F5 Latest Vulnerabilities
August 14
NGINX Open Source and NGINX Plus Vulnerability Permits Over-read of Worker Memory
CVE-2024-7347
F5Nginx Open Source4.7MEDIUM
Undisclosed Requests Can Cause Memory Resource Utilization Increase in NGINX Plus
CVE-2024-39792
F5Nginx Plus7.5HIGH
F5 BIG-IP Next Central Manager Vulnerability Allows for Unauthorized Account Lockouts
CVE-2024-37028
F5Big-ip Next Central Ma...5.3MEDIUM
User Session Refresh Token No Longer Expiring After Logout
CVE-2024-39809
F5Big-ip Next Central Ma...8.8HIGH
BIG-IP Next Logs Include F5 iHealth Credentials
CVE-2024-41719
F5Big-ip Next Central Ma...5.5MEDIUM
Memory Resource Utilization Increase in BIG-IP Tenants on Certain Hardware
CVE-2024-41727
F5Big-ip7.5HIGH
Traffic Termination Due to Unforeseen Circumstances in Virtual Servers
CVE-2024-41164
F5Big-ip7.5HIGH
Undisclosed Requests Can Cause TMM Termination in BIG-IP with High-Speed Bridge (HSB)
CVE-2024-39778
F5Big-ip7.5HIGH
F5 BIG-IP iControl REST Vulnerability Leads to User Account Name Leak
CVE-2024-41723
F5Big-ip4.3MEDIUM
May 29
Memory Leak in NGINX Plus Due to Undisclosed QUIC Packets
CVE-2024-34161
F5Nginx Open Source5.3MEDIUM
Undisclosed HTTP/3 Requests Can Cause NGINX Worker Processes to Terminate
CVE-2024-35200
F5Nginx Open Source5.3MEDIUM
Undisclosed HTTP/3 Encoder Instructions Can Cause NGINX Worker Processes to Terminate
CVE-2024-32760
F5Nginx Open Source6.5MEDIUM
Undisclosed HTTP/3 Requests Can Cause NGINX Worker Processes to Terminate
CVE-2024-31079
F5Nginx Open Source4.8MEDIUM
May 8
Potential Data Leak in BIG-IP TMMs on VELOS and rSeries Platforms
CVE-2024-32761
F5Big-ip6.5MEDIUM
F5 Networks BIG-IP Next Central Manager API SQL Injection Vulnerability
CVE-2024-26026
F5Big-ip Next Central Ma...😄👾7.5HIGH
OData Injection Vulnerability in F5 Networks' BIG-IP Next Central Manager API
CVE-2024-21793
F5Big-ip Next Central Ma...👾7.5HIGH
Improper Certificate Validation Vulnerability in BIG-IP Central Manager Could Allow Impersonation of Instance Provider Systems
CVE-2024-33612
F5Big-ip Next Central Ma...6.8MEDIUM
Stored XSS vulnerability in BIG-IP Configuration utility
CVE-2024-31156
F5Big-ip8HIGH
Reflected Cross-Site Scripting (XSS) Vulnerability in BIG-IP Configuration Utility
CVE-2024-33604
F5Big-ip6.1MEDIUM
Sensitive Information Vulnerability in GSLB Container
CVE-2024-28132
F5Big-ip Next Cnf4.4MEDIUM
Termination of Traffic Management Microkernel (TMM) Due to Non-Default SSL Profile Configuration
CVE-2024-28889
F5Big-ip5.9MEDIUM
Unauthenticated Remote Attackers May Obtain BIG-IP Next LTM/WAF Instance Credentials
CVE-2024-32049
F5Big-ip Next Central Ma...7.4HIGH
Undisclosed BIG-IP Configuration Utility Vulnerability Allows Cross-Site Scripting Attacks
CVE-2024-27202
F5Big-ip4.7MEDIUM
Undisclosed DNS Traffic Can Cause BIG-IP AFM TMM Termination
CVE-2024-25560
F5Big-ip7.5HIGH
IPsec Configuration Can Cause Termination of Traffic Management Microkernel
CVE-2024-33608
F5Big-ip7.5HIGH
F5 BIG-IP APM Vulnerability Allows Attackers to Bypass Endpoint Inspection
CVE-2024-28883
F5Big-ip Edge Client7.4HIGH
February 14
