| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2023-23555 |
665 |
|
|
2023-02-01 |
2023-02-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
2 |
CVE-2023-23552 |
400 |
|
|
2023-02-01 |
2023-02-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
3 |
CVE-2023-22842 |
787 |
|
|
2023-02-01 |
2023-02-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
4 |
CVE-2023-22839 |
476 |
|
|
2023-02-01 |
2023-02-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
5 |
CVE-2023-22664 |
400 |
|
|
2023-02-01 |
2023-02-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
6 |
CVE-2023-22657 |
77 |
|
|
2023-02-01 |
2023-02-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
7 |
CVE-2023-22422 |
120 |
|
|
2023-02-01 |
2023-02-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
8 |
CVE-2023-22418 |
601 |
|
|
2023-02-01 |
2023-02-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious attacker to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
9 |
CVE-2023-22374 |
134 |
|
Exec Code |
2023-02-01 |
2023-03-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 on their respective branches, a format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
10 |
CVE-2023-22358 |
427 |
|
|
2023-02-01 |
2023-02-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
11 |
CVE-2023-22341 |
476 |
|
|
2023-02-01 |
2023-02-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization Endpoint set to '/' * An access profile that references the above OAuth profile and is associated with an HTTPS virtual server Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
12 |
CVE-2023-22340 |
476 |
|
|
2023-02-01 |
2023-02-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
13 |
CVE-2023-22326 |
732 |
|
|
2023-02-01 |
2023-02-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
14 |
CVE-2023-22323 |
770 |
|
|
2023-02-01 |
2023-02-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
15 |
CVE-2023-22302 |
772 |
|
|
2023-02-01 |
2023-03-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
16 |
CVE-2023-22283 |
427 |
|
|
2023-02-01 |
2023-02-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
17 |
CVE-2023-22281 |
908 |
|
|
2023-02-01 |
2023-02-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
18 |
CVE-2022-43286 |
416 |
|
|
2022-10-28 |
2022-10-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c. |
|
19 |
CVE-2022-43285 |
|
|
|
2022-10-28 |
2022-12-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** DISPUTED ** Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input. |
|
20 |
CVE-2022-43284 |
|
|
|
2022-10-28 |
2022-12-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** DISPUTED ** Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input. |
|
21 |
CVE-2022-41983 |
319 |
|
|
2022-10-19 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied. |
|
22 |
CVE-2022-41836 |
|
|
|
2022-10-19 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. |
|
23 |
CVE-2022-41835 |
269 |
|
Exec Code |
2022-10-19 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller. |
|
24 |
CVE-2022-41833 |
400 |
|
|
2022-10-19 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate. |
|
25 |
CVE-2022-41832 |
401 |
|
|
2022-10-19 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization. |
|
26 |
CVE-2022-41813 |
20 |
|
|
2022-10-19 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate. |
|
27 |
CVE-2022-41806 |
400 |
|
|
2022-10-19 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. |
|
28 |
CVE-2022-41800 |
77 |
|
Bypass |
2022-12-07 |
2022-12-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
29 |
CVE-2022-41787 |
476 |
|
|
2022-10-19 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with DNSSEC can cause TMM to terminate. |
|
30 |
CVE-2022-41780 |
22 |
|
Dir. Trav. |
2022-10-19 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary files. |
|
31 |
CVE-2022-41770 |
400 |
|
|
2022-10-19 |
2022-10-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests. |
|
32 |
CVE-2022-41743 |
787 |
|
|
2022-10-19 |
2022-10-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when the hls directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_hls_module. |
|
33 |
CVE-2022-41742 |
787 |
|
|
2022-10-19 |
2023-02-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. |
|
34 |
CVE-2022-41741 |
787 |
|
|
2022-10-19 |
2023-01-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. |
|
35 |
CVE-2022-41694 |
20 |
|
|
2022-10-19 |
2022-10-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate. |
|
36 |
CVE-2022-41691 |
763 |
|
|
2022-10-19 |
2022-10-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. |
|
37 |
CVE-2022-41624 |
401 |
|
|
2022-10-19 |
2022-10-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. |
|
38 |
CVE-2022-41622 |
352 |
|
CSRF |
2022-12-07 |
2022-12-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
39 |
CVE-2022-41617 |
77 |
|
Exec Code |
2022-10-19 |
2022-10-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface. |
|
40 |
CVE-2022-38890 |
125 |
|
|
2022-09-15 |
2022-11-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h |
|
41 |
CVE-2022-36795 |
682 |
|
|
2022-10-19 |
2022-10-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. |
|
42 |
CVE-2022-35735 |
74 |
|
|
2022-08-04 |
2022-08-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
43 |
CVE-2022-35728 |
613 |
|
|
2022-08-04 |
2022-08-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
44 |
CVE-2022-35272 |
404 |
|
|
2022-08-04 |
2022-08-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server, undisclosed traffic may cause the Traffic Management Microkernel (TMM) to produce a core file and the connection to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
45 |
CVE-2022-35245 |
476 |
|
|
2022-08-04 |
2022-08-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
46 |
CVE-2022-35243 |
269 |
|
Bypass |
2022-08-04 |
2022-08-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
47 |
CVE-2022-35241 |
400 |
|
|
2022-08-04 |
2022-08-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
48 |
CVE-2022-35240 |
404 |
|
|
2022-08-04 |
2022-08-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when the Message Routing (MR) Message Queuing Telemetry Transport (MQTT) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
49 |
CVE-2022-35236 |
400 |
|
|
2022-08-04 |
2022-08-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
50 |
CVE-2022-34865 |
295 |
|
|
2022-08-04 |
2022-08-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
