Latest F5 Vulnerabilities

The cve record for the cve id does not exist.
F5 BIG-IP Next SPK>=1.5.0<=1.9.2
F5 BIG-IP Next CNF>=1.1.0<=1.3.0
F5 Traffix SDC=5.2.0=5.1.0
The cve record for the cve id does not exist.
F5 BIG-IP Next SPK>=1.5.0<=1.9.2
F5 BIG-IP Next CNF>=1.1.0<=1.3.0
F5 Traffix SDC=5.2.0=5.1.0
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced fo...
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
F5 BIG-IQ Centralized Management>=8.1.0<=8.3.0
NGINX HTTP/3 QUIC vulnerability
F5 NGINX Plus=30
F5 NGINX Open Source>=1.25.0<=1.26.0
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requir...
F5 NGINX Plus=30
F5 NGINX Open Source>=1.25.0<=1.26.0
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause other potential impact.
F5 NGINX Plus=30
F5 NGINX Open Source>=1.25.0<=1.26.0
NGINX HTTP/3 QUIC vulnerability
F5 NGINX Plus=30
F5 NGINX Open Source>=1.25.0<=1.26.0
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 12...
F5 F5OS-A=1.7.0
F5 Traffix SDC=5.2.0=5.1.0
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
F5 F5OS-A=1.7.0>=1.5.1<=1.5.2
F5 F5OS-C>=1.6.0<=1.6.2
F5 Traffix SDC=5.2.0=5.1.0
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
F5 BIG-IQ Centralized Management>=8.1.0<=8.3.0
F5 F5OS-A=1.7.0>=1.5.1<=1.5.2
F5 F5OS-C>=1.6.0<=1.6.2
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentic...
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
F5 Traffix SDC=5.1.0
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
F5 BIG-IQ Centralized Management>=8.1.0<=8.3.0
F5 F5OS-A=1.7.0>=1.5.0<=1.5.2=1.4.0>=1.3.0<=1.3.2
F5 F5OS-C>=1.6.0<=1.6.2>=1.5.0<=1.5.1
and 1 more
Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure...
F5 F5OS-A=1.7.0>=1.5.1<=1.5.2
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders...
F5 BIG-IP (iRulesLX/iAppsLX)>=17.1.0<=17.1.1
F5 BIG-IP (iRulesLX/iAppsLX)>=16.1.0<=16.1.4
F5 BIG-IP (iRulesLX/iAppsLX)>=15.1.0<=15.1.10
BIG-IP SSL vulnerability
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.2.1<=16.1.4
F5 BIG-IP>=15.1.5<=15.1.10
When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Managem...
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.2.1<=16.1.4
F5 BIG-IP>=15.1.5<=15.1.10
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in ...
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
BIG-IP Configuration utility XSS vulnerability
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-...
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
BIG-IP Configuration utility XSS vulnerability
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-...
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
BIG-IP TMUI XSS vulnerability
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
BIG-IP APM browser network access VPN client vulnerability
F5 BIG-IP (APM)=17.1.0
F5 BIG-IP (APM)>=16.1.0<=16.1.4
F5 BIG-IP (APM)>=15.1.0<=15.1.10
F5 APM Clients>=7.2.3<=7.2.4
An origin validation vulnerability exists in the BIG-IP APM browser network access VPN client, which may allow an attacker to bypass F5 endpoint inspection.
F5 BIG-IP (APM)=17.1.0
F5 BIG-IP (APM)>=16.1.0<=16.1.4
F5 BIG-IP (APM)>=15.1.0<=15.1.10
F5 APM Clients>=7.2.3<=7.2.4
BIG-IP NEXT CNF vulnerability
F5 BIG-IP Next CNF>=1.2.0<=1.2.1
Exposure of a Sensitive Information vulnerability exists in the Global Server Load Balancing (GSLB) container, which may allow an authenticated attacker with administrator role privileges to view sens...
