Vulnerabilities > F5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-14 | CVE-2024-7347 | Out-of-bounds Read vulnerability in F5 Nginx Open Source and Nginx Plus NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. | 4.7 |
| 2024-05-29 | CVE-2024-31079 | Out-of-bounds Write vulnerability in multiple products When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. | 4.8 |
| 2024-05-29 | CVE-2024-32760 | Out-of-bounds Write vulnerability in multiple products When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact. | 6.5 |
| 2024-05-29 | CVE-2024-34161 | Use After Free vulnerability in multiple products When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory. | 5.3 |
| 2024-05-29 | CVE-2024-35200 | NULL Pointer Dereference vulnerability in multiple products When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. | 5.3 |
| 2024-05-08 | CVE-2024-21793 | SQL Injection vulnerability in F5 Big-Ip Next Central Manager 20.1.0 An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 9.8 |
| 2024-05-08 | CVE-2024-26026 | SQL Injection vulnerability in F5 Big-Ip Next Central Manager 20.1.0 An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 9.8 |
| 2024-05-08 | CVE-2024-32049 | Unspecified vulnerability in F5 Big-Ip Next Central Manager BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.4 |
| 2024-05-08 | CVE-2024-33612 | Improper Certificate Validation vulnerability in F5 Big-Ip Next Central Manager 20.1.0 An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. | 8.0 |
| 2024-05-06 | CVE-2024-3661 | Missing Authentication for Critical Function vulnerability in multiple products DHCP can add routes to a client’s routing table via the classless static route option (121). | 7.6 |