F5

Big-ip Next Cloud-native Network Functions

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-60016

  • EPSS 0.11%
  • Veröffentlicht 15.10.2025 13:55:44
  • Zuletzt bearbeitet 22.10.2025 21:06:10

When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group, and that profile is applied to a virtual server, undisclosed traffic can cause the Traffic Management Mi...

7.5

CVE-2025-54500

Medienbericht
  • EPSS 0.11%
  • Veröffentlicht 13.08.2025 14:46:55
  • Zuletzt bearbeitet 03.11.2025 20:19:14

An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack).  Note: Software versions which have reached End of Technical Su...

8.7

CVE-2025-41414

  • EPSS 0.11%
  • Veröffentlicht 07.05.2025 22:15:20
  • Zuletzt bearbeitet 21.10.2025 18:43:21

When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

8.7

CVE-2025-41399

Medienbericht
  • EPSS 0.09%
  • Veröffentlicht 07.05.2025 22:15:20
  • Zuletzt bearbeitet 21.10.2025 18:43:09

When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are no...

8.7

CVE-2025-36557

  • EPSS 0.09%
  • Veröffentlicht 07.05.2025 22:15:20
  • Zuletzt bearbeitet 06.08.2025 18:14:59

When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (...

8.7

CVE-2025-36504

  • EPSS 0.09%
  • Veröffentlicht 07.05.2025 22:15:19
  • Zuletzt bearbeitet 21.10.2025 18:42:48

When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.7

CVE-2025-24312

  • EPSS 0.34%
  • Veröffentlicht 05.02.2025 18:15:34
  • Zuletzt bearbeitet 12.11.2025 16:38:01

When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU resource utilization.   Note: Software versions whi...

7.5

CVE-2024-41164

  • EPSS 0.67%
  • Veröffentlicht 14.08.2024 15:15:27
  • Zuletzt bearbeitet 19.08.2024 18:39:06

When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical...

4.4

CVE-2024-28132

  • EPSS 0.05%
  • Veröffentlicht 08.05.2024 15:15:09
  • Zuletzt bearbeitet 06.08.2025 14:57:45

Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are ...

7.5

CVE-2024-25560

  • EPSS 0.36%
  • Veröffentlicht 08.05.2024 15:15:08
  • Zuletzt bearbeitet 21.10.2025 11:40:17

When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.