Vulnerabilities > F5 > BIG IP Fraud Protection Service > 14.0.0

DATE CVE VULNERABILITY TITLE RISK
2019-11-27 CVE-2019-6669 Unspecified vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, undisclosed traffic flow may cause TMM to restart under some circumstances.
network
low complexity
f5
7.5
7.5
2019-11-27 CVE-2019-6667 Resource Exhaustion vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.5.1-11.6.5, under certain conditions, TMM may consume excessive resources when processing traffic for a Virtual Server with the FIX (Financial Information eXchange) profile applied.
network
low complexity
f5 CWE-400
7.5
7.5
2019-11-27 CVE-2019-6666 Unspecified vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, and 13.1.0-13.1.1.4, the TMM process may produce a core file when an upstream server or cache sends the BIG-IP an invalid age header value.
network
low complexity
f5
7.5
7.5
2019-11-15 CVE-2019-6663 Improper Input Validation vulnerability in F5 products
The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning (DNS Rebinding) attack.
local
low complexity
f5 CWE-20
5.5
5.5
2019-11-15 CVE-2019-6660 Resource Exhaustion vulnerability in F5 products
On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service.
network
low complexity
f5 CWE-400
7.5
7.5
2019-11-15 CVE-2019-6659 Unspecified vulnerability in F5 products
On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of service due to undisclosed incoming messages.
network
low complexity
f5
7.5
7.5
2019-10-09 CVE-2019-6471 Reachable Assertion vulnerability in multiple products
A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c.
network
high complexity
f5 isc CWE-617
5.9
5.9
2019-10-09 CVE-2018-5743 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time.
network
low complexity
f5 isc CWE-770
7.5
7.5
2019-10-03 CVE-2018-14880 Out-of-bounds Read vulnerability in multiple products
The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). 		7.5
7.5
2019-10-03 CVE-2018-14468 Out-of-bounds Read vulnerability in multiple products
The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). 		7.5
7.5