You are viewing this page in an unauthorized frame window.

This is a potential security issue, you are being redirected to https://nvd.nist.gov

You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.

U.S. flag An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2025-45468 - Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account.
    Published: May 22, 2025; 12:15:54 PM -0400

  • CVE-2025-61974 - When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    Published: October 15, 2025; 10:15:57 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-61960 - When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) ... read CVE-2025-61960
    Published: October 15, 2025; 10:15:57 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-61958 - A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a bash shell. For BIG-IP systems running in Appliance mode, a succes... read CVE-2025-61958
    Published: October 15, 2025; 10:15:57 AM -0400

    V3.1: 9.1 CRITICAL

  • CVE-2025-61955 - A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which ... read CVE-2025-61955
    Published: October 15, 2025; 10:15:56 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2025-61951 - Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. This issue may occur when a Datagram Transport Layer Security (DTLS) 1.2 virtual server is enabled with a Server SSL profile that is configured with a certificat... read CVE-2025-61951
    Published: October 15, 2025; 10:15:56 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-61938 - When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can termin... read CVE-2025-61938
    Published: October 15, 2025; 10:15:56 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-36632 - In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.
    Published: June 16, 2025; 10:15:21 AM -0400

  • CVE-2025-53521 - When a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    Published: October 15, 2025; 10:15:48 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-53856 - When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed traffic can cause the Traffic Management Microkernel (T... read CVE-2025-53856
    Published: October 15, 2025; 10:15:48 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-54805 - When an iRule is configured on a virtual server via the declarative API, upon re-instantiation, the cleanup process can cause an increase in the Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions which have ... read CVE-2025-54805
    Published: October 15, 2025; 10:15:49 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2025-54858 - When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate... read CVE-2025-54858
    Published: October 15, 2025; 10:15:50 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-55036 - When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption. Note: Software versions which have reached End of Technical Support (... read CVE-2025-55036
    Published: October 15, 2025; 10:15:51 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-46158 - An issue in redoxOS kernel before commit 5d41cd7c allows a local attacker to cause a denial of service via the `setitimer` syscall
    Published: June 20, 2025; 2:15:28 PM -0400

  • CVE-2025-10556 - A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's... read CVE-2025-10556
    Published: October 13, 2025; 4:15:39 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2025-54854 - When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS)... read CVE-2025-54854
    Published: October 15, 2025; 10:15:50 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-10557 - A stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in use... read CVE-2025-10557
    Published: October 13, 2025; 4:15:39 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2025-54755 - A directory traversal vulnerability exists in TMUI that allows an authenticated attacker to access files which are not limited to the intended files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    Published: October 15, 2025; 10:15:49 AM -0400

    V3.1: 4.9 MEDIUM

  • CVE-2025-54479 - When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Su... read CVE-2025-54479
    Published: October 15, 2025; 10:15:49 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-53868 - When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Suppo... read CVE-2025-53868
    Published: October 15, 2025; 10:15:48 AM -0400

    V3.1: 9.1 CRITICAL

Created September 20, 2022 , Updated August 27, 2024

AltStyle によって変換されたページ (->オリジナル) /