K000160902: Intel UEFI vulnerability CVE-2025-20027

Security Advisory Description Improper input validation in the UEFI WheaERST module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may...

EUVD-2018-17276

Malware in sbrugna...

EUVD-2020-27075

Malware in sbrugna...

EUVD-2023-45108

Malicious code in bioql PyPI...

CVE-2020-5921

in BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, Syn flood causes large number of MCPD context messages destined to secondary blades consuming memory leading to MCPD failure. This issue affects only VIPRION hosts with two...

K000141503: Intel UEFI vulnerability CVE-2023-42772

Security Advisory Description Untrusted pointer dereference in UEFI firmware for some IntelR reference processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-42772 Impact There is no impact; F5 products are not affected by this vulnerabilit...

K000141501: Intel UEFI vulnerability CVE-2024-21871

Security Advisory Description Improper input validation in UEFI firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2024-21871 Impact There is no impact; F5 products are not affected by this vulnerability. F5 previous...

F5 Networks BIG-IP : Multi-blade VIPRION Configuration utility session cookie vulnerability (K29141800)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K29141800 advisory. - An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG- ...

CVE-2023-40537

An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2023-40537

An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Code injection

An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2023-40537 Multi-blade VIPRION Configuration utility session cookie vulnerability

An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2023-40537 Multi-blade VIPRION Configuration utility session cookie vulnerability

An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2023-40537

CVE-2023-40537 affects BIG-IP on multi-blade VIPRION: an authenticated user’s session cookie may remain valid briefly after logout, enabling potential reuse to access management interfaces and execute commands. The vulnerability is limited to VIPRION multi-blade configurations and does not affect...

K29141800: Multi-blade VIPRION Configuration utility session cookie vulnerability CVE-2023-40537

Security Advisory Description An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. CVE-2023-40537 Impact A remote unauthenticated attacker may be able to reuse, for a limited time, an...

PT-2023-6399 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP affected versions not specified Description: The issue is related to an incorrect session expiration time, allowing an authenticated user's session cookie to remain valid for a limited time after logging out from the BIG-IP Configurati...

K52521791: vCMP Cavium Nitrox SSL hardware accelerator vulnerability CVE-2018-5507

Security Advisory Description vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU. CVE-2018-5507 Impact BIG-IP The affected SSL connections are terminated unexpectedly. ARX / BIG-IQ / Enterprise Manager ...

K04280042: BIG-IP ASM vulnerability CVE-2019-6650

Security Advisory Description F5 BIG-IP ASM may expose sensitive information and allow the system configuration to be modified when using non-default settings. CVE-2019-6650 Impact The vulnerability is only present on multi-bladed systems VIPRION with BIG-IP ASM provisioned, on the following...

K24036027: libarchive vulnerability CVE-2016-5844

Security Advisory Description Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service application crash via a crafted ISO file. CVE-2016-5844 Impact For BIG-IP and VIPRION platforms that are configured to use Virtual Clustered...

K60570139: Rowhammer hardware vulnerability CVE-2020-10255

Security Advisory Description Modern DRAM chips DDR4 and LPDDR4 after 2015 are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh TRR, aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain...