7p25 por medio de un mensaje de control GET_RESTRICT, que podría permitir a un usuario malicioso obtener información confidencial. • https://exchange.xforce.ibmcloud.com/vulnerabilities/95841 https://support.f5.com/csp/article/K44942017 https://support.f5.com/csp/article/K44942017?utm_source=f5support&%3Butm_medium=RSS • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-5529
https://notcve.org/view.php?id=CVE-2018-5529
The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or disrupt service. El componente svpn del cliente F5 BIG-IP APM en versiones anteriores a la 7.1.7 para Linux y Mac OS X se ejecuta como proceso privilegiado y puede permitir que un usuario sin privilegios asuma privilegios de superusuario en el host del cliente local. Un usuario local malicioso no privilegiado podría obtener conocimientos de información sensible, manipular ciertos datos o interrumpir el servicio. • http://www.securityfocus.com/bid/104730 https://github.com/mirchr/security-research/blob/master/vulnerabilities/F5/CVE-2018-5529.txt https://support.f5.com/csp/article/K52171282 •
CVSS: 5.9EPSS: 0%CPEs: 22EXPL: 0CVE-2014-4024
https://notcve.org/view.php?id=CVE-2014-4024
SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used with third-party Secure Sockets Layer (SSL) accelerator cards, might allow remote attackers to have unspecified impact via a timing side-channel attack. Los servidores virtuales SSL en sistemas F5 BIG-IP, en versiones 10.x anteriores a la 10.2.4 HF9, versiones 11.x anteriores a la 11.2.1 HF12, versiones 11.3.0 anteriores a la HF10, versiones 11.4.0 anteriores a la HF8, versiones 11.4.1 anteriores a la HF5, versiones 11.5.0 anteriores a la HF5 y versiones 11.5.1 anteriores a la HF5, al emplearse con tarjetas de aceleración SSL (Secure Sockets Layer) de terceros, podrían permitir que atacantes remotos provoquen un impacto sin especificar mediante un ataque de sincronización de canal lateral. • https://exchange.xforce.ibmcloud.com/vulnerabilities/95834 https://support.f5.com/csp/article/K15500 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •