CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-23050
https://notcve.org/view.php?id=CVE-2021-23050
14 Sep 2021 — On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP Advanced WAF y BIG-IP ASM versiones 16.0.x anteriores a 16.0.1.2 y versiones 15.1.x anteriores a 15.1.3... • https://support.f5.com/csp/article/K44553214 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-23053
https://notcve.org/view.php?id=CVE-2021-23053
14 Sep 2021 — On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En versiones 15.1.x anteriores a 15.1.3, 14.1.x anteriores... • https://support.f5.com/csp/article/K36942191 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-23052
https://notcve.org/view.php?id=CVE-2021-23052
14 Sep 2021 — On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious user to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En versiones 14.1.x anteriores a 14.1.4.4 y en todas las versiones de 13.1.x, se presenta una vulnerabilidad de redirección abierta en los servidores virtuales habilit... • https://support.f5.com/csp/article/K32734107 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2021-23051
https://notcve.org/view.php?id=CVE-2021-23051
14 Sep 2021 — On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP on Amazon Web Services (AWS) systems, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This is due to an incomplete fix for CVE-2020-5862. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 15.1.0.4 hasta 15.1.3 , cuando es usado el controlador Data Plane Development ... • https://support.f5.com/csp/article/K01153535 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-23022
https://notcve.org/view.php?id=CVE-2021-23022
10 Jun 2021 — On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En las versiones 7.2.1.x anteriores a 7.2.1.3 y versiones 7.1.x anteriores a 7.1.9.9 Update 1, la carpeta temporal del servicio de instalación de Windows de BIG-IP Edge Client tiene permisos débiles de archivos y carpetas. Nota: Las versiones ... • https://support.f5.com/csp/article/K08503505 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-23023
https://notcve.org/view.php?id=CVE-2021-23023
10 Jun 2021 — On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En las versiones 7.2.1.x anterior a 7.2.1.3 y 7.1.x anterior a 7.1.9.9 Update 1, existe un problema de secuestro de DLL en la biblioteca cachecleaner.dll incluida en el instalador de Windows de BIG-IP Edge Client. Nota: Las versiones de software ... • https://support.f5.com/csp/article/K33757590 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.0EPSS: 2%CPEs: 3EXPL: 2CVE-2021-23024 – F5 BIG-IQ VE 8.0.0-2923215 Remote Root
https://notcve.org/view.php?id=CVE-2021-23024
10 Jun 2021 — On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En la versión 8.0.x anterior a 8.0.0.1, y en todas las versiones 6.x y 7.x, la utilidad BIG-IQ Configuration tiene una vulnerabilidad de ejecución de comandos remotos autenticados en páginas no reveladas. Nota: Las versiones de software que... • https://packetstorm.news/files/id/163264 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-20005 – Ubuntu Security Notice USN-5109-1
https://notcve.org/view.php?id=CVE-2017-20005
06 Jun 2021 — NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module. NGINX versiones anteriores a 1.13.6, presenta un desbordamiento de búfer para los años que superan los cuatro dígitos, como es demostrado por un archivo con una fecha de modificación en 1969 que causa un desbordamiento de enteros (o una falsa fecha de ... • http://nginx.org/en/CHANGES • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23021
https://notcve.org/view.php?id=CVE-2021-23021
01 Jun 2021 — The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644. El archivo de configuración /etc/controller-agent/agent.conf del agente de Nginx Controller 3.x versiones anteriores a la 3.7.0 es world readable con los bits de permiso actuales establecidos en 644 • https://support.f5.com/csp/article/K36926027 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23020
https://notcve.org/view.php?id=CVE-2021-23020
01 Jun 2021 — The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys. Las claves de la API de NAAS 3.x anteriores a la 3.10.0 se generaron usando una cadena pseudoaleatoria no segura y un algoritmo hash que podría conllevar a claves predecibles • https://support.f5.com/csp/article/K45263486 • CWE-330: Use of Insufficiently Random Values •