CVSS: 7.8EPSS: 0%CPEs: 78EXPL: 0CVE-2023-43611 – BIG-IP Edge Client for macOS vulnerability
https://notcve.org/view.php?id=CVE-2023-43611
10 Oct 2023 — The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated El instalador del cliente BIG-IP Edge en macOS no sigue las mejores prácticas para elevar los privilegios durante el proceso de instalación. Esta vulnerabilidad se debe a una solución incompleta para CVE-2023-38418. Nota:... • https://my.f5.com/manage/s/article/K000136185 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-5450 – BIG-IP Edge Client for macOS vulnerability
https://notcve.org/view.php?id=CVE-2023-5450
10 Oct 2023 — An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una verificación insuficiente de la vulnerabilidad de los datos en BIG-IP Edge Client Installer en macOS que puede permitir que un atacante aumente sus privilegios durante el proceso de instalación. Nota: Las versiones de softwa... • https://my.f5.com/manage/s/article/K000135040 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-24461 – BIG-IP Edge Client for Windows and macOS vulnerability
https://notcve.org/view.php?id=CVE-2023-24461
03 May 2023 — An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not eva... • https://my.f5.com/manage/s/article/K000132539 • CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2023-22372 – BIG-IP Edge Client for Windows and Mac OS vulnerability
https://notcve.org/view.php?id=CVE-2023-22372
03 May 2023 — In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000132522 • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-22358 – BIG-IP Edge Client for Windows vulnerability
https://notcve.org/view.php?id=CVE-2023-22358
01 Feb 2023 — In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K76964818 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-22283 – BIG-IP Edge Client for Windows vulnerability
https://notcve.org/view.php?id=CVE-2023-22283
01 Feb 2023 — On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K07143733 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.9EPSS: 14%CPEs: 45EXPL: 2CVE-2013-3587
https://notcve.org/view.php?id=CVE-2013-3587
21 Feb 2020 — The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. El protocolo HTTPS, como es usado en aplicaci... • http://breachattack.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 77EXPL: 0CVE-2014-5209
https://notcve.org/view.php?id=CVE-2014-5209
08 Jan 2020 — An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. Existe una vulnerabilidad de Divulgación de Información en los mensajes privados (modo 6/7) de NTP versión 4.2.7p25 por medio de un mensaje de control GET_RESTRICT, que podría permitir a un usuario malicioso obtener información confidencial. • https://exchange.xforce.ibmcloud.com/vulnerabilities/95841 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 52EXPL: 0CVE-2019-6608
https://notcve.org/view.php?id=CVE-2019-6608
28 Mar 2019 — On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, the snmpd daemon may leak memory on a multi-blade BIG-IP vCMP guest when processing authorized SNMP requests. En BIG-IP, 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1 y 14.0.0-14.0.0.2, bajo ciertas circunstancias, el demonio snmpd podría divulgar memoria en un invitado BIG-IP vCMP con varios blades al procesar peticiones SNMP autorizadas. • https://support.f5.com/csp/article/K12139752 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.8EPSS: 0%CPEs: 65EXPL: 0CVE-2019-6604
https://notcve.org/view.php?id=CVE-2019-6604
28 Mar 2019 — On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, hardware systems with a High-Speed Bridge and using non-default Layer 2 forwarding configurations may experience a lockup of the High-Speed Bridge. En BIG-IP, en versiones 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1 y 14.0.0-14.0.0.2, en determinadas circunstancias, los sistemas de hardware con un puente de velocidad alta que utilizan configuraciones de reenvío de la ca... • https://support.f5.com/csp/article/K26455071 •