Vulnerabilities > F5 > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-09 | CVE-2023-27728 | Out-of-bounds Read vulnerability in F5 NJS 0.7.10 Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c. | 7.5 |
| 2023-04-09 | CVE-2023-27729 | Unspecified vulnerability in F5 NJS 0.7.10 Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c. | 7.5 |
| 2023-04-09 | CVE-2023-27730 | Out-of-bounds Read vulnerability in F5 NJS 0.7.10 Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c. | 7.5 |
| 2023-02-01 | CVE-2023-22281 | Use of Uninitialized Resource vulnerability in F5 Big-Ip Advanced Firewall Manager On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. | 7.5 |
| 2023-02-01 | CVE-2023-22323 | Allocation of Resources Without Limits or Throttling vulnerability in F5 products In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. | 7.5 |
| 2023-02-01 | CVE-2023-22340 | NULL Pointer Dereference vulnerability in F5 products On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. | 7.5 |
| 2023-02-01 | CVE-2023-22341 | NULL Pointer Dereference vulnerability in F5 Big-Ip Access Policy Manager On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization Endpoint set to '/' * An access profile that references the above OAuth profile and is associated with an HTTPS virtual server Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 |
| 2023-02-01 | CVE-2023-22358 | Uncontrolled Search Path Element vulnerability in F5 Big-Ip Access Policy Manager In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. | 7.8 |
| 2023-02-01 | CVE-2023-22374 | Use of Externally-Controlled Format String vulnerability in F5 products A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. | 8.5 |
| 2023-02-01 | CVE-2023-22422 | Classic Buffer Overflow vulnerability in F5 products On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. | 7.5 |