Lucene search
K

108 matches found

F5 Networks
F5 Networks
added 2025/10/15 11:1 a.m.22 views

K000148512: BIG-IP Advanced WAF and ASM and NGINX App Protect DNS lookup vulnerability CVE-2025-58474

Security Advisory Description When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery SSRF protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests. CVE-2025-58474 Impact Traffic is...

6.9CVSS6.9AI score0.00353EPSS
Exploits0Affected Software3
F5 Networks
F5 Networks
added 2025/10/15 11:1 a.m.11 views

K000156621: BIG-IP Advanced WAF and ASM vulnerability CVE-2025-54858

Security Advisory Description When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate. CVE-2025-54858...

8.7CVSS6.9AI score0.00317EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
added 2025/10/15 10:36 a.m.10 views

K000154664: BIG-IP Advanced WAF and ASM vulnerability CVE-2025-61935

Security Advisory Description When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. CVE-2025-61935 Impact Traffic is disrupted while the bd process restarts. This vulnerability allows a remote,...

8.7CVSS6.9AI score0.0032EPSS
Exploits0Affected Software2
Tenable Nessus
Tenable Nessus
added 2025/10/15 12:0 a.m.2 views

F5 Networks BIG-IP : BIG-IP Advanced WAF and ASM vulnerability (K000156621)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6.1 / 17.1.3 / 17.5.1.3. It is, therefore, affected by a vulnerability as referenced in the K000156621 advisory. When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content...

8.7CVSS5.6AI score0.00317EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.18 views

EUVD-2009-4387

Malware in sbrugna...

7.8CVSS6.4AI score0.02221EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-31437

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00868EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/07/22 12:0 a.m.10 views

The vulnerability of the Behavioral DoS (BADoS) function of the BIG-IP Application Security Manager allows a attacker to cause a service failure.

The vulnerability of the Behavioral DoS BADoS function of the BIG-IP Application Security Manager protection tool is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

7.8CVSS6.6AI score0.00393EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/02/05 12:0 a.m.3 views

F5 BIG-IP ASM 缓冲区错误漏洞

F5 BIG-IP ASM is a Web Application Firewall WAF from F5 USA that provides secure remote access, protects email, and simplifies Web access control while enhancing network and application performance. A buffer error vulnerability exists in F5 BIG-IP ASM that stems from a configuration issue with th...

8.9CVSS6.8AI score0.00393EPSS
Exploits0References2
OSV
OSV
added 2024/02/14 5:15 p.m.4 views

CVE-2024-23805

Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables...

7.5CVSS5.8AI score0.00515EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/14 12:0 a.m.4 views

PT-2024-19057

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions affected versions not specified Description When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Recommendations At the...

7.5CVSS7.5AI score0.00515EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/12/06 12:0 a.m.7 views

The vulnerability of the BIG-IP Access Policy Manager’s access control and remote authentication mechanisms, as well as the software products such as BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP Orchestrator, allows a perpetrator to trigger a service failure.

The vulnerabilities of the BIG-IP Access Policy Manager, as well as the BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link...

7.8CVSS7.2AI score0.00626EPSS
Exploits0References3Affected Software13
BDU FSTEC
BDU FSTEC
added 2023/12/06 12:0 a.m.8 views

The vulnerability of the BIG-IP Access Policy Manager’s access control and remote authentication mechanisms, as well as the software products such as BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP Orchestrator, allows a perpetrator to trigger a service failure.

The vulnerabilities of the BIG-IP Access Policy Manager, as well as the BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link...

7.8CVSS7.5AI score0.00626EPSS
Exploits0References3Affected Software12
BDU FSTEC
BDU FSTEC
added 2023/12/04 12:0 a.m.5 views

The vulnerability of the BIG-IP Access Policy Manager’s access control and remote authentication mechanisms, as well as the software products such as BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP Orchestrator, allows a perpetrator to trigger a service failure.

The vulnerabilities of the BIG-IP Access Policy Manager, as well as the BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link...

7.8CVSS7.4AI score0.00626EPSS
Exploits0References3Affected Software12
BDU FSTEC
BDU FSTEC
added 2023/10/25 12:0 a.m.6 views

The vulnerability of the BIG-IP Access Policy Manager, as well as software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe, is related to incorrect session duration settings. This allows attackers to gain unauthorized access to protected information.

The vulnerabilities of the BIG-IP Access Policy Manager, as well as of software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibili...

8.1CVSS7.5AI score0.00457EPSS
Exploits0References4Affected Software18
BDU FSTEC
BDU FSTEC
added 2023/10/25 12:0 a.m.5 views

The vulnerabilities of the BIG-IP Access Policy Manager, as well as of software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe, when running on the BIG-IP TMOS Shel operating system, allow attackers to expose the protected information.

The vulnerabilities of the BIG-IP Access Policy Manager, as well as of software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibili...

4.4CVSS5.5AI score0.00175EPSS
Exploits0References3Affected Software19
BDU FSTEC
BDU FSTEC
added 2023/03/07 12:0 a.m.5 views

The vulnerabilities of the BIG-IP Access Policy Manager, as well as the BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP Orchestrator, allow a perpetrator to access confidential data.

The vulnerabilities of the BIG-IP Access Policy Manager, as well as the BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link...

7.8CVSS5.6AI score0.00521EPSS
Exploits0References2Affected Software12
F5 Networks
F5 Networks
added 2023/02/21 7:53 p.m.31 views

K15939: pl_tree.php XSS vulnerability CVE-2014-9342

Security Advisory Description Cross-site scripting XSS vulnerability in the tree view pltree.php feature in Application Security Manager ASM in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation...

4.3CVSS5.8AI score0.02117EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:42 p.m.27 views

K16081: BIG-IP ASM cross-site scripting (XSS) vulnerability CVE-2015-1050

Security Advisory Description Cross-site scripting XSS vulnerability in F5 BIG-IP Application Security Manager ASM before 11.6.0 allows an authenticated user to inject arbitrary web script or HTML via the Response Body field. CVE-2015-1050 Impact Remote attackers may be able to inject arbitrary w...

4.3CVSS5.5AI score0.01911EPSS
Exploits1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/02/21 12:0 a.m.10 views

The vulnerability of the BIG-IP Access Policy Manager’s access control and remote authentication mechanisms, as well as the software products such as BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP Orchestrator, allows a perpetrator to trigger a service failure.

The vulnerabilities of the BIG-IP Access Policy Manager, as well as the BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link...

7.5CVSS7.2AI score0.00626EPSS
Exploits0References3Affected Software12
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.7 views

F5 BIG-IP 资源管理错误漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in F5 BIG-IP AWAF and ASM, where when a BIG-IP Advanced WAF or BIG-IP ASM security...

7.5CVSS7AI score0.01545EPSS
Exploits0References2
Rows per page
Query Builder