Vulnerabilities > F5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-07 | CVE-2022-41622 | Cross-Site Request Forgery (CSRF) vulnerability in F5 products In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. | 8.8 |
2022-12-07 | CVE-2022-41800 | Command Injection vulnerability in F5 products In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. | 8.7 |
2022-10-28 | CVE-2022-43284 | Unspecified vulnerability in F5 NJS 0.7.2/0.7.3/0.7.4 ** DISPUTED ** Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. | 7.5 |
2022-10-28 | CVE-2022-43285 | Unspecified vulnerability in F5 NJS 0.7.4 ** DISPUTED ** Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. | 7.5 |
2022-10-28 | CVE-2022-43286 | Use After Free vulnerability in F5 NJS 0.7.2 Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c. | 9.8 |
2022-10-21 | CVE-2022-3638 | Memory Leak vulnerability in F5 Nginx A vulnerability was found in Nginx and classified as problematic. | 7.5 |
2022-10-19 | CVE-2022-36795 | Incorrect Calculation vulnerability in F5 products In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. | 7.5 |
2022-10-19 | CVE-2022-41617 | Command Injection vulnerability in F5 Big-Ip Application Security Manager In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface. | 7.2 |
2022-10-19 | CVE-2022-41624 | Memory Leak vulnerability in F5 products In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. | 7.5 |
2022-10-19 | CVE-2022-41691 | Release of Invalid Pointer or Reference vulnerability in F5 Big-Ip Application Security Manager When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. | 7.5 |