Vulnerabilities > F5

DATE CVE VULNERABILITY TITLE RISK
2022-06-21 CVE-2022-31306 Use After Free vulnerability in F5 NJS 0.7.2
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c.
network
f5 CWE-416
4.3
2022-06-21 CVE-2022-31307 Use After Free vulnerability in F5 NJS 0.7.2
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c.
network
f5 CWE-416
4.3
2022-06-21 CVE-2022-32414 Use After Free vulnerability in F5 NJS 0.7.2
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c.
network
f5 CWE-416
4.3
2022-05-25 CVE-2022-29379 Out-of-bounds Write vulnerability in F5 NJS 0.7.3
** DISPUTED ** Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c.
network
low complexity
f5 CWE-787
7.5
2022-05-12 CVE-2022-29369 Improper Check for Unusual or Exceptional Conditions vulnerability in F5 NJS 0.7.2
Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c.
network
low complexity
f5 CWE-754
5.0
2022-05-05 CVE-2022-1388 Missing Authentication for Critical Function vulnerability in F5 products
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication.
network
low complexity
f5 CWE-306
7.5
2022-05-05 CVE-2022-1389 Cross-Site Request Forgery (CSRF) vulnerability in F5 products
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request forgery (CSRF) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.
network
f5 CWE-352
4.3
2022-05-05 CVE-2022-1468 Resource Exhaustion vulnerability in F5 products
On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated iControl REST user with at least guest role privileges can cause processing delays to iControl REST requests via undisclosed requests.
network
low complexity
f5 CWE-400
4.0
2022-05-05 CVE-2022-25946 Improper Validation of Integrity Check Value vulnerability in F5 products
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration.
network
f5 CWE-354
4.9
2022-05-05 CVE-2022-25990 Information Exposure vulnerability in F5 F5Os-A 1.0.0
On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally.
network
low complexity
f5 CWE-200
5.0