CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27202 – BIG-IP TMUI XSS vulnerability
https://notcve.org/view.php?id=CVE-2024-27202
A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de cross site scripting (XSS) basada en DOM en una página no revelada de la utilidad de configuración BIG-IP que permite a un atacante ejecutar JavaScript en el contexto del usuario actualmente conectado. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000138520 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-25560 – TMM Vulnerability
https://notcve.org/view.php?id=CVE-2024-25560
When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Cuando se otorga licencia y aprovisionamiento de BIG-IP AFM, el tráfico DNS no divulgado puede provocar la finalización del Microkernel de gestión de tráfico (TMM). Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000139037 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33608 – BIG-IP IPsec vulnerability
https://notcve.org/view.php?id=CVE-2024-33608
When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Cuando se configura IPsec en un servidor virtual, el tráfico no divulgado puede provocar la finalización del Microkernel de gestión de tráfico (TMM). Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000138728 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-28883 – BIG-IP APM browser network access VPN client vulnerability
https://notcve.org/view.php?id=CVE-2024-28883
An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de validación de origen en el cliente VPN de acceso a la red del navegador BIG-IP APM para Windows, macOS y Linux que puede permitir a un atacante eludir la inspección del endpoint F5. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000138744 • CWE-346: Origin Validation Error •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24990 – NGINX HTTP/3 QUIC vulnerability
https://notcve.org/view.php?id=CVE-2024-24990
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Cuando NGINX Plus o NGINX OSS están configurados para usar el módulo HTTP/3 QUIC, las solicitudes no divulgadas pueden hacer que los procesos de trabajo de NGINX finalicen. Nota: El módulo HTTP/3 QUIC no está habilitado de forma predeterminada y se considera experimental. Para obtener más información, consulte Compatibilidad con QUIC y HTTP/3 https://nginx.org/en/docs/quic.html. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan • http://www.openwall.com/lists/oss-security/2024/05/30/4 https://my.f5.com/manage/s/article/K000138445 • CWE-416: Use After Free •