Vulnerabilities > F5

DATE CVE VULNERABILITY TITLE RISK
2022-12-07 CVE-2022-41622 Cross-Site Request Forgery (CSRF) vulnerability in F5 products
In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.
network
low complexity
f5 CWE-352
8.8
2022-12-07 CVE-2022-41800 Command Injection vulnerability in F5 products
In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint.
network
low complexity
f5 CWE-77
8.7
2022-10-28 CVE-2022-43284 Unspecified vulnerability in F5 NJS 0.7.2/0.7.3/0.7.4
** DISPUTED ** Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h.
network
low complexity
f5
7.5
2022-10-28 CVE-2022-43285 Unspecified vulnerability in F5 NJS 0.7.4
** DISPUTED ** Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job.
network
low complexity
f5
7.5
2022-10-28 CVE-2022-43286 Use After Free vulnerability in F5 NJS 0.7.2
Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.
network
low complexity
f5 CWE-416
critical
9.8
2022-10-21 CVE-2022-3638 Memory Leak vulnerability in F5 Nginx
A vulnerability was found in Nginx and classified as problematic.
network
low complexity
f5 CWE-401
7.5
2022-10-19 CVE-2022-36795 Incorrect Calculation vulnerability in F5 products
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections.
network
low complexity
f5 CWE-682
7.5
2022-10-19 CVE-2022-41617 Command Injection vulnerability in F5 Big-Ip Application Security Manager
In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface.
network
low complexity
f5 CWE-77
7.2
2022-10-19 CVE-2022-41624 Memory Leak vulnerability in F5 products
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization.
network
low complexity
f5 CWE-401
7.5
2022-10-19 CVE-2022-41691 Release of Invalid Pointer or Reference vulnerability in F5 Big-Ip Application Security Manager
When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.
network
low complexity
f5 CWE-763
7.5