CVSS: 7.5EPSS: 0%CPEs: 70EXPL: 0CVE-2021-23013
https://notcve.org/view.php?id=CVE-2021-23013
10 May 2021 — On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, the Traffic Management Microkernel (TMM) may stop responding when processing Stream Control Transmission Protocol (SCTP) traffic under certain conditions. This vulnerability affects TMM by way of a virtual server configured with an SCTP profile. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.0.x anteri... • https://support.f5.com/csp/article/K04234247 •
CVSS: 7.5EPSS: 0%CPEs: 84EXPL: 0CVE-2021-23011
https://notcve.org/view.php?id=CVE-2021-23011
10 May 2021 — On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, when the BIG-IP system is buffering packet fragments for reassembly, the Traffic Management Microkernel (TMM) may consume an excessive amount of resources, eventually leading to a restart and failover event. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En las versiones 16.0.x anteriores a 16.0.1.1, versiones 1... • https://support.f5.com/csp/article/K10751325 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 32EXPL: 1CVE-2021-23007
https://notcve.org/view.php?id=CVE-2021-23007
31 Mar 2021 — On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic Management Microkernel (TMM) process handles certain undisclosed traffic, it may start dropping all fragmented IP traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 14.1.4 y 16.0.1.1, cuando el proceso Traffic Management Microkernel (TMM) maneja cierto tráfico no revelado, puede comenzar a eliminar todo el tráfico IP fragmentado. Nota: No se evalúan las versiones de softwa... • https://support.f5.com/csp/article/K37451543 •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2021-22977
https://notcve.org/view.php?id=CVE-2021-22977
12 Feb 2021 — On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation between malicious HTTP client code and a malicious server may cause TMM to restart and generate a core file. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.0-16.0.1 y 14.1.2.4-14.1.3, una cooperación entre el código de cliente HTTP malicioso y un servidor malicioso puede hacer a TMM reinicie y genere un archivo core. Nota: No son evaluadas las versiones de software... • https://support.f5.com/csp/article/K14693346 •
CVSS: 8.3EPSS: 0%CPEs: 84EXPL: 0CVE-2021-22978
https://notcve.org/view.php?id=CVE-2021-22978
12 Feb 2021 — On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP if the victim user is granted the admin role. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1, versiones 15.1.x anteriores a 15.1.1, versiones 14... • https://support.f5.com/csp/article/K87502622 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 70EXPL: 0CVE-2021-22979
https://notcve.org/view.php?id=CVE-2021-22979
12 Feb 2021 — On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.2.8, 13.1.x before 13.1.3.5, and all 12.1.x versions, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility when Fraud Protection Service is provisioned and allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.... • https://support.f5.com/csp/article/K63497634 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 58EXPL: 0CVE-2021-22974
https://notcve.org/view.php?id=CVE-2021-22974
12 Feb 2021 — On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level. This vulnerability is due to an incomplete fix for CVE-2017-6167. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP ve... • https://support.f5.com/csp/article/K68652018 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 42EXPL: 0CVE-2021-22975
https://notcve.org/view.php?id=CVE-2021-22975
12 Feb 2021 — On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel (TMM) may restart on the BIG-IP system while passing large bursts of traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.2.1 y versiones 14.1.x anteriores a 14.1.3.1, en algunas circunstancias, Traffic Management Microkern... • https://support.f5.com/csp/article/K21971977 •
CVSS: 7.5EPSS: 0%CPEs: 56EXPL: 0CVE-2020-5939
https://notcve.org/view.php?id=CVE-2020-5939
05 Nov 2020 — In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, and 13.1.0-13.1.3.4, BIG-IP Virtual Edition (VE) systems on VMware, with an Intel-based 85299 Network Interface Controller (NIC) card and Single Root I/O Virtualization (SR-IOV) enabled on vSphere, may fail and leave the Traffic Management Microkernel (TMM) in a state where it cannot transmit traffic. En las versiones 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6 y 13.1.0-13.1.3.4, BIG-IP Virtual Edition (VE... • https://support.f5.com/csp/article/K75111593 •