F5: Security Vulnerabilities
In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
5.9
EPSS Score
0.003
Published
2023-05-03
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-04-09
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-04-09
Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-04-09
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-04-09
Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file.
CVSS Score
9.8
EPSS Score
0.038
Published
2023-04-04
Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.
CVSS Score
9.8
EPSS Score
0.027
Published
2023-04-04
Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note: NGINX Agent is included with NGINX Instance Manager and used in conjunction with NGINX API Connectivity Manager, and NGINX Management Suite Security Monitoring.
CVSS Score
5.5
EPSS Score
0.002
Published
2023-03-29
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
7.5
EPSS Score
0.01
Published
2023-02-01
On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate:
* An OAuth Server that references an OAuth Provider
* An OAuth profile with the Authorization Endpoint set to '/'
* An access profile that references the above OAuth profile and is associated with an HTTPS virtual server
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
7.5
EPSS Score
0.01
Published
2023-02-01