Lucene search
K

16 matches found

Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.12 views

PT-2026-40643

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the ...

8.7CVSS5.8AI score0.00324EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/05 7:23 p.m.6 views

CVE-2026-22548

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.2CVSS5.4AI score0.00185EPSS
Exploits0References1
OSV
OSV
added 2025/10/15 2:15 p.m.4 views

CVE-2025-58474

When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery SSRF protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests. Note: Software versions which have reached End of Technical Support...

5.3CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2025/10/15 2:15 p.m.3 views

CVE-2025-55669

When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/15 1:55 p.m.6 views

CVE-2025-54858 BIG-IP Advanced WAF and ASM vulnerability

When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End o...

8.7CVSS6.4AI score0.00317EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/15 1:55 p.m.5 views

CVE-2025-61938 BIG-IP Advanced WAF and ASM bd process vulnerability

When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly. Note: Software versions which have...

8.7CVSS6.3AI score0.00317EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/15 1:55 p.m.10 views

CVE-2025-58474 BIG-IP Advanced WAF and ASM and NGINX App Protect DNS lookup vulnerability

When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery SSRF protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests. Note: Software versions which have reached End of Technical Support...

6.9CVSS0.00353EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-10168

Malware in sbrugna...

7.5CVSS7.4AI score0.00468EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2021-10171

Malware in sbrugna...

5.3CVSS5.3AI score0.00919EPSS
Exploits0References2
OSV
OSV
added 2024/02/14 5:15 p.m.5 views

CVE-2024-23308

When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed U...

7.5CVSS5.8AI score0.00515EPSS
Exploits0References1
OSV
OSV
added 2023/02/01 6:15 p.m.6 views

CVE-2023-23552

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource...

7.5CVSS7.1AI score0.01545EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/01/25 8:15 p.m.8 views

CVE-2022-23031

On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14.1.x before 14.1.4.4, an XML External Entity XXE vulnerability exists in an undisclosed page of the F5 Advanced Web Application Firewall Advanced WAF and BIG-IP ASM Traffic Management User Interface...

4.9CVSS5.8AI score0.00834EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/09/14 8:43 p.m.40 views

CVE-2021-23030

On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software...

7.7AI score0.00961EPSS
Exploits0References1
OSV
OSV
added 2021/09/14 1:15 p.m.4 views

CVE-2021-23053

On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to...

5.3CVSS5.8AI score0.00919EPSS
Exploits0References1
NVD
NVD
added 2021/09/14 1:15 p.m.38 views

CVE-2021-23053

On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to...

5.3CVSS0.00919EPSS
Exploits0References1
OSV
OSV
added 2021/02/12 8:15 p.m.5 views

CVE-2021-22984

On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM...

6.1CVSS7.3AI score0.00632EPSS
Exploits0References1
Rows per page
Query Builder