f5
1,031 tracked vulnerabilities.
CVE-2022-26835
MEDIUM
F5 BIG-IP Path Traversal in iControl REST and TMOS Shell
May 05, 2022
CVSS 4.9
EPSS 0.02
CVE-2022-26517
MEDIUM
F5 BIG-IP <15.1.5.1, 14.1.4.6, 13.1.5 - DoS
May 05, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-26415
HIGH
F5 BIG-IP 12.1.x-16.1.x - Authenticated Appliance Mode Restriction Bypass via iControl REST Endpoint
May 05, 2022
CVSS 7.7
EPSS 0.01
CVE-2022-26372
HIGH
F5 BIG-IP <15.1.0.2, <14.1.4.6, <13.1.5, <=12.1.x, <=11.6.x - DoS
May 05, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-26370
MEDIUM
F5 BIG-IP <16.1.2.2, 15.1.5, 14.1.4.6 - DoS
May 05, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-26340
MEDIUM
F5 BIG-IP/BIG-IQ Authenticated Certificate and Key File Access via SCP
May 05, 2022
CVSS 4.9
EPSS 0.00
CVE-2022-26130
MEDIUM
F5 BIG-IP <16.1.2.2, 15.1.5.1, 14.1.4.6, 13.1.5 - DoS
May 05, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-26071
HIGH
F5 BIG-IP <16.1.2.2, <15.1.5.1, <14.1.4.6, <13.1.5, <=11.6.x - DoS
May 05, 2022
CVSS 7.4
EPSS 0.01
CVE-2022-25990
MEDIUM
F5OS-A 1.0.x - Exposure of Sensitive Information via Registry Ports
May 05, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-25946
HIGH
F5 BIG-IP Advanced WAF, ASM, and GC <9.0 - Auth Bypass
May 05, 2022
CVSS 8.7
EPSS 0.00
CVE-2022-1468
MEDIUM
F5 BIG-IP APM 17.0.x-11.6.x - Authenticated DoS via iControl REST
May 05, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-1389
LOW
F5 BIG-IP 11.6.x-16.1.x - Cross-Site Request Forgery in Configuration Utility
May 05, 2022
CVSS 3.1
EPSS 0.00
CVE-2022-1388
CRITICAL
KEVNUCLEI
F5 BIG-IP iControl RCE via REST Authentication Bypass
May 05, 2022
CVSS 9.8
EPSS 1.00
CVE-2022-28049
MEDIUM
NGINX NJS 0.7.2 - NULL Pointer Dereference in njs_vmcode_array
Apr 15, 2022
CVSS 5.5
EPSS 0.01
CVE-2022-27008
HIGH
nginx njs 0.7.2 - Buffer Overflow in Array.prototype.concat()
Apr 14, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-27007
CRITICAL
nginx njs 0.7.2 - Use-After-Free in njs_function_frame_alloc()
Apr 14, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-25139
CRITICAL
njs < 0.7.2 - Use-After-Free in njs_await_fulfilled
Feb 14, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-23032
MEDIUM
F5 BIG-IP APM <11.6.5 & Client <7.1.9 DNS Rebinding via Proxy
Jan 25, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-23031
MEDIUM
F5 BIG-IP Advanced WAF/ASM/FPS 14.1.0-14.1.4/15.1.0-15.1.4/16.1.0-16.1.1 - Authenticated XML External Entity Injection
Jan 25, 2022
CVSS 4.9
EPSS 0.01
CVE-2022-23030
MEDIUM
F5 BIG-IP 13.1.0-13.1.3, 14.1.0-14.1.4.4, 15.1.0-15.1.4, 16.1.0-16.1.1 - Resource Consumption via ixlv Driver
Jan 25, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-23029
MEDIUM
F5 BIG-IP 11.6.1-11.6.5 - Time-of-check Time-of-use Race Condition
Jan 25, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-23028
MEDIUM
BIG-IP AFM 13.1.x-16.x - Denial of Service via SYN Cookie Protection
Jan 25, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-23027
MEDIUM
F5 BIG-IP 12.1.5.3-12.1.6 - Denial of Service via FastL4 and HTTP/FIX/Hash Persistence Profile Conflict
Jan 25, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-23026
MEDIUM
BIG-IP ASM & Advanced WAF 12.1.0-12.1.5 - Authenticated Unrestricted File Upload via REST Endpoint
Jan 25, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-23025
HIGH
F5 BIG-IP 13.1.0-13.1.3 - Denial of Service via SIP ALG Profile
Jan 25, 2022
CVSS 7.5
EPSS 0.01
Products
big-ip_access_policy_manager 628
big-ip_application_security_manager 581
big-ip_advanced_firewall_manager 552
big-ip_local_traffic_manager 541
big-ip_policy_enforcement_manager 533
big-ip_link_controller 525
big-ip_application_acceleration_manager 524
big-ip_analytics 511
big-ip_global_traffic_manager 490
big-ip_domain_name_system 469
big-ip_fraud_protection_service 405
big-ip_webaccelerator 297
big-ip_edge_gateway 293
big-ip_advanced_web_application_firewall 195
big-ip_websafe 175
big-ip_ddos_hybrid_defender 166
big-ip_ssl_orchestrator 147
big-ip_carrier-grade_nat 109
big-ip_application_visibility_and_reporting 108
big-ip_container_ingress_services 86
big-ip_automation_toolchain 85
big-iq_centralized_management 85
big-ip_protocol_security_module 61
BIG-IP 46
nginx 42
njs 40
enterprise_manager 39
big-ip_wan_optimization_manager 38
traffix_signaling_delivery_controller 31
ssl_orchestrator 27
Quick Filters