Lucene search
K

106 matches found

NVD
NVD
added 2024/05/08 3:15 p.m.19 views

CVE-2024-33612

An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.8CVSS6.5AI score0.00233EPSS
Exploits0References1
NVD
NVD
added 2024/05/08 3:15 p.m.18 views

CVE-2024-28889

When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical...

5.9CVSS5.7AI score0.00443EPSS
Exploits0References1
NVD
NVD
added 2024/05/08 3:15 p.m.20 views

CVE-2024-27202

A DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

4.7CVSS4.6AI score0.00272EPSS
Exploits0References1
CVE
CVE
added 2024/05/08 3:1 p.m.68 views

CVE-2024-28132

CVE-2024-28132 affects BIG-IP Next CNF and is a Sensitive Information disclosure in the GSLB container. An authenticated attacker with administrator privileges may exploit it locally to view sensitive information. Affected versions: 1.2.0–1.2.1 . Root cause: exposure within the GSLB container; fi...

4.4CVSS4.4AI score0.00166EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/08 3:1 p.m.22 views

CVE-2024-33604 BIG-IP Configuration utility XSS vulnerability

A reflected cross-site scripting XSS vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.1CVSS6.1AI score0.00314EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/08 3:1 p.m.30 views

CVE-2024-28889 BIG-IP SSL vulnerability

When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical...

5.9CVSS5.9AI score0.00443EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/08 3:1 p.m.20 views

CVE-2024-27202 BIG-IP TMUI XSS vulnerability

A DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

4.7CVSS4.8AI score0.00272EPSS
Exploits0References1
CVE
CVE
added 2024/05/08 3:1 p.m.80 views

CVE-2024-27202

CVE-2024-27202 is a DOM-based XSS in the BIG-IP Configuration utility. Affected BIG-IP versions include 17.1.0–17.1.1, 16.1.0–16.1.4, and 15.1.0–15.1.10. An attacker can run JavaScript in the context of an authenticated admin session via a malicious page, a control-plane issue with no data-plane ...

4.7CVSS4.5AI score0.00272EPSS
Exploits0References1Affected Software21
Cvelist
Cvelist
added 2024/05/08 3:1 p.m.29 views

CVE-2024-28883 BIG-IP APM browser network access VPN client vulnerability

An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.4CVSS7.5AI score0.00205EPSS
Exploits0References1
NVD
NVD
added 2024/02/14 5:15 p.m.24 views

CVE-2024-24966

When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.2CVSS6.5AI score0.00203EPSS
Exploits0References1
NVD
NVD
added 2024/02/14 5:15 p.m.25 views

CVE-2024-23976

When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6CVSS5.8AI score0.00167EPSS
Exploits0References1
NVD
NVD
added 2024/02/14 5:15 p.m.39 views

CVE-2024-23982

When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Securi...

7.5CVSS7.5AI score0.00515EPSS
Exploits0References1
NVD
NVD
added 2024/02/14 5:15 p.m.46 views

CVE-2024-23805

Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables...

7.5CVSS7.4AI score0.00515EPSS
Exploits0References1
NVD
NVD
added 2024/02/14 5:15 p.m.23 views

CVE-2024-21849

When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.5CVSS7.5AI score0.00515EPSS
Exploits0References1
Prion
Prion
added 2024/02/14 5:15 p.m.24 views

Code injection

When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

5CVSS7.2AI score0.00515EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/14 4:30 p.m.72 views

CVE-2024-24989 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS7.6AI score0.01061EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/02/14 4:30 p.m.39 views

CVE-2024-24990

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS7.7AI score0.00914EPSS
Exploits0
Cvelist
Cvelist
added 2024/02/14 4:30 p.m.32 views

CVE-2024-21763 BIG-IP AFM vulnerability

When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel TMM to terminate. NOTE: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.5CVSS7.7AI score0.00515EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/14 4:30 p.m.29 views

CVE-2024-21789 BIG-IP ASM and Advanced WAF vulnerability

When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.5CVSS7.7AI score0.00515EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/14 4:30 p.m.23 views

CVE-2024-24775 BIG-IP TMM vulnerability

When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.5CVSS7.7AI score0.00515EPSS
Exploits0References1
Rows per page
Query Builder