Vulnerabilities > F5 > BIG IP Domain Name System

DATE CVE VULNERABILITY TITLE RISK
2019-12-23 CVE-2019-6684 Unspecified vulnerability in F5 products
On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, under certain conditions, a multi-bladed BIG-IP Virtual Clustered Multiprocessing (vCMP) may drop broadcast packets when they are rebroadcast to the vCMP guest secondary blades.
network
low complexity
f5
7.5
2019-12-23 CVE-2019-6683 Resource Exhaustion vulnerability in F5 products
On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IP virtual servers with Loose Initiation enabled on a FastL4 profile may be subject to excessive flow usage under undisclosed conditions.
network
low complexity
f5 CWE-400
7.5
2019-12-23 CVE-2019-6680 Unspecified vulnerability in F5 products
On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5, while processing traffic through a standard virtual server that targets a FastL4 virtual server (VIP on VIP), hardware appliances may stop responding.
network
low complexity
f5
7.5
2019-12-23 CVE-2019-6679 Link Following vulnerability in F5 products
On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks.
local
low complexity
f5 CWE-59
3.3
2019-12-23 CVE-2019-6678 Unspecified vulnerability in F5 products
On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, the TMM process may restart when the packet filter feature is enabled.
network
low complexity
f5
5.3
2019-12-23 CVE-2019-6677 Unspecified vulnerability in F5 products
On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, under certain conditions when using custom TCP congestion control settings in a TCP profile, TMM stops processing traffic when processed by an iRule.
network
low complexity
f5
7.5
2019-12-23 CVE-2019-6676 Unspecified vulnerability in F5 products
On versions 15.0.0-15.0.1, 14.0.0-14.1.2.2, and 13.1.0-13.1.3.1, TMM may restart on BIG-IP Virtual Edition (VE) when using virtio direct descriptors and packets 2 KB or larger.
network
low complexity
f5
7.5
2019-12-18 CVE-2019-11109 Logic issue in the subsystem for Intel(R) SPS before versions SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0 and SPS_SoC-A_04.00.04.191.0 may allow a privileged user to potentially enable denial of service via local access.
local
low complexity
intel f5
4.4
2019-11-27 CVE-2019-6671 Memory Leak vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, under certain conditions tmm may leak memory when processing packet fragments, leading to resource starvation.
network
low complexity
f5 CWE-401
7.5
2019-11-27 CVE-2019-6670 Cleartext Storage of Sensitive Information vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the filesystem.
local
low complexity
f5 CWE-312
4.4