Vulnerabilities > F5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-15 | CVE-2022-28049 | NULL Pointer Dereference vulnerability in F5 NJS 0.7.2 NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c. | 5.5 |
| 2022-04-14 | CVE-2022-27007 | Use After Free vulnerability in F5 NJS 0.7.2 nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save(). | 9.8 |
| 2022-04-14 | CVE-2022-27008 | Classic Buffer Overflow vulnerability in F5 NJS 0.7.2 nginx njs 0.7.2 is vulnerable to Buffer Overflow. | 7.5 |
| 2022-03-23 | CVE-2021-3618 | Improper Certificate Validation vulnerability in multiple products ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. | 7.4 |
| 2022-02-14 | CVE-2021-46462 | Unspecified vulnerability in F5 NJS njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c. | 7.5 |
| 2022-02-14 | CVE-2021-46463 | Type Confusion vulnerability in F5 NJS njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then(). | 9.8 |
| 2022-02-14 | CVE-2022-25139 | Use After Free vulnerability in F5 NJS njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled. | 9.8 |
| 2022-01-25 | CVE-2022-23008 | Cross-site Scripting vulnerability in F5 Nginx Controller API Management 3.18.0/3.19.0 On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. | 5.4 |
| 2022-01-25 | CVE-2022-23009 | Incorrect Authorization vulnerability in F5 Big-Iq Centralized Management 8.0.0 On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. | 7.2 |
| 2022-01-25 | CVE-2022-23010 | Improper Resource Shutdown or Release vulnerability in F5 products On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile and an HTTP profile are configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. | 7.5 |