CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45844 – BIG-IP monitors vulnerability
https://notcve.org/view.php?id=CVE-2024-45844
16 Oct 2024 — BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. La función de monitorización de BIG-IP puede permitir que un atacante eluda las restricciones de control de acceso, independientemente de la configuración de bloqueo de puertos. Nota: Las versiones de software que han alcanzado el fin del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000140061 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47139 – F5 BIG-IQ Vulnerability
https://notcve.org/view.php?id=CVE-2024-47139
16 Oct 2024 — A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility that allows an attacker with the Administrator role to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de cross-site scripting (XSS) almacenado en una página no revelada de la utilidad de configuración de BIG-IQ que permite a un atacante con el rol de administr... • https://my.f5.com/manage/s/article/K000141080 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21781
https://notcve.org/view.php?id=CVE-2024-21781
16 Sep 2024 — Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01071.html • CWE-20: Improper Input Validation •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21829
https://notcve.org/view.php?id=CVE-2024-21829
16 Sep 2024 — Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01071.html • CWE-20: Improper Input Validation •
CVSS: 8.7EPSS: 0%CPEs: 46EXPL: 0CVE-2023-43626
https://notcve.org/view.php?id=CVE-2023-43626
16 Sep 2024 — Improper access control in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01071.html • CWE-284: Improper Access Control •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23599
https://notcve.org/view.php?id=CVE-2024-23599
16 Sep 2024 — Race condition in Seamless Firmware Updates for some Intel(R) reference platforms may allow a privileged user to potentially enable denial of service via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01071.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7634 – NGINX Agent Vulnerability
https://notcve.org/view.php?id=CVE-2024-7634
22 Aug 2024 — NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory. • https://my.f5.com/manage/s/article/K000140630 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7347 – NGINX MP4 module vulnerability
https://notcve.org/view.php?id=CVE-2024-7347
14 Aug 2024 — NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions w... • https://my.f5.com/manage/s/article/K000140529 • CWE-126: Buffer Over-read •
CVSS: 8.7EPSS: 1%CPEs: 2EXPL: 0CVE-2024-39792 – NGINX Plus MQTT vulnerability
https://notcve.org/view.php?id=CVE-2024-39792
14 Aug 2024 — When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000140108 • CWE-825: Expired Pointer Dereference •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37028 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2024-37028
14 Aug 2024 — BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000139938 • CWE-645: Overly Restrictive Account Lockout Mechanism •