CVSS: 6.5EPSS: 0%CPEs: 72EXPL: 0CVE-2022-23023
https://notcve.org/view.php?id=CVE-2022-23023
25 Jan 2022 — On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, and BIG-IQ all versions of 8.x and 7.x, undisclosed requests by an authenticated iControl REST user can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.1.x anteriores a 16.1.2.1, 15.1.x anteriores a 15.1.5, 14.1.x anteriores a 14.1.4.5, y todas las versiones de 13.1... • https://support.f5.com/csp/article/K11742742 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 11%CPEs: 60EXPL: 2CVE-2002-20001
https://notcve.org/view.php?id=CVE-2002-20001
11 Nov 2021 — The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it c... • https://github.com/c0r0n3r/dheater • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 59EXPL: 0CVE-2021-23026
https://notcve.org/view.php?id=CVE-2021-23026
14 Sep 2021 — BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP versiones 16.0.x anteriores a 16.0.1.2, versiones 15.1.x anteriores a 15.1.3, versiones 14.1.x anteriores a 14.1.4.2, versiones 13.1.x a... • https://support.f5.com/csp/article/K53854428 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 6%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
26 Feb 2019 — If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •