Vulnerabilities > F5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-14 | CVE-2021-46463 | Type Confusion vulnerability in F5 NJS njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then(). | 7.5 |
| 2022-02-14 | CVE-2022-25139 | Use After Free vulnerability in F5 NJS njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled. | 7.5 |
| 2022-01-25 | CVE-2022-23008 | Cross-site Scripting vulnerability in F5 Nginx Controller API Management 3.18.0/3.19.0 On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. | 5.4 |
| 2022-01-25 | CVE-2022-23009 | Incorrect Authorization vulnerability in F5 Big-Iq Centralized Management 8.0.0 On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. | 9.0 |
| 2022-01-25 | CVE-2022-23010 | Improper Resource Shutdown or Release vulnerability in F5 products On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile and an HTTP profile are configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. | 7.1 |
| 2022-01-25 | CVE-2022-23011 | Incorrect Calculation vulnerability in F5 products On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 and 14.1.x before 14.1.3, virtual servers may stop responding while processing TCP traffic due to an issue in the SYN Cookie Protection feature. | 5.0 |
| 2022-01-25 | CVE-2022-23012 | Double Free vulnerability in F5 products On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. | 7.1 |
| 2022-01-25 | CVE-2022-23013 | Cross-site Scripting vulnerability in F5 Big-Ip Domain Name System On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. | 4.3 |
| 2022-01-25 | CVE-2022-23014 | Improper Input Validation vulnerability in F5 Big-Ip Access Policy Manager On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP APM portal access is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. | 6.8 |
| 2022-01-25 | CVE-2022-23015 | Resource Exhaustion vulnerability in F5 products On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14.1.2.6-14.1.4.4, when a Client SSL profile is configured on a virtual server with Client Certificate Authentication set to request/require and Session Ticket enabled and configured, processing SSL traffic can cause an increase in memory resource utilization. | 7.1 |