CVSS: 4.9EPSS: 0%CPEs: 341EXPL: 0CVE-2022-26835
https://notcve.org/view.php?id=CVE-2022-26835
05 May 2022 — On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell (tmsh) commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files. Note: Software versions which have reached End of Techn... • https://support.f5.com/csp/article/K53197140 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 56EXPL: 0CVE-2022-23030
https://notcve.org/view.php?id=CVE-2022-23030
25 Jan 2022 — On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when the BIG-IP Virtual Edition (VE) uses the ixlv driver (which is used in SR-IOV mode and requires Intel X710/XL710/XXV710 family of network adapters on the Hypervisor) and TCP Segmentation Offload configuration is enabled, undisclosed requests may cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En las vers... • https://support.f5.com/csp/article/K53442005 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0CVE-2022-23019
https://notcve.org/view.php?id=CVE-2022-23019
25 Jan 2022 — On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a message routing type virtual server is configured with both Diameter Session and Router Profiles, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.1.x anteriores a 16.1.2, 15.1.x anteriores a 15.1.4.1, 14.1.x anteriores a 14.1.4.4, y to... • https://support.f5.com/csp/article/K82793463 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2022-23021
https://notcve.org/view.php?id=CVE-2022-23021
25 Jan 2022 — On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate: HTTP redirect rule in an LTM policy, BIG-IP APM Access Profile, and Explicit HTTP Proxy in HTTP Profile. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.1.x anteriores a 16.1.2, cuando cualquiera de las siguientes configuraciones está confi... • https://support.f5.com/csp/article/K57111075 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2022-23020
https://notcve.org/view.php?id=CVE-2022-23020
25 Jan 2022 — On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' setting is enabled on the Request Logging profile and configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.1.x anteriores a 16.1.2, cuando el ajuste "Respond on Error" está habilitado en el perfil de registro de peticiones y configurado en un servidor virtual, l... • https://support.f5.com/csp/article/K17514331 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 56EXPL: 0CVE-2022-23025
https://notcve.org/view.php?id=CVE-2022-23025
25 Jan 2022 — On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, when a SIP ALG profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.1.x anteriores a 16.1.1, 15.1.x anteriores a 15.1.4, 14.1.x anteriores a 14.1.4.4 y todas las versiones de la 13.1.x, cuando es configura... • https://support.f5.com/csp/article/K44110411 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 72EXPL: 0CVE-2022-23023
https://notcve.org/view.php?id=CVE-2022-23023
25 Jan 2022 — On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, and BIG-IQ all versions of 8.x and 7.x, undisclosed requests by an authenticated iControl REST user can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.1.x anteriores a 16.1.2.1, 15.1.x anteriores a 15.1.5, 14.1.x anteriores a 14.1.4.5, y todas las versiones de 13.1... • https://support.f5.com/csp/article/K11742742 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2022-23022
https://notcve.org/view.php?id=CVE-2022-23022
25 Jan 2022 — On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.1.x anteriores a 16.1.2, cuando es configurado un perfil HTTP en un servidor virtual, las peticiones no reveladas pueden causar una terminación del Microkernel de Administración del Tráfico (TMM). Nota: Las versio... • https://support.f5.com/csp/article/K96924184 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 0CVE-2022-23017
https://notcve.org/view.php?id=CVE-2022-23017
25 Jan 2022 — On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when a virtual server is configured with a DNS profile with the Rapid Response Mode setting enabled and is configured on a BIG-IP system, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.x anteriores a 16.1.0, 15.1.x anteriores a 15.1.4.1, 14.1... • https://support.f5.com/csp/article/K28042514 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2022-23016
https://notcve.org/view.php?id=CVE-2022-23016
25 Jan 2022 — On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En las versiones 16.1.x antes de 16.1.2 y 15.1.x antes de 15.1.4.1, cuando BIG-IP SSL Forward Proxy con TLS versión 1.3 está configurado en un servidor virtual, las peticiones no reveladas pued... • https://support.f5.com/csp/article/K91013510 • CWE-476: NULL Pointer Dereference •