Lucene search
+L

121 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:46 a.m.10 views

CVE-2019-6654

On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering As defined in RFC 1812 section 5.3.7 on the control plane management interface. This may allow attackers on an adjacent system to force BIG-IP into processing...

4.3CVSS6.8AI score0.00476EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:46 a.m.10 views

CVE-2019-6633

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource Administrator roles can bypass Appliance mode restrictions...

4.4CVSS7AI score0.00347EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:46 a.m.16 views

CVE-2019-6637

On BIG-IP ASM 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on...

6.5CVSS6.8AI score0.01461EPSS
Exploits0References1
NVD
NVD
added 2025/05/07 10:15 p.m.16 views

CVE-2025-35995

When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of...

8.7CVSS0.00357EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2025/05/07 12:59 p.m.17 views

K000140937: BIG-IP SIP ALG profile vulnerability CVE-2025-41433

Security Advisory Description When a Session Initiation Protocol SIP message routing framework MRF application layer gateway ALG profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-41433 Impact...

8.7CVSS7.2AI score0.00357EPSS
Exploits0Affected Software12
F5 Networks
F5 Networks
added 2025/05/07 12:44 p.m.17 views

K000140968: BIG-IP HTTP/2 vulnerability CVE-2025-41414

Security Advisory Description When HTTP/2 client and server profiles are simultaneously configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-41414 Impact Traffic is disrupted while the TMM process restarts. This vulnerability...

8.7CVSS7.1AI score0.00352EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
added 2025/02/21 5:10 a.m.28 views

K000149915: zlib vulnerability CVE-2016-9841

Security Advisory Description inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. CVE-2016-9841 Impact This vulnerability may allow an attacker to cause a denial-of-service DoS on the BIG-IP or BIG-IQ system. Securi...

9.8CVSS7.8AI score0.0755EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
added 2025/02/20 11:35 p.m.17 views

K000149905: zlib vulnerability CVE-2016-9840

Security Advisory Description inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. CVE-2016-9840 Impact This vulnerability may allow an attacker to cause a denial-of-service DoS on the BIG-IP or BIG-IQ system...

8.8CVSS8.2AI score0.04793EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
added 2025/02/05 2:8 p.m.17 views

K000140933: BIG-IP SNMP vulnerability CVE-2025-21091

Security Advisory Description When SNMP v1 or v2c are disabled on the BIG-IP system, undisclosed requests can cause an increase in memory resource utilization. CVE-2025-21091 Impact System performance can degrade until the snmpd process is either forced to restart or is manually restarted. This...

8.7CVSS6.3AI score0.00436EPSS
Exploits0Affected Software12
F5 Networks
F5 Networks
added 2025/02/05 1:22 p.m.12 views

K000138757: BIG-IP iControl REST vulnerability CVE-2025-23239

Security Advisory Description When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. CVE-2025-23239...

8.7CVSS6AI score0.00753EPSS
Exploits0Affected Software12
CNNVD
CNNVD
added 2025/02/05 12:0 a.m.6 views

F5 BIG-IP 资源管理错误漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. An uncontrolled resource consumption vulnerability exists in F5 BIG-IP, which can be exploited by an attacker to cause a denia...

8.9CVSS6.6AI score0.00393EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2025/01/03 5:50 p.m.18 views

K000149130: c-ares vulnerability CVE-2017-1000381

Security Advisory Description The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. CVE-2017-1000381 Impact An authenticated...

7.5CVSS8.6AI score0.0331EPSS
Exploits0Affected Software12
CVE
CVE
added 2024/08/14 2:32 p.m.95 views

CVE-2024-39778

CVE-2024-39778 affects BIG-IP platforms with High-Speed Bridge (HSB) where a stateless virtual server can be abused by undisclosed requests to cause TMM termination, causing DoS. Concrete details from connected sources show affected tracks per F5 advisories: BIG-IP Next (all modules) vulnerable; ...

8.7CVSS7.5AI score0.00481EPSS
Exploits0References1Affected Software21
OSV
OSV
added 2024/02/14 5:15 p.m.9 views

CVE-2024-23976

When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6CVSS5.8AI score0.00167EPSS
Exploits0References1
Prion
Prion
added 2024/02/14 5:15 p.m.26 views

Authentication flaw

When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

2.9CVSS6.8AI score0.00167EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2024/02/14 1:26 p.m.36 views

K000135873: BIG-IP Websockets vulnerability CVE-2024-21849

Security Advisory Description When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM process to terminate. CVE-2024-21849 Impact Traffic is disrupted while the TMM process restarts...

7.5CVSS7.6AI score0.00515EPSS
Exploits0Affected Software2
NVD
NVD
added 2023/10/26 9:15 p.m.27 views

CVE-2023-46747

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support EoTS...

9.8CVSS9.8AI score0.96515EPSS
Exploits17References4
CVE
CVE
added 2023/10/26 8:4 p.m.590 views

CVE-2023-46747

CVE-2023-46747 is an unauthenticated remote code execution flaw in F5 BIG-IP TMUI (management port/self IP). Public linked PoCs/exploits demonstrate unauthenticated RCE by targeting TMUI to create or leverage a user/token flow and execute commands on vulnerable devices; CVSS v3.1 = 9.8 (CRITICAL)...

9.8CVSS9.9AI score0.96515EPSS
In wildExploits17References4Affected Software1
NVD
NVD
added 2023/10/10 1:15 p.m.20 views

CVE-2023-43746

When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which...

8.7CVSS8.5AI score0.00435EPSS
Exploits0References1
OSV
OSV
added 2023/10/10 1:15 p.m.6 views

CVE-2023-43746

When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which...

8.7CVSS5.5AI score0.00435EPSS
Exploits0References1
Rows per page
Query Builder