CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24966 – F5OS vulnerability
https://notcve.org/view.php?id=CVE-2024-24966
14 Feb 2024 — When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Cuando se configura la autenticación remota LDAP en F5OS, un usuario remoto sin una función asignada será autorizado incorrectamente. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000133111 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23607 – F5OS QKView utility vulnerability
https://notcve.org/view.php?id=CVE-2024-23607
14 Feb 2024 — A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de directory traversal en la utilidad F5OS QKView que permite a un atacante autenticado leer archivos fuera del directorio QKView. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000132800 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36494 – F5OS-A vulnerability
https://notcve.org/view.php?id=CVE-2023-36494
02 Aug 2023 — Audit logs on F5OS-A may contain undisclosed sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Los registros de auditoría de F5OS-A pueden contener información confidencial no revelada. Nota: No se evalúan las versiones de software que han alcanzado el fin del soporte técnico (EoTS). • https://my.f5.com/manage/s/article/K000134922 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22657 – F5OS vulnerability
https://notcve.org/view.php?id=CVE-2023-22657
01 Feb 2023 — On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K06345931 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41835 – F5OS vulnerability CVE-2022-41835
https://notcve.org/view.php?id=CVE-2022-41835
19 Oct 2022 — In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller. En F5OS-A versiones 1.x y anteriores a 1.1.0 y en versión 1.x de F5OS-C anteriores a 1.5.0, un exceso de permisos de archivos en F5OS permite a un atacante local autenticado ejecutar un conjunto limitado de comandos en un contenedor y afectar al controlador de F5OS • https://support.f5.com/csp/article/K33484483 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41780 – F5OS CLI vulnerability CVE-2022-41780
https://notcve.org/view.php?id=CVE-2022-41780
19 Oct 2022 — In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary files. En F5OS-A versión 1.x antes de 1.1.0 y F5OS-C versión 1.x antes de 1.4.0, se presenta una vulnerabilidad de salto de directorios en una ubicación no revelada de la CLI de F5OS que permite a un atacante leer archivos arbitrarios • https://support.f5.com/csp/article/K81701735 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25990
https://notcve.org/view.php?id=CVE-2022-25990
05 May 2022 — On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated En las versiones 1.0.x anteriores a 1.0.1, los sistemas que ejecutan el software F5OS-A pueden exponer determinados puertos del registro de forma externa. Nota: Las versiones de software que han alcanzado el Fin del Soporte Técnico (EoTS) no son evaluadas • https://support.f5.com/csp/article/K44233515 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 4%CPEs: 60EXPL: 2CVE-2002-20001
https://notcve.org/view.php?id=CVE-2002-20001
11 Nov 2021 — The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it c... • https://github.com/c0r0n3r/dheater • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.0EPSS: 94%CPEs: 26EXPL: 11CVE-2021-40438 – Apache HTTP Server-Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2021-40438
16 Sep 2021 — A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. Un uri-path diseñado puede causar que mod_proxy reenvíe la petición a un servidor de origen elegido por el usuario remoto. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores A Server-Side Request Forgery (SSRF) flaw was found in mod_proxy of httpd. This flaw allows a remote, unauthenticated attacker to make the ht... • https://github.com/sixpacksecurity/CVE-2021-40438 • CWE-918: Server-Side Request Forgery (SSRF) •