CVE-2022-23010

On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile and an HTTP profile are configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note:...

F5 Networks BIG-IP : BIG-IP PEM vulnerability (K000151475)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6.1 / 17.1.3 / 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K000151475 advisory. When a classification profile is configured on a virtual server without an HTTP or HTTP/2...

EUVD-2021-10160

Malware in sbrugna...

EUVD-2021-10153

Malware in sbrugna...

EUVD-2017-15203

Malware in sbrugna...

EUVD-2018-7197

Malware in sbrugna...

EUVD-2022-28138

Malicious code in bioql PyPI...

EUVD-2023-26465

Malicious code in bioql PyPI...

EUVD-2025-13945

Malicious code in bioql PyPI...

EUVD-2022-28133

Malicious code in bioql PyPI...

EUVD-2023-26585

Malicious code in bioql PyPI...

EUVD-2022-28121

Malicious code in bioql PyPI...

CVE-2021-23042

On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, and 12.1.x before 12.1.6, when an HTTP profile is configured on a virtual server, undisclosed requests can cause a significant increase in system resource utilization. Note: Software versio...

CVE-2025-36557

When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-36557

CVE-2025-36557 affects F5 BIG-IP BIG-IP Next and related platforms where an HTTP profile configured with Enforce RFC Compliance can cause the Traffic Management Microkernel (TMM) to terminate due to undisclosed requests. Impact is described as DoS with TMM restart disruption and potential data-pl...

CVE-2025-36557 BIG-IP HTTP vulnerability

When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-36557 BIG-IP HTTP vulnerability

When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

PT-2025-20305 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP versions affected versions not specified Description: The issue occurs when an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, allowing undisclosed requests to cause the Traffic Management...

CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance

The U.S. Cybersecurity and Infrastructure Security Agency CISA is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager LTM module to conduct reconnaissance of target networks. It said the module is being used to...

K000132430: The BIG-IP system may fail to block HTTP Request Smuggling attacks

Security Advisory Description The BIG-IP system may fail to block non-RFC-compliant HTTP requests to the pool member, which may lead to an HTTP Request Smuggling attack. This issue occurs when all of the following conditions are met: A virtual server is associated with an HTTP profile. The BIG-IP...