CVE-2022-41622
- EPSS 87.99%
- Veröffentlicht 07.12.2022 04:15:10
- Zuletzt bearbeitet 21.11.2024 07:23:31
In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2022-41770
- EPSS 0.6%
- Veröffentlicht 19.10.2022 22:15:12
- Zuletzt bearbeitet 21.11.2024 07:23:48
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory r...
CVE-2022-35728
- EPSS 0.58%
- Veröffentlicht 04.08.2022 18:15:10
- Zuletzt bearbeitet 21.11.2024 07:11:33
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token ma...
CVE-2022-34851
- EPSS 0.65%
- Veröffentlicht 04.08.2022 18:15:10
- Zuletzt bearbeitet 21.11.2024 07:10:18
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to...
CVE-2022-34844
- EPSS 0.63%
- Veröffentlicht 04.08.2022 18:15:10
- Zuletzt bearbeitet 21.11.2024 07:10:18
In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, ...
CVE-2022-29479
- EPSS 0.85%
- Veröffentlicht 05.05.2022 17:15:15
- Zuletzt bearbeitet 21.11.2024 06:59:09
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, when an IPv6 self IP address ...
CVE-2022-26340
- EPSS 0.44%
- Veröffentlicht 05.05.2022 17:15:11
- Zuletzt bearbeitet 21.11.2024 06:53:46
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and...
CVE-2022-23023
- EPSS 0.9%
- Veröffentlicht 25.01.2022 20:15:09
- Zuletzt bearbeitet 21.11.2024 06:47:49
On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, and BIG-IQ all versions of 8.x and 7.x, undisclosed requests by an authenticated iControl REST user can cause an increase i...
- EPSS 1.11%
- Veröffentlicht 25.01.2022 20:15:09
- Zuletzt bearbeitet 21.11.2024 06:47:47
On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. Note: Software versions which have reached End of Techni...
CVE-2002-20001
- EPSS 23.06%
- Veröffentlicht 11.11.2021 19:15:07
- Zuletzt bearbeitet 22.08.2025 10:33:16
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ate...