CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-33203 – BIG-IP APM and F5 SSL Orchestrator vulnerability CVE-2022-33203
https://notcve.org/view.php?id=CVE-2022-33203
04 Aug 2022 — In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.1.x anteriores a 16.1.3, 15.1.x anteriores a 15.1.6.1 y 14.1.x anteriores a 14.1.5, cuando es configurado una política de acceso de BIG... • https://support.f5.com/csp/article/K52534925 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 44EXPL: 0CVE-2022-32455 – TMM vulnerability CVE-2022-32455
https://notcve.org/view.php?id=CVE-2022-32455
04 Aug 2022 — In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.1.x anteriores a 16.1.2.2, 15.1.x anteriores a 15.... • https://support.f5.com/csp/article/K16852653 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31473 – BIG-IP APM Appliance mode vulnerability CVE-2022-31473
https://notcve.org/view.php?id=CVE-2022-31473
04 Aug 2022 — In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.1.x anteriores a 16.1.1 y 15.1.x anteriores a 15.1.4, cuando es eje... • https://support.f5.com/csp/article/K34893234 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30535 – NGINX Ingress Controller vulnerability CVE-2022-30535
https://notcve.org/view.php?id=CVE-2022-30535
04 Aug 2022 — In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En versiones 2.x anteriores a 2.3.0 y en todas las versiones de 1.x, un atacante autorizado a crear o actualizar objetos de entrada puede obtener los secretos disponibles para el controlador de entrada NGINX. Nota: Las versiones de softwar... • https://support.f5.com/csp/article/K52125139 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34032
https://notcve.org/view.php?id=CVE-2022-34032
18 Jul 2022 — Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. Se ha detectado que Nginx NJS versión v0.7.5, contiene una violación de segmentación en la función njs_value_own_enumerate en el archivo src/njs_value.c • https://github.com/nginx/njs/issues/524 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34031
https://notcve.org/view.php?id=CVE-2022-34031
18 Jul 2022 — Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h. Se ha detectado que Nginx NJS versión v0.7.5, contiene una violación de segmentación por medio de la función njs_value_to_number en el archivo src/njs_value_conversion.h • https://github.com/nginx/njs/issues/523 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34030
https://notcve.org/view.php?id=CVE-2022-34030
18 Jul 2022 — Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c. Se ha detectado que Nginx NJS versión v0.7.5, contiene una violación de segmentación por medio de la función njs_djb_hash en el archivo src/njs_djb_hash.c • https://github.com/nginx/njs/issues/540 •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34029
https://notcve.org/view.php?id=CVE-2022-34029
18 Jul 2022 — Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h. Se ha detectado que Nginx NJS versión v0.7.4, contiene una lectura fuera de los límites por medio de la función njs_scope_value en el archivo njs_scope.h • https://github.com/nginx/njs/issues/506 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34028
https://notcve.org/view.php?id=CVE-2022-34028
18 Jul 2022 — Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h. Se ha detectado que Nginx NJS versión v0.7.5, contiene una violación de segmentación por medio de la función njs_utf8_next en el archivo src/njs_utf8.h • https://github.com/nginx/njs/issues/522 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34027
https://notcve.org/view.php?id=CVE-2022-34027
18 Jul 2022 — Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c. Se ha detectado que Nginx NJS versión v0.7.4, contiene una violación de segmentación por medio de la función njs_value_property en el archivo njs_value.c • https://github.com/nginx/njs/issues/504 •