Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-28724
NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support (EoTS) are not eval...
F5 Nginx Instance Manager
F5 Nginx Security Monitoring
F5 Nginx Api Connectivity Manager
NA
CVE-2023-28742
When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip Domain Name System
NA
CVE-2023-29240
An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-iq Centralized Management
NA
CVE-2023-22372
In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip Access Policy Manager
NA
CVE-2023-27378
Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an malicious user to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technica...
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Edge Gateway
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
NA
CVE-2023-24461
An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an malicious user to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip Access Policy Manager
NA
CVE-2023-24594
When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip Advanced Firewall Manager 16.1.2
F5 Big-ip Access Policy Manager 16.1.2
F5 Big-ip Analytics 16.1.2
F5 Big-ip Application Security Manager 16.1.2
F5 Big-ip Application Acceleration Manager 16.1.2
F5 Big-ip Policy Enforcement Manager 16.1.2
F5 Big-ip Local Traffic Manager 16.1.2
F5 Big-ip Link Controller 16.1.2
F5 Big-ip Global Traffic Manager 16.1.2
F5 Big-ip Fraud Protection Service 16.1.2
F5 Big-ip Domain Name System 16.1.2
F5 Big-ip Advanced Web Application Firewall 16.1.2
F5 Big-ip Application Visibility And Reporting 16.1.2
F5 Big-ip Carrier-grade Nat 16.1.2
F5 Big-ip Ddos Hybrid Defender 16.1.2
F5 Big-ip Edge Gateway 16.1.2
F5 Big-ip Ssl Orchestrator 16.1.2
F5 Big-ip Webaccelerator 16.1.2
F5 Big-ip Websafe 16.1.2
F5 Big-ip Access Policy Manager 15.1.4.1
F5 Big-ip Advanced Firewall Manager 15.1.4.1
F5 Big-ip Advanced Web Application Firewall 15.1.4.1
NA
CVE-2023-28406
A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated malicious user to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information ...
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Edge Gateway
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
NA
CVE-2023-28656
NGINX Management Suite may allow an authenticated malicious user to gain access to configuration objects outside of their assigned environment. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Nginx Instance Manager
F5 Nginx Security Monitoring
F5 Nginx Api Connectivity Manager
NA
CVE-2023-27727
Nginx NJS v0.7.10 exists to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.
F5 Njs 0.7.10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »