Vulnerabilities > F5 > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-21 CVE-2022-31306 Use After Free vulnerability in F5 NJS 0.7.2
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c.
local
low complexity
f5 CWE-416
5.5
2022-06-21 CVE-2022-31307 Use After Free vulnerability in F5 NJS 0.7.2
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c.
local
low complexity
f5 CWE-416
5.5
2022-06-21 CVE-2022-32414 Use After Free vulnerability in F5 NJS 0.7.2
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c.
local
low complexity
f5 CWE-416
5.5
2022-05-05 CVE-2022-1389 Unspecified vulnerability in F5 products
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request forgery (CSRF) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.
network
low complexity
f5
4.3
2022-05-05 CVE-2022-1468 Unspecified vulnerability in F5 products
On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated iControl REST user with at least guest role privileges can cause processing delays to iControl REST requests via undisclosed requests.
network
low complexity
f5
4.3
2022-05-05 CVE-2022-25946 Unspecified vulnerability in F5 products
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration.
network
low complexity
f5
6.5
2022-05-05 CVE-2022-25990 Unspecified vulnerability in F5 F5Os-A 1.0.0
On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally.
network
low complexity
f5
5.3
2022-05-05 CVE-2022-26130 Unspecified vulnerability in F5 products
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an Active mode-enabled FTP profile is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing active FTP data channel connections.
network
low complexity
f5
5.3
2022-05-05 CVE-2022-26340 Unspecified vulnerability in F5 products
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, an authenticated, high-privileged attacker with no bash access may be able to access Certificate and Key files using Secure Copy (SCP) protocol from a remote system.
network
low complexity
f5
4.9
2022-05-05 CVE-2022-26835 Unspecified vulnerability in F5 products
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell (tmsh) commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files.
network
low complexity
f5
4.9