F5 BIG-IP Next CNF>=1.2.0<=1.2.1
Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploite...
F5 BIG-IP
F5 BIG-IP>=15.1.0<=15.1.9
BIG-IP TMM tenants on VELOS and rSeries vulnerability
F5 BIG-IP
F5 BIG-IP>=15.1.0<=15.1.9
An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability ...
F5 BIG-IP Next Central Manager>=20.0.1<=20.1.0
BIG-IP Next Central Manager vulnerability
F5 BIG-IP Next Central Manager>=20.0.1<=20.1.0
When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.
F5 BIG-IP=17.1.0
F5 BIG-IP
BIG-IP IPsec vulnerability
F5 BIG-IP=17.1.0
F5 BIG-IP
An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI).
F5 BIG-IP Next Central Manager>=20.0.1<=20.1.0
BIG-IP Central Manager SQL Injection
F5 BIG-IP Next Central Manager>=20.0.1<=20.1.0
BIG-IP Next Central Manager may allow an unauthenticated, remote attacker to obtain BIG-IP Next LTM/WAF instance credentials.
F5 BIG-IP Next Central Manager>=20.0.1<=20.0.2
BIG-IP Next Central Manager vulnerability
F5 BIG-IP Next Central Manager>=20.0.1<=20.0.2
An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI).
F5 BIG-IP Next Central Manager>=20.0.1<=20.1.0
BIG-IP Central Manager OData Injection Vulnerability
F5 BIG-IP Next Central Manager>=20.0.1<=20.1.0
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Use...
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
F5 F5OS-A=1.7.0>=1.5.0<=1.5.2=1.4.0>=1.3.0<=1.3.2
F5 F5OS-C>=1.6.0<=1.6.2>=1.5.0<=1.5.1
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 m...
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as dr...
F5 F5OS-A=1.7.0>=1.5.0<=1.5.2
F5 F5OS-C>=1.6.0<=1.6.2>=1.5.0<=1.5.1
Apache HTTP Server: HTTP response splitting
ubuntu/apache2<2.4.29-1ubuntu4.27+
ubuntu/apache2<2.4.41-4ubuntu3.17
ubuntu/apache2<2.4.52-1ubuntu4.9
ubuntu/apache2<2.4.57-2ubuntu2.4
ubuntu/apache2<2.4.58-1ubuntu8.1
ubuntu/apache2<2.4.59-1
and 10 more
Apache HTTP Server: HTTP Response Splitting in multiple modules
ubuntu/apache2<2.4.29-1ubuntu4.27+
ubuntu/apache2<2.4.41-4ubuntu3.17
ubuntu/apache2<2.4.52-1ubuntu4.9
ubuntu/apache2<2.4.57-2ubuntu2.4
ubuntu/apache2<2.4.58-1ubuntu8.1
ubuntu/apache2<2.4.59-1
and 9 more
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 m...
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via ...
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may caus...
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
F5 BIG-IQ Centralized Management>=8.1.0<=8.3.0
node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation
F5 BIG-IP (iRulesLX/iAppsLX)>=17.1.0<=17.1.1
F5 BIG-IP (iRulesLX/iAppsLX)>=16.1.0<=16.1.4
F5 BIG-IP (iRulesLX/iAppsLX)>=15.1.0<=15.1.10
npm/tar<6.2.1
npm/node-tar<6.2.1
IBM Cloud Pak for Security<=1.10.0.0 - 1.10.11.0
and 2 more
Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.
F5 F5OS-A=1.7.0>=1.5.0<=1.5.2
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS...
F5 Traffix SDC=5.1.0
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For exampl...
F5 BIG-IP Next (LTM, WAF)>=20.0.1<=20.1.0
F5 BIG-IP Next Central Manager>=20.0.1<=20.1.0
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
F5 BIG-IQ Centralized Management>=8.1.0<=8.3.0
and 3 more

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203