f5

1,024 tracked vulnerabilities.

CVE-2022-23017 HIGH
F5 BIG-IP 13.1.0-13.1.3 - Denial of Service via DNS Profile Rapid Response Mode
Jan 25, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23016 HIGH
BIG-IP 15.1.0-15.1.4 - Denial of Service via TLS 1.3 SSL Forward Proxy
Jan 25, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23015 HIGH
F5 BIG-IP 14.1.2.6-14.1.4.4, 15.1.x < 15.1.4.1, 16.x < 16.1.0 - Uncontrolled Resource Consumption via Client SSL Profile
Jan 25, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-23014 MEDIUM
BIG-IP APM 15.1.0-15.1.4.1 and 16.1.0-16.1.2 - Denial of Service via Portal Access Virtual Server
Jan 25, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-23013 HIGH
BIG-IP DNS & GTM 11.6.0-11.6.4, 12.1.x, 13.1.x, 14.1.0-14.1.4.3, 15.1.0-15.1.3, 16.0.x - DOM-based Cross-Site Scripting
Jan 25, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-23012 HIGH
F5 BIG-IP 14.1.0-14.1.4.5 - Denial of Service via HTTP/2 Profile
Jan 25, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23011 HIGH
BIG-IP 14.1.0-14.1.2 - Denial of Service via SYN Cookie Protection
Jan 25, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23010 HIGH
F5 BIG-IP 11.6.0-11.6.4 - Memory Exhaustion via FastL4 and HTTP Profile Configuration
Jan 25, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23009 HIGH
BIG-IQ Centralized Management 8.x - Authenticated Incorrect Authorization
Jan 25, 2022
CVSS 7.2
EPSS 0.00
CVE-2022-23008 MEDIUM
F5 NGINX Controller API Management 3.18.0-3.19.0 - Authenticated JavaScript Injection via Undisclosed API Endpoints
Jan 25, 2022
CVSS 5.4
EPSS 0.00
CVE-2021-23055 MEDIUM
NGINX Ingress Controller <2.0.3-1.12.3 - Command Injection
Apr 21, 2022
CVSS 6.5
EPSS 0.00
CVE-2021-3618 HIGH
F5 NGINX < 1.21.0 - Improper Certificate Validation
Mar 23, 2022
CVSS 7.4
EPSS 0.01
CVE-2021-46463 CRITICAL
njs < 0.7.1 - Control Flow Hijack via Type Confusion in njs_promise_perform_then()
Feb 14, 2022
CVSS 9.8
EPSS 0.00
CVE-2021-46462 HIGH
njs < 0.7.1 - Denial of Service via njs_object_set_prototype
Feb 14, 2022
CVSS 7.5
EPSS 0.01
CVE-2021-42717 HIGH
OWASP ModSecurity 2.8.0-2.9.4 and 3.0.0-3.0.5 - Denial of Service via Excessively Nested JSON Objects
Dec 07, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23054 MEDIUM
BIG-IP Access Policy Manager 11.6.1-11.6.4 - Authenticated Reflected Cross-Site Scripting in Resource Information Page
Sep 27, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-40438 CRITICAL KEVNUCLEI
Apache HTTP Server <2.4.48 - SSRF
Sep 16, 2021
CVSS 9.0
EPSS 0.94
CVE-2021-23029 HIGH
F5 BIG-IP Advanced WAF and ASM 16.0.0-16.0.1.1 - Authenticated Server-Side Request Forgery
Sep 14, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-23027 MEDIUM
BIG-IP <16.0.1.2, 15.1.3.1, 14.1.4.3 - XSS
Sep 14, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-23026 HIGH
BIG-IP 13.1.0-13.1.4 - Cross-Site Request Forgery via iControl SOAP
Sep 14, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-23030 HIGH
F5 Big-ip Advanced Web Application Firewall < 12.1.6 - Improper Input Validation
Sep 14, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-23028 HIGH
F5 <16.0.1.2, 15.1.3.1, 14.1.4.2, 13.1.4 - DoS
Sep 14, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-23025 HIGH
BIG-IP <15.1.0.5, <14.1.3.1, <13.1.3.5, <=11.6.x - Authenticated RCE
Sep 14, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-23036 HIGH
F5 BIG-IP Advanced Web Application Firewall 16.0.0-16.0.1 - Denial of Service via ASM and DataSafe Profile Configuration
Sep 14, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-23031 CRITICAL
F5 BIG-IP Advanced WAF/ASM Privilege Escalation (16.0.1.2/15.1.3/14.1.4.1/13.1.4/12.1.6/11.6.5.3)
Sep 14, 2021
CVSS 9.9
EPSS 0.01
Products
big-ip_access_policy_manager 589 big-ip_application_security_manager 541 big-ip_advanced_firewall_manager 514 big-ip_local_traffic_manager 503 big-ip_policy_enforcement_manager 495 big-ip_link_controller 487 big-ip_application_acceleration_manager 486 big-ip_analytics 473 big-ip_global_traffic_manager 452 big-ip_domain_name_system 429 big-ip_fraud_protection_service 367 big-ip_webaccelerator 259 big-ip_edge_gateway 255 big-ip_advanced_web_application_firewall 155 big-ip_websafe 137 big-ip_ddos_hybrid_defender 127 big-ip_ssl_orchestrator 108 big-iq_centralized_management 77 big-ip_carrier-grade_nat 71 big-ip_application_visibility_and_reporting 70 big-ip_protocol_security_module 61 big-ip_container_ingress_services 48 big-ip_automation_toolchain 47 BIG-IP 46 nginx 41 enterprise_manager 39 njs 39 big-ip_wan_optimization_manager 38 traffix_signaling_delivery_controller 31 ssl_orchestrator 27
Quick Filters
Critical CVEs With Exploits In CISA KEV