106 matches found
CVE-2024-23306 BIG-IP Next CNF & SPK vulnerability
A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-21782 BIG-IP and BIG-IQ secure copy vulnerability
BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy scp utility but do not have access to Advanced shell bash can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873...
CVE-2024-23607 F5OS QKView utility vulnerability
A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-24990
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
F5 Networks BIG-IP : BIG-IP TMM vulnerability (K30523121)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.3.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K30523121 advisory. - On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when a DNS profile using a DNS cache resolver is...
F5 Networks BIG-IP : TMUI XSS vulnerability (K24301698)
The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4.3 / 15.1.3.1 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K24301698 advisory. - On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM...
Design/Logic Flaw
When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which...
CVE-2023-43611 BIG-IP Edge Client for macOS vulnerability
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2023-41964 BIG-IP and BIG-IQ Database Variable vulnerability
The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database DB variables. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2023-43125
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
Code injection
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
Code injection
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2023-43125 BIG-IP APM Clients TunnelCrack vulnerability
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2023-43125 BIG-IP APM Clients TunnelCrack vulnerability
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2023-43124 BIG-IP APM Clients TunnelCrack vulnerability
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2023-38419
An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
Cross site scripting
A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluate...
Design/Logic Flaw
Audit logs on F5OS-A may contain undisclosed sensitive information. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2023-38423 BIG-IP Configuration utility vulnerability
A cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
F5 Networks BIG-IP : BIG-IP FIPS HSM password vulnerability (K000135449)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4 / 14.1.4 / 15.1.1 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K000135449 advisory. - Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password...