5.9
CVE-2024-28889 - BIG-IP SSL vulnerability
When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate.Β Β Note: Software versions which have reached End of Technicalβ¦
7.4
CVE-2024-32049 - BIG-IP Next Central Manager vulnerability
BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials.Β Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
4.7
CVE-2024-27202 - BIG-IP TMUI XSS vulnerability
A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.Β Note: Software versions which have reached End of Technical Support (EoTS) are not evaluβ¦
7.5
CVE-2024-25560 - TMM Vulnerability
When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
7.5
CVE-2024-33608 - BIG-IP IPsec vulnerability
When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
7.4
CVE-2024-28883 - BIG-IP APM browser network access VPN client vulnerability
An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
6.3
CVE-2024-4654 - BlueNet Technology Clinical Browsing System cloudInterface.php sql injection
A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation of the argument INSTI_CODE leads to sql injection. It is possible to initiate the attack remotely. Tβ¦
9.1
CVE-2024-32113 - Apache OFBiz: Path traversal leading to RCE
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue.
7.1
CVE-2024-3951 - Cross-site Scripting in PTC Codebeamer
PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code.
9.1
CVE-2024-32980 - Spin contains a potential network sandbox escape for specifically configured Spin applications
Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use `self` requests without a specified URL authority can be induced to make requests to arbitrary hosts via the `Host` HTTP headerβ¦