CVSS: 7.5EPSS: 0%CPEs: 74EXPL: 0CVE-2023-22839 – BIG-IP DNS profile vulnerability
https://notcve.org/view.php?id=CVE-2023-22839
On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K37708118 • CWE-476: NULL Pointer Dereference •
CVSS: 4.6EPSS: 0%CPEs: 221EXPL: 0CVE-2020-5851
https://notcve.org/view.php?id=CVE-2020-5851
On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. This issue only impacts specific engineering hotfixes and platforms. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.0.2.0.45.4-ENG Hotfix-BIGIP-14.1.0.2.0.62.4-ENG En las versiones y plataformas afectadas, la comprobación de integridad del sistema del Trusted Platform Module (TPM) no puede detectar modificaciones en componentes específicos del sistema. Este problema solo afecta a las revisiones de ingeniería y plataformas específicas. • https://support.f5.com/csp/article/K91171450 •
CVSS: 4.6EPSS: 0%CPEs: 101EXPL: 0CVE-2019-11109
https://notcve.org/view.php?id=CVE-2019-11109
Logic issue in the subsystem for Intel(R) SPS before versions SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0 and SPS_SoC-A_04.00.04.191.0 may allow a privileged user to potentially enable denial of service via local access. Un problema lógico en el subsistema para Intel® SPS versiones anteriores a SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0 y SPS_SoC-A_04.00.04.191.0, puede permitir a un usuario privilegiado habilitar potencialmente una denegación de servicio por medio de un acceso local. • https://support.f5.com/csp/article/K54164678?utm_source=f5support&%3Butm_medium=RSS https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html •
CVSS: 9.8EPSS: 0%CPEs: 351EXPL: 0CVE-2019-6609
https://notcve.org/view.php?id=CVE-2019-6609
Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1 HF2-12.1.4, the secureKeyCapable attribute was not set which causes secure vault to not use the F5 hardware support to store the unit key. Instead the unit key is stored in plaintext on disk as would be the case for Z100 systems. Additionally this causes the unit key to be stored in UCS files taken on these platforms. • https://support.f5.com/csp/article/K18535734 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 176EXPL: 0CVE-2017-6140
https://notcve.org/view.php?id=CVE-2017-6140
On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services. En los productos BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800 y los blades VIPRION 4450 en versiones 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 o 12.1.2 de BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM o PEM, una secuencia de paquetes no revelada enviada a los servidores virtuales con perfiles SSL de cliente o servidor pueden hacer que se interrumpan los servicios de plano de datos. • http://www.securitytracker.com/id/1040042 https://support.f5.com/csp/article/K55102452 • CWE-20: Improper Input Validation •