Vulnerabilities > F5 > High

DATE CVE VULNERABILITY TITLE RISK
2022-10-19 CVE-2022-41832 Unspecified vulnerability in F5 products
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization.
network
low complexity
f5
7.5
2022-10-19 CVE-2022-41833 Unspecified vulnerability in F5 products
In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5
7.5
2022-10-19 CVE-2022-41835 Unspecified vulnerability in F5 F5Os-A and F5Os-C
In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller.
local
low complexity
f5
8.8
2022-10-19 CVE-2022-41836 Unspecified vulnerability in F5 products
When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.
network
low complexity
f5
7.5
2022-08-04 CVE-2022-31473 Unspecified vulnerability in F5 Big-Ip Access Policy Manager
In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps.
network
low complexity
f5
7.7
2022-08-04 CVE-2022-33203 Unspecified vulnerability in F5 Big-Ip Access Policy Manager
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.
network
low complexity
f5
7.5
2022-08-04 CVE-2022-34651 Unspecified vulnerability in F5 products
In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5
7.5
2022-08-04 CVE-2022-34655 Use of Uninitialized Resource vulnerability in F5 products
In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-908
7.5
2022-08-04 CVE-2022-34844 Unspecified vulnerability in F5 products
In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5
7.5
2022-08-04 CVE-2022-34862 Infinite Loop vulnerability in F5 products
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-835
7.5