VYPR

Big IP

by F5, Inc.

CVEs (626)

  • CVE-2021-22992Mar 31, 2021
    risk 0.01cvss epss 0.73

    On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, a malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server with Login Page configured in its policy…

  • CVE-2020-5903Jul 1, 2020
    risk 0.01cvss epss 0.02

    In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.

  • CVE-2014-8730Dec 10, 2014
    risk 0.01cvss epss 0.14

    The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 10.1.0 through 10.2.4 and 11.0.0 through…

  • CVE-2013-0150Aug 9, 2013
    risk 0.01cvss epss 0.06

    Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to…

  • CVE-1999-1550Nov 8, 1999
    risk 0.01cvss epss 0.09

    bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter.

  • CVE-2026-22548Feb 4, 2026
    risk 0.00cvss epss 0.00

    When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are…

  • CVE-2026-20732Feb 4, 2026
    risk 0.00cvss epss 0.00

    A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2025-61990Oct 15, 2025
    risk 0.00cvss epss 0.00

    When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2025-61933Oct 15, 2025
    risk 0.00cvss epss 0.00

    A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user.  Note: Software versions which have reached End of Technical Support (EoTS) are not…

  • CVE-2025-58071Oct 15, 2025
    risk 0.00cvss epss 0.00

    When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2025-61935Oct 15, 2025
    risk 0.00cvss epss 0.00

    When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2025-54755Oct 15, 2025
    risk 0.00cvss epss 0.01

    A directory traversal vulnerability exists in TMUI that allows a highly privileged authenticated attacker to access files which are not limited to the intended files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2025-59483Oct 15, 2025
    risk 0.00cvss epss 0.00

    A validation vulnerability exists in an undisclosed URL in the Configuration utility.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2025-61974Oct 15, 2025
    risk 0.00cvss epss 0.00

    When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2025-59481Oct 15, 2025
    risk 0.00cvss epss 0.00

    A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges.  A successful exploit can allow the…

  • CVE-2025-61960Oct 15, 2025
    risk 0.00cvss epss 0.00

    When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2025-54854Oct 15, 2025
    risk 0.00cvss epss 0.00

    When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2025-61958Oct 15, 2025
    risk 0.00cvss epss 0.00

    A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a bash shell.  For BIG-IP systems running in Appliance mode, a successful exploit can allow the…

  • CVE-2025-58096Oct 15, 2025
    risk 0.00cvss epss 0.00

    When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS)…

  • CVE-2025-54858Oct 15, 2025
    risk 0.00cvss epss 0.00

    When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate.  Note: Software versions…

Page 8 of 32