Vulnerabilities > F5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-19 | CVE-2022-41983 | Unspecified vulnerability in F5 products On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied. | 3.7 |
| 2022-09-15 | CVE-2022-38890 | Out-of-bounds Read vulnerability in F5 NJS 0.7.7 Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h | 5.5 |
| 2022-08-04 | CVE-2022-30535 | Unspecified vulnerability in F5 Nginx Ingress Controller In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. | 6.5 |
| 2022-08-04 | CVE-2022-31473 | Unspecified vulnerability in F5 Big-Ip Access Policy Manager In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps. | 7.7 |
| 2022-08-04 | CVE-2022-33203 | Unspecified vulnerability in F5 Big-Ip Access Policy Manager In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. | 7.5 |
| 2022-08-04 | CVE-2022-33947 | Deserialization of Untrusted Data vulnerability in F5 Big-Ip Domain Name System In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, a vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface (TMUI) that allows an authenticated attacker with at least operator role privileges to cause the Tomcat process to restart and perform unauthorized DNS requests and operations through undisclosed requests. | 6.5 |
| 2022-08-04 | CVE-2022-33962 | Unspecified vulnerability in F5 products In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass the access control restrictions for a self IP address, regardless of the port lockdown settings. | 6.7 |
| 2022-08-04 | CVE-2022-33968 | Unspecified vulnerability in F5 products In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, when an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use, undisclosed traffic can cause a buffer over-read. | 4.9 |
| 2022-08-04 | CVE-2022-34651 | Unspecified vulnerability in F5 products In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. | 7.5 |
| 2022-08-04 | CVE-2022-34655 | Use of Uninitialized Resource vulnerability in F5 products In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate. | 7.5 |