Filtered by vendor F5
Subscriptions
Total
868 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21771 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2025-03-24 | 7.5 High |
| For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel (TMM) restarting and traffic disruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2021-40438 | 10 Apache, Broadcom, Debian and 7 more | 25 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 22 more | 2025-03-21 | 9 Critical |
| A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. | ||||
| CVE-2024-24990 | 1 F5 | 2 Nginx Open Source, Nginx Plus | 2025-02-13 | 7.5 High |
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2024-24989 | 1 F5 | 2 Nginx Open Source, Nginx Plus | 2025-02-13 | 7.5 High |
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2024-35200 | 2 F5, Fedoraproject | 4 Nginx, Nginx Open Source, Nginx Plus and 1 more | 2025-02-13 | 5.3 Medium |
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. | ||||
| CVE-2024-34161 | 2 F5, Fedoraproject | 4 Nginx, Nginx Open Source, Nginx Plus and 1 more | 2025-02-13 | 5.3 Medium |
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory. | ||||
| CVE-2024-32760 | 2 F5, Fedoraproject | 4 Nginx, Nginx Open Source, Nginx Plus and 1 more | 2025-02-13 | 6.5 Medium |
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact. | ||||
| CVE-2024-31079 | 2 F5, Fedoraproject | 3 Nginx Open Source, Nginx Plus, Fedora | 2025-02-13 | 4.8 Medium |
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over. | ||||
| CVE-2023-28656 | 1 F5 | 3 Nginx Api Connectivity Manager, Nginx Instance Manager, Nginx Security Monitoring | 2025-02-13 | 8.1 High |
| NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-46748 | 1 F5 | 20 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 17 more | 2025-02-13 | 8.8 High |
| An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2023-1550 | 1 F5 | 2 Nginx Agent, Nginx Instance Manager | 2025-02-13 | 5.5 Medium |
| Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note: NGINX Agent is included with NGINX Instance Manager and used in conjunction with NGINX API Connectivity Manager, and NGINX Management Suite Security Monitoring. | ||||
| CVE-2023-27729 | 1 F5 | 1 Njs | 2025-02-12 | 7.5 High |
| Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c. | ||||
| CVE-2023-27727 | 1 F5 | 1 Njs | 2025-02-12 | 7.5 High |
| Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h. | ||||
| CVE-2023-27730 | 1 F5 | 1 Njs | 2025-02-11 | 7.5 High |
| Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c. | ||||
| CVE-2023-27728 | 1 F5 | 1 Njs | 2025-02-11 | 7.5 High |
| Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c. | ||||
| CVE-2023-29240 | 1 F5 | 1 Big-iq Centralized Management | 2025-02-03 | 5.4 Medium |
| An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-29163 | 1 F5 | 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more | 2025-02-03 | 7.5 High |
| When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-28742 | 1 F5 | 1 Big-ip Domain Name System | 2025-02-03 | 7.2 High |
| When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-22372 | 3 Apple, F5, Microsoft | 3 Macos, Big-ip Access Policy Manager, Windows | 2025-01-29 | 5.9 Medium |
| In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-24461 | 3 Apple, F5, Microsoft | 3 Macos, Big-ip Access Policy Manager, Windows | 2025-01-29 | 7.4 High |
| An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||