CVSS: 6.5EPSS: 0%CPEs: 72EXPL: 0CVE-2022-23023
https://notcve.org/view.php?id=CVE-2022-23023
25 Jan 2022 — On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, and BIG-IQ all versions of 8.x and 7.x, undisclosed requests by an authenticated iControl REST user can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.1.x anteriores a 16.1.2.1, 15.1.x anteriores a 15.1.5, 14.1.x anteriores a 14.1.4.5, y todas las versiones de 13.1... • https://support.f5.com/csp/article/K11742742 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2022-23026
https://notcve.org/view.php?id=CVE-2022-23026
25 Jan 2022 — On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP ASM & Advanced WAF versión 16.1.x anteriores a 16.1.2, 15.1.x anteriores a 15.1.4.1, 14.1.x anter... • https://support.f5.com/csp/article/K08402414 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 0CVE-2022-23017
https://notcve.org/view.php?id=CVE-2022-23017
25 Jan 2022 — On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when a virtual server is configured with a DNS profile with the Rapid Response Mode setting enabled and is configured on a BIG-IP system, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.x anteriores a 16.1.0, 15.1.x anteriores a 15.1.4.1, 14.1... • https://support.f5.com/csp/article/K28042514 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2022-23012
https://notcve.org/view.php?id=CVE-2022-23012
25 Jan 2022 — On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 15.1.x anteriores a 15.1.4.1 y 14.1.x anteriores a 14.1.4.5, cuando es configurado el perfil HTTP/2 en un servidor virtual, las peticiones no reveladas pueden causar una terminación d... • https://support.f5.com/csp/article/K26310765 • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2022-23016
https://notcve.org/view.php?id=CVE-2022-23016
25 Jan 2022 — On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En las versiones 16.1.x antes de 16.1.2 y 15.1.x antes de 15.1.4.1, cuando BIG-IP SSL Forward Proxy con TLS versión 1.3 está configurado en un servidor virtual, las peticiones no reveladas pued... • https://support.f5.com/csp/article/K91013510 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2022-23015
https://notcve.org/view.php?id=CVE-2022-23015
25 Jan 2022 — On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14.1.2.6-14.1.4.4, when a Client SSL profile is configured on a virtual server with Client Certificate Authentication set to request/require and Session Ticket enabled and configured, processing SSL traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.x anteriores a 16.1.0, 15.1.x anteriores a 15.1.4.1 y 14.1.2.6-14.1... • https://support.f5.com/csp/article/K08476614 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 69EXPL: 0CVE-2022-23011
https://notcve.org/view.php?id=CVE-2022-23011
25 Jan 2022 — On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 and 14.1.x before 14.1.3, virtual servers may stop responding while processing TCP traffic due to an issue in the SYN Cookie Protection feature. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En determinadas plataformas de hardware BIG-IP, en la versión 15.1.x anteriores a 15.1.4 y 14.1.x anteriores a 14.1.3, los servidores virtuales pueden dejar de responder mientras procesan el tráfico TCP ... • https://support.f5.com/csp/article/K68755210 • CWE-682: Incorrect Calculation •
CVSS: 7.5EPSS: 0%CPEs: 66EXPL: 0CVE-2022-23010
https://notcve.org/view.php?id=CVE-2022-23010
25 Jan 2022 — On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile and an HTTP profile are configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.x anteriores a 16.1.0, 15.1.x anteriores a 15.1.4.1, 14.1.x anteriores a 14.1.4.4 y todas las versiones de ... • https://support.f5.com/csp/article/K34360320 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 2%CPEs: 60EXPL: 2CVE-2002-20001
https://notcve.org/view.php?id=CVE-2002-20001
11 Nov 2021 — The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it c... • https://github.com/c0r0n3r/dheater • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 59EXPL: 0CVE-2021-23026
https://notcve.org/view.php?id=CVE-2021-23026
14 Sep 2021 — BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP versiones 16.0.x anteriores a 16.0.1.2, versiones 15.1.x anteriores a 15.1.3, versiones 14.1.x anteriores a 14.1.4.2, versiones 13.1.x a... • https://support.f5.com/csp/article/K53854428 • CWE-352: Cross-Site Request Forgery (CSRF) •