CVSS: 7.5EPSS: 0%CPEs: 95EXPL: 0CVE-2023-27378 – BIG-IP TMUI XSS vulnerability
https://notcve.org/view.php?id=CVE-2023-27378
03 May 2023 — Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000132726 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 58EXPL: 0CVE-2023-24594 – BIG-IP TMM SSL vulnerability
https://notcve.org/view.php?id=CVE-2023-24594
03 May 2023 — When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000133132 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 3.7EPSS: 0%CPEs: 76EXPL: 0CVE-2022-41983 – BIG-IP TMM Vulnerability CVE-2022-41983
https://notcve.org/view.php?id=CVE-2022-41983
19 Oct 2022 — On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied. En plataformas de hardware específicas, En BIG-IP versiones 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.7, 14.1.x anteriores a 14.1.5.1 y todas las versiones de la 13.1.x, mi... • https://support.f5.com/csp/article/K31523465 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 4%CPEs: 60EXPL: 2CVE-2002-20001
https://notcve.org/view.php?id=CVE-2002-20001
11 Nov 2021 — The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it c... • https://github.com/c0r0n3r/dheater • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 77EXPL: 0CVE-2014-5209
https://notcve.org/view.php?id=CVE-2014-5209
08 Jan 2020 — An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. Existe una vulnerabilidad de Divulgación de Información en los mensajes privados (modo 6/7) de NTP versión 4.2.7p25 por medio de un mensaje de control GET_RESTRICT, que podría permitir a un usuario malicioso obtener información confidencial. • https://exchange.xforce.ibmcloud.com/vulnerabilities/95841 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 78EXPL: 0CVE-2019-6633
https://notcve.org/view.php?id=CVE-2019-6633
03 Jul 2019 — On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource Administrator roles can bypass Appliance mode restrictions. En BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, y 11.5.1-11.6.4, cuando el BIG-IP El sistema tiene licencia con el modo de dispositivo, las cuentas de usuario con roles de administrador y administrador de recursos pueden om... • http://www.securityfocus.com/bid/109113 •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2019-6631
https://notcve.org/view.php?id=CVE-2019-6631
03 Jul 2019 — On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs. En BIG-IP 11.5.1-11.6.4, los iRules que realizan la manipulación del encabezado HTTP pueden causar una interrupción en el servicio cuando se procesa el tráfico manejado por un servidor virtual con un perfil HTTP asociado, en circunstancias espe... • http://www.securityfocus.com/bid/109119 •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2019-6629
https://notcve.org/view.php?id=CVE-2019-6629
03 Jul 2019 — On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to the control plane. En BIG-IP 14.1.0-14.1.0.5, el tráfico SSL no difundido a un servidor virtual configurado con un perfil SSL del Cliente puede hacer que TMM falle y se reinicie. El perfil SSL del cliente debe tene... • https://support.f5.com/csp/article/K95434410 •
CVSS: 6.1EPSS: 0%CPEs: 65EXPL: 0CVE-2019-6625
https://notcve.org/view.php?id=CVE-2019-6625
03 Jul 2019 — On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI) also known as the BIG-IP Configuration utility. En BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, y 11.5.1-11.6.4, un Cross-Site reflejado Existe una vulnerabilidad de scripting (XSS) en una página no revelada de la Interfaz de usuario de gestión de trá... • https://support.f5.com/csp/article/K79902360 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 65EXPL: 0CVE-2019-6615
https://notcve.org/view.php?id=CVE-2019-6615
03 May 2019 — On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems. En BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, y 11.5.2-11.5.8, los roles de Administrador y "Resource Administrator" podrían explotar el acceso TMSH saltandose las restricciones del "Appliance Mode" en sistemas BIG-IP. • http://www.securityfocus.com/bid/108189 •