CVE-2026-2507

When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

PT-2025-51803

Name of the Vulnerable Software and Affected Versions ipfw versions affected versions not specified Description The tcp-setmss handler may free packet data and generate an error without stopping rule processing. A subsequent rule could then allow traffic to pass after the packet data is removed,...

CVE-2025-58474 BIG-IP Advanced WAF and ASM and NGINX App Protect DNS lookup vulnerability

When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery SSRF protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests. Note: Software versions which have reached End of Technical Support...

K000152341: BIG-IP AFM DoS protection profile vulnerability CVE-2025-59478

Security Advisory Description When a BIG-IP AFM denial-of-service DoS protection profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-59478 Impact Traffic is disrupted while the TMM process restarts. This...

EUVD-2020-12474

Malware in sbrugna...

CVE-2025-24312

When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support EoTS are...

PT-2024-19045 · F5 · Big-Ip Afm

Name of the Vulnerable Software and Affected Versions: BIG-IP AFM affected versions not specified Description: The BIG-IP AFM IPS engine may spend an excessive amount of time matching unspecified traffic patterns against signatures, resulting in Traffic Management Microkernel TMM restarting and...

CVE-2022-41806

In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization...

CVE-2021-23028

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall WAF/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests m...

CVE-2021-23040

On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This issue is exposed only when BIG-IP AFM is provisione...

CVE-2021-0225 Junos OS Evolved: Stateless IP firewall filter does not work as expected

An Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS Evolved may cause the stateless firewall filter configuration which uses the action 'policer' in certain combinations with other options to not take effect. An administrator can use the following CLI command to s...

F5 BIG-IP AFM Memory Leak Vulnerability

F5 BIG-IP AFM is an advanced firewall product from F5 USA for protection against DDos attacks. A memory leak vulnerability exists in the BIG-IP AFM HTTP version 13.1.3.4, which stems from a traffic management microkernel TMM leaking memory when a security profile is applied to a virtual server, a...

FreeBSD ipfw Buffer Overflow Vulnerability

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. ipfw is one of the IP firewall components. A buffer overflow vulnerability exists in ipfw in FreeBSD, which stems from a program's failure to properly validate packets, and can be exploited by an attacker to cause...

CVE-2020-1604

On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail. This issue only affects firewall filter evaluation of certain packets destined to the device Routing Engine RE. This issue does...

Design/Logic Flaw

On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail. This issue only affects firewall filter evaluation of certain packets destined to the device Routing Engine RE. This issue does...

CVE-2020-1604

CVE-2020-1604 affects Junos OS on EX4300/EX4600/QFX3500/QFX5100 series. The IP firewall filter component may fail to evaluate certain IPv4/IPv6 packets destined to the Routing Engine, but L2/L3 filter paths to hosts are unaffected. Affected releases include 14.1X53 before certain D revisions (QFX...

CVE-2018-0031 Junos OS: Receipt of specially crafted UDP packets over MPLS may bypass stateless IP firewall rules

Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. The packets themselves do not cause a...

FreeBSD ipfw /pf IP firewall packet filter DoS

Problem with fragmented packets handling...