Vulnerabilities > F5

DATE CVE VULNERABILITY TITLE RISK
2020-08-26 CVE-2020-5912 Unspecified vulnerability in F5 products
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process's dump command does not follow current best coding practices and may overwrite arbitrary files.
local
low complexity
f5
7.1
7.1
2020-08-13 CVE-2020-24349 Use After Free vulnerability in F5 NJS
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c.
local
low complexity
f5 CWE-416
5.5
5.5
2020-08-13 CVE-2020-24348 Out-of-bounds Read vulnerability in F5 NJS
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
local
low complexity
f5 CWE-125
5.5
5.5
2020-08-13 CVE-2020-24347 Out-of-bounds Read vulnerability in F5 NJS
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
local
low complexity
f5 CWE-125
5.5
5.5
2020-08-13 CVE-2020-24346 Use After Free vulnerability in F5 NJS
njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.
local
low complexity
f5 CWE-416
7.8
7.8
2020-07-02 CVE-2020-5911 Unspecified vulnerability in F5 Nginx Controller
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.
network
low complexity
f5
7.3
7.3
2020-07-02 CVE-2020-5910 Missing Authentication for Critical Function vulnerability in F5 Nginx Controller
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
network
low complexity
f5 CWE-306
7.5
7.5
2020-07-02 CVE-2020-5909 Improper Certificate Validation vulnerability in F5 Nginx Controller
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
network
low complexity
f5 CWE-295
5.4
5.4
2020-07-01 CVE-2020-5908 Information Exposure Through Log Files vulnerability in F5 Big-Ip Access Policy Manager
In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, Edge Client for Linux exposes full session ID in the local log files.
local
low complexity
f5 CWE-532
5.5
5.5
2020-07-01 CVE-2020-5907 Unspecified vulnerability in F5 products
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an authorized user provided with access only to the TMOS Shell (tmsh) may be able to conduct arbitrary file read/writes via the built-in sftp functionality.
network
low complexity
f5
7.2
7.2