Vulnerabilities > F5 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-04 | CVE-2025-1695 | Infinite Loop vulnerability in F5 Nginx In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. | 5.3 |
| 2024-11-06 | CVE-2024-10318 | Session Fixation vulnerability in F5 products A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. | 5.4 |
| 2024-08-22 | CVE-2024-7634 | Path Traversal vulnerability in F5 Nginx Agent and Nginx Instance Manager NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory. | 4.9 |
| 2024-08-14 | CVE-2024-37028 | Improper Authentication vulnerability in F5 Big-Ip Next Central Manager BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.3 |
| 2024-08-14 | CVE-2024-41719 | Information Exposure Through Log Files vulnerability in F5 Big-Ip Next Central Manager When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM), F5 iHealth credentials will be logged in the BIG-IP Central Manager logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.5 |
| 2024-08-14 | CVE-2024-41723 | Unspecified vulnerability in F5 products Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 4.3 |
| 2024-08-14 | CVE-2024-7347 | Out-of-bounds Read vulnerability in F5 Nginx Open Source and Nginx Plus NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. | 4.7 |
| 2024-05-29 | CVE-2024-31079 | Out-of-bounds Write vulnerability in multiple products When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. | 4.8 |
| 2024-05-29 | CVE-2024-32760 | Out-of-bounds Write vulnerability in multiple products When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact. | 6.5 |
| 2024-05-29 | CVE-2024-34161 | Use After Free vulnerability in multiple products When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory. | 5.3 |