BIG-IP PEM Classification Profile Vulnerability
CVE-2024-23982
F5Big-ip7.5HIGH
Undisclosed Requests Can Cause NGINX Worker Processes to Terminate
CVE-2024-24990
F5Nginx Plus7.5HIGH
NGINX HTTP/3 QUIC vulnerability
CVE-2024-24989
F5Nginx Plus7.5HIGH
BIG-IP AFM Device Vulnerable to Termination Due to Undisclosed Queries
CVE-2024-21763
F5BIG-IP7.5HIGH
Undisclosed Requests Can Cause TMM Termination for HTTP Analytics and Advanced WAF/ASM
CVE-2024-23805
F5Big-ip7.5HIGH
Undisclosed Requests Can Cause Memory Resource Utilization Increase in BIG-IP ASM/Advanced WAF
CVE-2024-21789
F5BIG-IP7.5HIGH
Undisclosed Requests Can Cause BD Process Termination in BIG-IP Advanced WAF and ASM
CVE-2024-23308
F5BIG-IP7.5HIGH
Undisclosed SQL Injection Vulnerability Affects F5 Networks' BIG-IP Configuration Utility
CVE-2024-23603
F5BIG-IP3.8LOW
Termination of TMM due to Undisclosed Traffic
CVE-2024-24775
F5BIG-IP7.5HIGH
Undisclosed Sensitive Files Vulnerability in BIG-IP Next CNF and SPK Systems
CVE-2024-23306
F5BIG-IP Next SPK4.4MEDIUM
Undisclosed Responses in HTTP/2 Configured BIG-IP Systems Can Cause TMM Termination
CVE-2024-23314
F5Big-ip7.5HIGH
Undisclosed iControl REST Endpoint Vulnerability Allows Crossing Security Boundaries
CVE-2024-22093
F5BIG-IP8.7HIGH
Excessive CPU Utilization with SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) Authentication Profile
CVE-2024-23979
F5BIG-IP7.5HIGH
Remote Authentication Vulnerability in F5OS
CVE-2024-24966
F5F5OS - Appliance6.2MEDIUM
Advanced WAF/ASM Traffic Disruption Due to Undisclosed Traffic
CVE-2024-21849
F5BIG-IP7.5HIGH
Excessive Signature Matching Time Causes Traffic Disruption in BIG-IP AFM IPS Engine
CVE-2024-21771
F5BIG-IP7.5HIGH
Arbitrary Command Execution Vulnerability in BIG-IP and BIG-IQ Due to Incomplete Fix for CVE-2020-5873
CVE-2024-21782
F5BIG-IP6.7MEDIUM
F5 OS QKView Directory Traversal Vulnerability Allows Read Access to Outside Files
CVE-2024-23607
F5F5OS - Appliance5.5MEDIUM
Bypassing Appliance Mode Restrictions via iAppsLX Templates
CVE-2024-23976
F5BIG-IP6MEDIUM
BIG-IP High Availability Update Issues
CVE-2024-22389
F5BIG-IP7.2HIGH
November 21
CVE-2023-45886
F5Big-ip Next7.5HIGH
October 26
BIG-IP Configuration utility authenticated SQL injection vulnerability
CVE-2023-46748
F5BIG-IP👾8.8HIGH
Undisclosed Requests May Bypass Configuration Utility Authentication in F5 BIG-IP Systems, Allowing Attackers to Execute Arbitrary System Commands
CVE-2023-46747
F5BIG-IP😄👾9.8CRITICAL
October 10
BIGIP and BIG-IQ TACACS+ audit log Vulnerability
CVE-2023-43485
F5Big-ip5.5MEDIUM
BIG-IP IPSEC vulnerability
CVE-2023-41085
F5Big-ip7.5HIGH
BIG-IP Appliance mode external monitor vulnerability
CVE-2023-43746
F5Big-ip8.7HIGH
BIG-IP APM Guided Configuration vulnerability
CVE-2023-39447
F5Big-ip4.4MEDIUM
BIG-IP Edge Client for macOS vulnerability
CVE-2023-5450
F5Big-ip Edge Client7.3HIGH
BIG-IP DNS TSIG Key vulnerability
CVE-2023-41253
F5Big-ip5.5MEDIUM
BIG-IP iControl REST vulnerability
CVE-2023-42768
F5Big-ip7.2HIGH
BIG-IP Next SPK SSH vulnerability
CVE-2023-45226
F5Big-ip Next Spk7.4HIGH
