15.0.0

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-15	CVE-2019-6664	Unspecified vulnerability in F5 products On BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions, network protections on the management port do not follow current best practices. network low complexity f5	5.0
2019-11-15	CVE-2019-6663	Improper Input Validation vulnerability in F5 products The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning (DNS Rebinding) attack. network f5 CWE-20	4.3
2019-11-14	CVE-2018-12207	Improper Input Validation vulnerability in multiple products Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. local low complexity intel debian opensuse fedoraproject canonical f5 redhat oracle CWE-20	6.5
2019-11-01	CVE-2019-6658	SQL Injection vulnerability in F5 Big-Ip Advanced Firewall Manager On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack. network low complexity f5 CWE-89	4.0
2019-10-09	CVE-2019-6471	Reachable Assertion vulnerability in multiple products A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. network high complexity f5 isc CWE-617	5.9
2019-10-09	CVE-2018-5743	Allocation of Resources Without Limits or Throttling vulnerability in multiple products By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. network low complexity f5 isc CWE-770	7.5
2019-10-03	CVE-2018-14880	Out-of-bounds Read vulnerability in multiple products The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). network low complexity tcpdump redhat debian opensuse fedoraproject apple f5 CWE-125	7.5
2019-10-03	CVE-2018-14468	Out-of-bounds Read vulnerability in multiple products The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). network low complexity tcpdump redhat debian opensuse fedoraproject apple f5 CWE-125	7.5
2019-09-25	CVE-2019-6651	Information Exposure Through Discrepancy vulnerability in F5 products In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request. network low complexity f5 CWE-203	5.3
2019-09-20	CVE-2019-6649	Unspecified vulnerability in F5 products F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings. network f5	5.8