Filtered by vendor F5 Subscriptions
Total 846 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-44487 32 Akka, Amazon, Apache and 29 more 364 Http Server, Opensearch Data Prepper, Apisix and 361 more 2024-12-20 7.5 High
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2014-0196 7 Canonical, Debian, F5 and 4 more 33 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 30 more 2024-12-19 N/A
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
CVE-2017-13315 2 F5, Google 2 Access For Android, Android 2024-12-18 7.8 High
In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-21763 1 F5 2 Big-ip, Big-ip Advanced Firewall Manager 2024-12-12 7.5 High
When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate.  NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2024-21789 1 F5 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager 2024-12-12 7.5 High
When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2024-21849 1 F5 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager 2024-12-12 7.5 High
When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-23308 1 F5 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager 2024-12-12 7.5 High
When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL with "Apply value and content signatures and detect threat campaigns."  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2024-23982 1 F5 1 Big-ip Policy Enforcement Manager 2024-12-12 7.5 High
When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files.  NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2024-21793 1 F5 1 Big-ip Next Central Manager 2024-12-12 7.5 High
An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-26026 1 F5 1 Big-ip Next Central Manager 2024-12-12 7.5 High
An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2024-32049 1 F5 1 Big-ip Next Central Manager 2024-12-12 7.4 High
BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-33612 1 F5 1 Big-ip Next Central Manager 2024-12-12 6.8 Medium
An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-7347 1 F5 2 Nginx Open Source, Nginx Plus 2024-11-21 4.7 Medium
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-45844 1 F5 1 Big-ip 2024-11-21 7.2 High
BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-33608 1 F5 1 Big-ip 2024-11-21 7.5 High
When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-31156 1 F5 1 Big-ip 2024-11-21 8 High
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2023-5450 2 Apple, F5 2 Macos, Big-ip Access Policy Manager 2024-11-21 7.3 High
An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2023-46748 1 F5 20 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 17 more 2024-11-21 8.8 High
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2023-46747 1 F5 20 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 17 more 2024-11-21 9.8 Critical
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2023-45886 2 F5, Ipinfusion 6 Big-ip Global Traffic Manager, Big-ip Local Traffic Manager, Big-ip Next and 3 more 2024-11-21 7.5 High
The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute.