Vulnerabilities > F5 > High

DATE CVE VULNERABILITY TITLE RISK
2022-10-28 CVE-2022-43285 Unspecified vulnerability in F5 NJS 0.7.4
Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job.
network
low complexity
f5
7.5
2022-10-19 CVE-2022-36795 Unspecified vulnerability in F5 products
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections.
network
low complexity
f5
7.5
2022-10-19 CVE-2022-41617 Unspecified vulnerability in F5 Big-Ip Application Security Manager
In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface.
network
low complexity
f5
7.2
2022-10-19 CVE-2022-41624 Unspecified vulnerability in F5 products
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization.
network
low complexity
f5
7.5
2022-10-19 CVE-2022-41691 Unspecified vulnerability in F5 Big-Ip Application Security Manager
When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.
network
low complexity
f5
7.5
2022-10-19 CVE-2022-41741 Out-of-bounds Write vulnerability in multiple products
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file.
local
low complexity
f5 fedoraproject debian CWE-787
7.8
2022-10-19 CVE-2022-41742 Out-of-bounds Write vulnerability in multiple products
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file.
local
low complexity
f5 fedoraproject debian CWE-787
7.1
2022-10-19 CVE-2022-41743 Unspecified vulnerability in F5 Nginx Ingress Controller and Nginx Plus
NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file.
local
high complexity
f5
7.0
2022-10-19 CVE-2022-41787 Unspecified vulnerability in F5 Big-Ip Local Traffic Manager
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with DNSSEC can cause TMM to terminate.
network
low complexity
f5
7.5
2022-10-19 CVE-2022-41806 Resource Exhaustion vulnerability in F5 Big-Ip Advanced Firewall Manager
In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.
network
low complexity
f5 CWE-400
7.5