Vulnerabilities > F5 > High

DATE CVE VULNERABILITY TITLE RISK
2023-05-03 CVE-2023-28742 Unspecified vulnerability in F5 Big-Ip Domain Name System
When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
network
low complexity
f5
8.8
2023-04-09 CVE-2023-27727 Out-of-bounds Read vulnerability in F5 NJS 0.7.10
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.
network
low complexity
f5 CWE-125
7.5
2023-04-09 CVE-2023-27728 Out-of-bounds Read vulnerability in F5 NJS 0.7.10
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.
network
low complexity
f5 CWE-125
7.5
2023-04-09 CVE-2023-27729 Unspecified vulnerability in F5 NJS 0.7.10
Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.
network
low complexity
f5
7.5
2023-04-09 CVE-2023-27730 Out-of-bounds Read vulnerability in F5 NJS 0.7.10
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c.
network
low complexity
f5 CWE-125
7.5
2023-02-01 CVE-2023-22281 Use of Uninitialized Resource vulnerability in F5 Big-Ip Advanced Firewall Manager
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-908
7.5
2023-02-01 CVE-2023-22323 Allocation of Resources Without Limits or Throttling vulnerability in F5 products
In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization.
network
low complexity
f5 CWE-770
7.5
2023-02-01 CVE-2023-22340 NULL Pointer Dereference vulnerability in F5 products
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate.
network
low complexity
f5 CWE-476
7.5
2023-02-01 CVE-2023-22341 NULL Pointer Dereference vulnerability in F5 Big-Ip Access Policy Manager
On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization Endpoint set to '/' * An access profile that references the above OAuth profile and is associated with an HTTPS virtual server Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
network
low complexity
f5 CWE-476
7.5
2023-02-01 CVE-2023-22358 Uncontrolled Search Path Element vulnerability in F5 Big-Ip Access Policy Manager
In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer.
local
low complexity
f5 CWE-427
7.8