Vulnerabilities > F5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-19 | CVE-2022-41835 | Improper Privilege Management vulnerability in F5 F5Os-A and F5Os-C In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller. | 8.8 |
2022-10-19 | CVE-2022-41836 | Unspecified vulnerability in F5 products When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. | 7.5 |
2022-10-19 | CVE-2022-41983 | Cleartext Transmission of Sensitive Information vulnerability in F5 products On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied. | 3.7 |
2022-09-15 | CVE-2022-38890 | Out-of-bounds Read vulnerability in F5 NJS 0.7.7 Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h | 5.5 |
2022-08-04 | CVE-2022-32455 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in F5 products In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. | 7.5 |
2022-07-18 | CVE-2022-34027 | Unspecified vulnerability in F5 NJS 0.7.4 Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c. | 7.5 |
2022-06-21 | CVE-2022-31306 | Use After Free vulnerability in F5 NJS 0.7.2 Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c. | 4.3 |
2022-06-21 | CVE-2022-31307 | Use After Free vulnerability in F5 NJS 0.7.2 Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c. | 4.3 |
2022-06-21 | CVE-2022-32414 | Use After Free vulnerability in F5 NJS 0.7.2 Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c. | 4.3 |
2022-05-25 | CVE-2022-29379 | Out-of-bounds Write vulnerability in F5 NJS 0.7.3 Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. | 9.8 |