Vulnerabilities > F5 > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-14 | CVE-2024-39778 | Unspecified vulnerability in F5 products When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 |
| 2024-08-14 | CVE-2024-39792 | Operation on a Resource after Expiration or Release vulnerability in F5 Nginx Plus R30/R31/R32 When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 |
| 2024-08-14 | CVE-2024-39809 | Insufficient Session Expiration vulnerability in F5 Big-Ip Next Central Manager 20.1.0 The Central Manager user session refresh token does not expire when a user logs out. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 8.8 |
| 2024-08-14 | CVE-2024-41164 | NULL Pointer Dereference vulnerability in F5 products When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 |
| 2024-08-14 | CVE-2024-41727 | Allocation of Resources Without Limits or Throttling vulnerability in F5 products In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 |
| 2024-05-08 | CVE-2024-32049 | Unspecified vulnerability in F5 Big-Ip Next Central Manager BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.4 |
| 2024-05-08 | CVE-2024-33612 | Improper Certificate Validation vulnerability in F5 Big-Ip Next Central Manager 20.1.0 An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. | 8.0 |
| 2024-02-14 | CVE-2024-21763 | NULL Pointer Dereference vulnerability in F5 Big-Ip Advanced Firewall Manager When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate. NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.5 |
| 2024-02-14 | CVE-2024-21789 | Missing Release of Resource after Effective Lifetime vulnerability in F5 products When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.5 |
| 2024-02-14 | CVE-2024-21849 | Unspecified vulnerability in F5 products When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 |