Vulnerabilities > F5 > BIG IP Global Traffic Manager > 15.1.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-14 | CVE-2024-39778 | Unspecified vulnerability in F5 products When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 |
| 2024-08-14 | CVE-2024-41164 | NULL Pointer Dereference vulnerability in F5 products When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 |
| 2024-02-14 | CVE-2024-21782 | OS Command Injection vulnerability in F5 products BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. | 6.7 |
| 2024-02-14 | CVE-2024-22093 | Command Injection vulnerability in F5 products When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. | 9.6 |
| 2024-02-14 | CVE-2024-22389 | Unspecified vulnerability in F5 products When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device. | 6.5 |
| 2024-02-14 | CVE-2024-23314 | Unspecified vulnerability in F5 products When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.5 |
| 2024-02-14 | CVE-2024-23976 | Unspecified vulnerability in F5 products When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. | 4.4 |
| 2024-02-14 | CVE-2024-23979 | Allocation of Resources Without Limits or Throttling vulnerability in F5 products When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. | 7.5 |
| 2024-02-14 | CVE-2024-24775 | NULL Pointer Dereference vulnerability in F5 products When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.5 |
| 2023-11-21 | CVE-2023-45886 | The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute. | 7.5 |