Vulnerabilities > F5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-10 | CVE-2021-23022 | Incorrect Permission Assignment for Critical Resource vulnerability in F5 products On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. | 7.2 |
| 2021-06-10 | CVE-2021-23023 | Uncontrolled Search Path Element vulnerability in F5 Big-Ip Access Policy Manager On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. | 6.9 |
| 2021-06-10 | CVE-2021-23024 | Unspecified vulnerability in F5 Big-Iq Centralized Management On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. | 9.0 |
| 2021-06-06 | CVE-2017-20005 | Integer Overflow or Wraparound vulnerability in multiple products NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module. | 7.5 |
| 2021-06-01 | CVE-2021-23017 | Off-by-one Error vulnerability in multiple products A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. | 7.7 |
| 2021-06-01 | CVE-2021-23019 | Insufficiently Protected Credentials vulnerability in F5 Nginx Controller The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package. | 6.9 |
| 2021-06-01 | CVE-2021-23020 | Use of Insufficiently Random Values vulnerability in F5 Nginx Controller The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys. | 2.1 |
| 2021-06-01 | CVE-2021-23021 | Incorrect Permission Assignment for Critical Resource vulnerability in F5 Nginx Controller The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644. | 2.1 |
| 2021-06-01 | CVE-2021-23018 | Cleartext Transmission of Sensitive Information vulnerability in F5 Nginx Controller Intra-cluster communication does not use TLS. | 5.8 |
| 2021-05-10 | CVE-2021-23009 | Infinite Loop vulnerability in F5 products On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic. | 5.0 |