Vulnerabilities > F5 > BIG IP Advanced Firewall Manager > 14.1.0.6.0.11.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-14 | CVE-2018-12207 | Improper Input Validation vulnerability in multiple products Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. | 6.5 |
| 2019-11-01 | CVE-2019-6658 | SQL Injection vulnerability in F5 Big-Ip Advanced Firewall Manager On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack. | 4.3 |
| 2019-10-03 | CVE-2018-14880 | Out-of-bounds Read vulnerability in multiple products The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). | 7.5 |
| 2019-10-03 | CVE-2018-14468 | Out-of-bounds Read vulnerability in multiple products The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). | 7.5 |
| 2019-09-25 | CVE-2019-6654 | Improper Input Validation vulnerability in F5 products On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). | 4.3 |
| 2019-07-26 | CVE-2019-10744 | Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. | 9.1 |
| 2019-05-23 | CVE-2019-12295 | Uncontrolled Recursion vulnerability in multiple products In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. | 7.5 |
| 2019-02-27 | CVE-2019-1559 | Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. | 5.9 |
| 2019-02-20 | CVE-2019-8331 | Cross-site Scripting vulnerability in multiple products In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. | 6.1 |
| 2018-09-06 | CVE-2018-5391 | Improper Input Validation vulnerability in multiple products The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. | 7.5 |