Vulnerabilities > F5 > BIG IP Global Traffic Manager > Low

DATE CVE VULNERABILITY TITLE RISK
2022-10-19 CVE-2022-41983 Unspecified vulnerability in F5 products
On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied.
network
high complexity
f5
3.7
2019-12-23 CVE-2019-6679 Link Following vulnerability in F5 products
On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks.
local
low complexity
f5 CWE-59
3.3
2018-07-25 CVE-2018-5538 Unspecified vulnerability in F5 products
On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable "dnsexpress.notifyport" is set to any value other than the default of "0".
network
high complexity
f5
3.7