f5

1,031 tracked vulnerabilities.

CVE-2022-26835 MEDIUM
F5 BIG-IP Path Traversal in iControl REST and TMOS Shell
May 05, 2022
CVSS 4.9
EPSS 0.02
CVE-2022-26517 MEDIUM
F5 BIG-IP <15.1.5.1, 14.1.4.6, 13.1.5 - DoS
May 05, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-26415 HIGH
F5 BIG-IP 12.1.x-16.1.x - Authenticated Appliance Mode Restriction Bypass via iControl REST Endpoint
May 05, 2022
CVSS 7.7
EPSS 0.01
CVE-2022-26372 HIGH
F5 BIG-IP <15.1.0.2, <14.1.4.6, <13.1.5, <=12.1.x, <=11.6.x - DoS
May 05, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-26370 MEDIUM
F5 BIG-IP <16.1.2.2, 15.1.5, 14.1.4.6 - DoS
May 05, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-26340 MEDIUM
F5 BIG-IP/BIG-IQ Authenticated Certificate and Key File Access via SCP
May 05, 2022
CVSS 4.9
EPSS 0.00
CVE-2022-26130 MEDIUM
F5 BIG-IP <16.1.2.2, 15.1.5.1, 14.1.4.6, 13.1.5 - DoS
May 05, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-26071 HIGH
F5 BIG-IP <16.1.2.2, <15.1.5.1, <14.1.4.6, <13.1.5, <=11.6.x - DoS
May 05, 2022
CVSS 7.4
EPSS 0.01
CVE-2022-25990 MEDIUM
F5OS-A 1.0.x - Exposure of Sensitive Information via Registry Ports
May 05, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-25946 HIGH
F5 BIG-IP Advanced WAF, ASM, and GC <9.0 - Auth Bypass
May 05, 2022
CVSS 8.7
EPSS 0.00
CVE-2022-1468 MEDIUM
F5 BIG-IP APM 17.0.x-11.6.x - Authenticated DoS via iControl REST
May 05, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-1389 LOW
F5 BIG-IP 11.6.x-16.1.x - Cross-Site Request Forgery in Configuration Utility
May 05, 2022
CVSS 3.1
EPSS 0.00
CVE-2022-1388 CRITICAL KEVNUCLEI
F5 BIG-IP iControl RCE via REST Authentication Bypass
May 05, 2022
CVSS 9.8
EPSS 1.00
CVE-2022-28049 MEDIUM
NGINX NJS 0.7.2 - NULL Pointer Dereference in njs_vmcode_array
Apr 15, 2022
CVSS 5.5
EPSS 0.01
CVE-2022-27008 HIGH
nginx njs 0.7.2 - Buffer Overflow in Array.prototype.concat()
Apr 14, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-27007 CRITICAL
nginx njs 0.7.2 - Use-After-Free in njs_function_frame_alloc()
Apr 14, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-25139 CRITICAL
njs < 0.7.2 - Use-After-Free in njs_await_fulfilled
Feb 14, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-23032 MEDIUM
F5 BIG-IP APM <11.6.5 & Client <7.1.9 DNS Rebinding via Proxy
Jan 25, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-23031 MEDIUM
F5 BIG-IP Advanced WAF/ASM/FPS 14.1.0-14.1.4/15.1.0-15.1.4/16.1.0-16.1.1 - Authenticated XML External Entity Injection
Jan 25, 2022
CVSS 4.9
EPSS 0.01
CVE-2022-23030 MEDIUM
F5 BIG-IP 13.1.0-13.1.3, 14.1.0-14.1.4.4, 15.1.0-15.1.4, 16.1.0-16.1.1 - Resource Consumption via ixlv Driver
Jan 25, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-23029 MEDIUM
F5 BIG-IP 11.6.1-11.6.5 - Time-of-check Time-of-use Race Condition
Jan 25, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-23028 MEDIUM
BIG-IP AFM 13.1.x-16.x - Denial of Service via SYN Cookie Protection
Jan 25, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-23027 MEDIUM
F5 BIG-IP 12.1.5.3-12.1.6 - Denial of Service via FastL4 and HTTP/FIX/Hash Persistence Profile Conflict
Jan 25, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-23026 MEDIUM
BIG-IP ASM & Advanced WAF 12.1.0-12.1.5 - Authenticated Unrestricted File Upload via REST Endpoint
Jan 25, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-23025 HIGH
F5 BIG-IP 13.1.0-13.1.3 - Denial of Service via SIP ALG Profile
Jan 25, 2022
CVSS 7.5
EPSS 0.01