Vulnerabilities > F5 > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-03 | CVE-2023-28742 | Unspecified vulnerability in F5 Big-Ip Domain Name System When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 8.8 |
2023-04-09 | CVE-2023-27727 | Out-of-bounds Read vulnerability in F5 NJS 0.7.10 Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h. | 7.5 |
2023-04-09 | CVE-2023-27728 | Out-of-bounds Read vulnerability in F5 NJS 0.7.10 Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c. | 7.5 |
2023-04-09 | CVE-2023-27729 | Unspecified vulnerability in F5 NJS 0.7.10 Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c. | 7.5 |
2023-04-09 | CVE-2023-27730 | Out-of-bounds Read vulnerability in F5 NJS 0.7.10 Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c. | 7.5 |
2023-02-01 | CVE-2023-22281 | Use of Uninitialized Resource vulnerability in F5 Big-Ip Advanced Firewall Manager On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. | 7.5 |
2023-02-01 | CVE-2023-22323 | Allocation of Resources Without Limits or Throttling vulnerability in F5 products In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. | 7.5 |
2023-02-01 | CVE-2023-22340 | NULL Pointer Dereference vulnerability in F5 products On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. | 7.5 |
2023-02-01 | CVE-2023-22341 | NULL Pointer Dereference vulnerability in F5 Big-Ip Access Policy Manager On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization Endpoint set to '/' * An access profile that references the above OAuth profile and is associated with an HTTPS virtual server Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 |
2023-02-01 | CVE-2023-22358 | Uncontrolled Search Path Element vulnerability in F5 Big-Ip Access Policy Manager In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. | 7.8 |