Vulnerabilities > F5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-19 | CVE-2022-41835 | Improper Privilege Management vulnerability in F5 F5Os-A and F5Os-C In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller. | 8.8 |
| 2022-10-19 | CVE-2022-41836 | Unspecified vulnerability in F5 products When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. | 7.5 |
| 2022-10-19 | CVE-2022-41983 | Cleartext Transmission of Sensitive Information vulnerability in F5 products On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied. | 3.7 |
| 2022-09-15 | CVE-2022-38890 | Out-of-bounds Read vulnerability in F5 NJS 0.7.7 Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h | 5.5 |
| 2022-08-04 | CVE-2022-30535 | Improper Input Validation vulnerability in F5 Nginx Ingress Controller In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. | 6.5 |
| 2022-08-04 | CVE-2022-31473 | Path Traversal vulnerability in F5 Big-Ip Access Policy Manager 15.1.0.2/16.1.0 In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps. | 7.7 |
| 2022-08-04 | CVE-2022-32455 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in F5 products In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. | 7.5 |
| 2022-08-04 | CVE-2022-33203 | Resource Exhaustion vulnerability in F5 Big-Ip Access Policy Manager In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. | 7.5 |
| 2022-08-04 | CVE-2022-33947 | Deserialization of Untrusted Data vulnerability in F5 Big-Ip Domain Name System In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, a vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface (TMUI) that allows an authenticated attacker with at least operator role privileges to cause the Tomcat process to restart and perform unauthorized DNS requests and operations through undisclosed requests. | 6.5 |
| 2022-08-04 | CVE-2022-33962 | Improper Privilege Management vulnerability in F5 products In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass the access control restrictions for a self IP address, regardless of the port lockdown settings. | 6.7 |