Vulnerabilities > F5 > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-14 | CVE-2024-21789 | Missing Release of Resource after Effective Lifetime vulnerability in F5 products When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.5 |
| 2024-02-14 | CVE-2024-21849 | Unspecified vulnerability in F5 products When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 |
| 2024-02-14 | CVE-2024-23306 | Unspecified vulnerability in F5 Big-Ip Next Cloud-Native Network Functions 1.1.0/1.1.1 A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.8 |
| 2024-02-14 | CVE-2024-23308 | NULL Pointer Dereference vulnerability in F5 products When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. | 7.5 |
| 2024-02-14 | CVE-2024-23314 | Unspecified vulnerability in F5 products When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.5 |
| 2024-02-14 | CVE-2024-23603 | SQL Injection vulnerability in F5 products An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 8.8 |
| 2024-02-14 | CVE-2024-23805 | Incorrect Calculation of Buffer Size vulnerability in F5 products Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. | 7.5 |
| 2024-02-14 | CVE-2024-23979 | Allocation of Resources Without Limits or Throttling vulnerability in F5 products When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. | 7.5 |
| 2024-02-14 | CVE-2024-23982 | Out-of-bounds Write vulnerability in F5 Big-Ip Policy Enforcement Manager When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. | 7.5 |
| 2024-02-14 | CVE-2024-24775 | NULL Pointer Dereference vulnerability in F5 products When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.5 |