Vulnerabilities > F5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-04 | CVE-2022-35243 | Improper Privilege Management vulnerability in F5 products In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. | 9.1 |
| 2022-08-04 | CVE-2022-35245 | NULL Pointer Dereference vulnerability in F5 Big-Ip Access Policy Manager In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. | 7.5 |
| 2022-08-04 | CVE-2022-35272 | Improper Resource Shutdown or Release vulnerability in F5 products In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server, undisclosed traffic may cause the Traffic Management Microkernel (TMM) to produce a core file and the connection to terminate. | 5.5 |
| 2022-08-04 | CVE-2022-35728 | Insufficient Session Expiration vulnerability in F5 products In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. | 9.8 |
| 2022-08-04 | CVE-2022-35735 | Injection vulnerability in F5 products In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation. | 7.2 |
| 2022-07-18 | CVE-2022-34027 | Unspecified vulnerability in F5 NJS 0.7.4 Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c. | 7.5 |
| 2022-07-18 | CVE-2022-34028 | Unspecified vulnerability in F5 NJS 0.7.5 Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h. | 7.5 |
| 2022-07-18 | CVE-2022-34029 | Out-of-bounds Read vulnerability in F5 NJS 0.7.4 Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h. | 9.1 |
| 2022-07-18 | CVE-2022-34030 | Unspecified vulnerability in F5 NJS 0.7.5 Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c. | 7.5 |
| 2022-07-18 | CVE-2022-34031 | Unspecified vulnerability in F5 NJS 0.7.5 Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h. | 7.5 |