f5

1,031 tracked vulnerabilities.

CVE-2024-31156 HIGH
F5 BIG-IP 15.1.0-15.1.10.3 - Stored Cross-Site Scripting in Configuration Utility
May 08, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-28889 MEDIUM
F5 BIG-IP 15.1.0-15.1.10.4 - Denial of Service via SSL Profile Alert Timeout
May 08, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-28883 HIGH
BIG-IP APM Browser Network Access VPN Client 7.2.3-7.2.4.3 - Origin Validation Bypass
May 08, 2024
CVSS 7.4
EPSS 0.00
CVE-2024-28132 MEDIUM
F5 BIG-IP Next 1.2.0-1.2.9 - Authenticated Sensitive Information Exposure
May 08, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-27202 MEDIUM
F5 BIG-IP 15.1.0-15.1.10.3 - DOM-based Cross-Site Scripting in Configuration Utility
May 08, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-26026 HIGH
F5 BIG-IP Next Central Manager 20.0.1-20.1.x - SQL Injection via API URI
May 08, 2024
CVSS 7.5
EPSS 0.07
CVE-2024-25560 HIGH
F5 BIG-IP AFM 15.1.0-15.1.10.8 - Denial of Service via DNS Traffic
May 08, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-21793 HIGH
F5 BIG-IP Next Central Manager 20.0.1-20.1.x - SQL Injection via OData API
May 08, 2024
CVSS 7.5
EPSS 0.07
CVE-2024-3661 HIGH
FortiClient 6.4.0-7.2.4 - Unauthenticated VPN Traffic Leak via DHCP Classless Static Route Option
May 06, 2024
CVSS 7.6
EPSS 0.04
CVE-2024-24990 HIGH
NGINX OSS 1.25.0-1.25.3 and NGINX Plus - Use-After-Free in HTTP/3 QUIC Module
Feb 14, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-24989 HIGH
NGINX Plus and NGINX OSS - Denial of Service via HTTP/3 QUIC Module
Feb 14, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-24966 MEDIUM
F5OS-A and F5OS-C - Incorrect Authorization via LDAP Remote Authentication
Feb 14, 2024
CVSS 6.2
EPSS 0.00
CVE-2024-24775 HIGH
Traffic Management Microkernel - DoS
Feb 14, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-23982 HIGH
BIG-IP Policy Enforcement Manager 15.1.0-15.1.9 - Denial of Service via UDP Virtual Server Classification Profile
Feb 14, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-23979 HIGH
F5 BIG-IP - Denial of Service via SSL Client Certificate LDAP or CRLDP Authentication
Feb 14, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-23976 MEDIUM
F5 BIG-IP and BIG-IQ - Authenticated Privilege Escalation via iAppsLX Template Bypass
Feb 14, 2024
CVSS 6.0
EPSS 0.00
CVE-2024-23805 HIGH
F5 BIG-IP Advanced WAF and ASM 15.1.0-15.1.9 - Denial of Service via HTTP Analytics Profile with URLs Enabled
Feb 14, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-23607 MEDIUM
F5OS-A 1.3.0-1.3.9 and F5OS-C 1.3.0-1.5.9 - Authenticated Path Traversal via QKView Utility
Feb 14, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-23603 LOW
F5 BIG-IP Application Security Manager and Advanced Web Application Firewall - SQL Injection
Feb 14, 2024
CVSS 3.8
EPSS 0.00
CVE-2024-23314 HIGH
F5 BIG-IP and BIG-IQ - Denial of Service via HTTP/2 Response Handling
Feb 14, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-23308 HIGH
F5 BIG-IP Advanced WAF and ASM 17.1.0 - Denial of Service via Request Body Handling Option
Feb 14, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-23306 HIGH
F5 BIG-IP Next CNF and SPK 1.1.0-<1.2.0 - Unauthenticated Sensitive File Access
Feb 14, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-22389 HIGH
F5 BIG-IP - Insufficient Session Expiration via iControl REST API Token Sync
Feb 14, 2024
CVSS 7.2
EPSS 0.00
CVE-2024-22093 HIGH
F5 BIG-IP 15.1.0-15.1.8 and BIG-IQ 8.0.0-8.2.0 - Authenticated Remote Command Injection via iControl REST Endpoint
Feb 14, 2024
CVSS 8.7
EPSS 0.01
CVE-2024-21849 HIGH
F5 BIG-IP Advanced WAF and ASM 16.1.0-16.1.3 - Denial of Service via WebSocket Traffic
Feb 14, 2024
CVSS 7.5
EPSS 0.01