Vulnerabilities > F5 > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-03 | CVE-2023-28656 | Authorization Bypass Through User-Controlled Key vulnerability in F5 products NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 8.1 |
| 2023-05-03 | CVE-2023-28724 | Incorrect Default Permissions vulnerability in F5 products NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.1 |
| 2023-05-03 | CVE-2023-28742 | OS Command Injection vulnerability in F5 Big-Ip Domain Name System When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 8.8 |
| 2023-05-03 | CVE-2023-29163 | Memory Leak vulnerability in F5 products When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 |
| 2023-04-09 | CVE-2023-27727 | Out-of-bounds Read vulnerability in F5 NJS 0.7.10 Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h. | 7.5 |
| 2023-04-09 | CVE-2023-27728 | Out-of-bounds Read vulnerability in F5 NJS 0.7.10 Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c. | 7.5 |
| 2023-04-09 | CVE-2023-27729 | Unspecified vulnerability in F5 NJS 0.7.10 Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c. | 7.5 |
| 2023-04-09 | CVE-2023-27730 | Out-of-bounds Read vulnerability in F5 NJS 0.7.10 Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c. | 7.5 |
| 2023-02-01 | CVE-2023-22281 | Use of Uninitialized Resource vulnerability in F5 Big-Ip Advanced Firewall Manager On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. | 7.5 |
| 2023-02-01 | CVE-2023-22323 | Allocation of Resources Without Limits or Throttling vulnerability in F5 products In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. | 7.5 |