Vulnerabilities > F5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-04 | CVE-2025-1695 | Infinite Loop vulnerability in F5 Nginx In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. | 5.3 |
| 2024-11-06 | CVE-2024-10318 | Session Fixation vulnerability in F5 products A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. | 5.4 |
| 2024-08-22 | CVE-2024-7634 | Path Traversal vulnerability in F5 Nginx Agent and Nginx Instance Manager NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory. | 4.9 |
| 2024-08-14 | CVE-2024-37028 | Improper Authentication vulnerability in F5 Big-Ip Next Central Manager BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.3 |
| 2024-08-14 | CVE-2024-39778 | Unspecified vulnerability in F5 products When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 |
| 2024-08-14 | CVE-2024-39792 | Operation on a Resource after Expiration or Release vulnerability in F5 Nginx Plus R30/R31/R32 When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 |
| 2024-08-14 | CVE-2024-39809 | Insufficient Session Expiration vulnerability in F5 Big-Ip Next Central Manager 20.1.0 The Central Manager user session refresh token does not expire when a user logs out. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 8.8 |
| 2024-08-14 | CVE-2024-41164 | NULL Pointer Dereference vulnerability in F5 products When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 |
| 2024-08-14 | CVE-2024-41719 | Information Exposure Through Log Files vulnerability in F5 Big-Ip Next Central Manager When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM), F5 iHealth credentials will be logged in the BIG-IP Central Manager logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.5 |
| 2024-08-14 | CVE-2024-41723 | Unspecified vulnerability in F5 products Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 4.3 |