Vulnerabilities > F5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-21 | CVE-2022-31306 | Use After Free vulnerability in F5 NJS 0.7.2 Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c. | 4.3 |
| 2022-06-21 | CVE-2022-31307 | Use After Free vulnerability in F5 NJS 0.7.2 Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c. | 4.3 |
| 2022-06-21 | CVE-2022-32414 | Use After Free vulnerability in F5 NJS 0.7.2 Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c. | 4.3 |
| 2022-05-25 | CVE-2022-29379 | Out-of-bounds Write vulnerability in F5 NJS 0.7.3 ** DISPUTED ** Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. | 7.5 |
| 2022-05-12 | CVE-2022-29369 | Improper Check for Unusual or Exceptional Conditions vulnerability in F5 NJS 0.7.2 Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c. | 5.0 |
| 2022-05-05 | CVE-2022-1388 | Missing Authentication for Critical Function vulnerability in F5 products On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. | 7.5 |
| 2022-05-05 | CVE-2022-1389 | Cross-Site Request Forgery (CSRF) vulnerability in F5 products On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request forgery (CSRF) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. | 4.3 |
| 2022-05-05 | CVE-2022-1468 | Resource Exhaustion vulnerability in F5 products On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated iControl REST user with at least guest role privileges can cause processing delays to iControl REST requests via undisclosed requests. | 4.0 |
| 2022-05-05 | CVE-2022-25946 | Improper Validation of Integrity Check Value vulnerability in F5 products On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. | 4.9 |
| 2022-05-05 | CVE-2022-25990 | Information Exposure vulnerability in F5 F5Os-A 1.0.0 On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. | 5.0 |