BIG-IP Edge Client for macOS vulnerability
CVE-2023-43611
F5Big-ip Edge Client7.8HIGH
BIG-IP and BIG-IQ Database Variable vulnerability
CVE-2023-41964
F5Big-ip4.3MEDIUM
BIG-IP HTTP/2 vulnerability
CVE-2023-40534
F5Big-ip7.5HIGH
BIG-IP tmsh vulnerability
CVE-2023-45219
F5Big-ip4.4MEDIUM
BIG-IP TCP Profile vulnerability
CVE-2023-40542
F5Big-ip7.5HIGH
Multi-blade VIPRION Configuration utility session cookie vulnerability
CVE-2023-40537
F5Big-ip8.1HIGH
BIG-IP Configuration Utility vulnerability
CVE-2023-41373
F5Big-ip9.9CRITICAL
September 27
BIG-IP APM Clients TunnelCrack vulnerability
CVE-2023-43125
F5BIG-IP Edge Client8.2HIGH
BIG-IP APM Clients TunnelCrack vulnerability
CVE-2023-43124
F5BIG-IP Edge Client7.1HIGH
August 2
BIG-IP Configuration utility vulnerability
CVE-2023-38138
F5BIG-IP6.1MEDIUM
BIG-IP Configuration utility vulnerability
CVE-2023-38423
F5BIG-IP5.4MEDIUM
BIG-IP Edge Client for macOS vulnerability
CVE-2023-38418
F5BIG-IP Edge Client7.8HIGH
F5OS-A vulnerability
CVE-2023-36494
F5F5OS - Appliance4.4MEDIUM
BIG-IP Edge Client for Windows and macOS vulnerability
CVE-2023-36858
F5BIG-IP Edge Client5.5MEDIUM
BIG-IP FIPS HSM password vulnerability CVE-2023-3470
CVE-2023-3470
F5BIG-IP6.1MEDIUM
BIG-IP and BIG-IQ iControl SOAP vulnerability
CVE-2023-38419
F5BIG-IP4.3MEDIUM
May 3
BIG-IP TMUI XSS vulnerability
CVE-2023-27378
F5BIG-IP6.1MEDIUM
BIG-IP Edge Client for Windows and Mac OS vulnerability
CVE-2023-22372
F5BIG-IP Edge Client5.9MEDIUM
BIG-IP TMM SSL vulnerability
CVE-2023-24594
F5BIG-IP5.3MEDIUM
NGINX Management Suite vulnerability
CVE-2023-28724
F5NGINX Instance Manager7.1HIGH
NGINX Management Suite vulnerability
CVE-2023-28656
F5NGINX Instance Manager8.1HIGH
BIG-IP Configuration utility vulnerability
CVE-2023-28406
F5BIG-IP4.3MEDIUM
BIG-IP Edge Client for Windows and macOS vulnerability
CVE-2023-24461
F5BIG-IP Edge Client5.9MEDIUM
BIG-IQ iControl REST Vulnerability
CVE-2023-29240
F5BIG-IQ5.4MEDIUM
BIG-IP UDP Profile vulnerability
CVE-2023-29163
F5BIG-IP7.5HIGH
BIG-IP iQuery mesh vulnerability
CVE-2023-28742
F5BIG-IP8.8HIGH
April 9
CVE-2023-27727
F5Njs7.5HIGH
CVE-2023-27730
F5Njs7.5HIGH
CVE-2023-27728
F5Njs7.5HIGH
CVE-2023-27729
F5Njs7.5HIGH
March 29
NGINX Agent vulnerability CVE-2023-1550
CVE-2023-1550
F5NGINX Agent5.5MEDIUM
February 1
BIG-IP HTTP/2 profile vulnerability
CVE-2023-22664
F5BIG-IP7.5HIGH
BIG-IP SIP profile vulnerability
CVE-2023-22842
F5BIG-IP7.5HIGH
iControl REST and tmsh vulnerability
CVE-2023-22326
F5BIG-IP4.9MEDIUM
BIG-IP Virtual Edition vulnerability
CVE-2023-23555
F5BIG-IP7.5HIGH
HTTP profile vulnerability
CVE-2023-22422
F5BIG-IP7.5HIGH
BIG-IP HTTP profile vulnerability
CVE-2023-22302
F5BIG-IP5.9MEDIUM
BIG-IP SSL OCSP Authentication profile vulnerability
CVE-2023-22323
F5BIG-IP7.5HIGH
BIG-IP Advanced WAF and ASM vulnerability
CVE-2023-23552
F5BIG-IP7.5HIGH
BIG-IP AFM vulnerability
CVE-2023-22281
F5BIG-IP7.5HIGH
iControl SOAP vulnerability
CVE-2023-22374
F5BIG-IP8.5HIGH
BIG-IP APM virtual server vulnerability
CVE-2023-22418
F5BIG-IP6.1MEDIUM
BIG-IP DNS profile vulnerability
CVE-2023-22839
F5BIG-IP7.5HIGH