Vulnerabilities > F5 > BIG IP Link Controller > 14.1.2.1.0.0.4

DATE CVE VULNERABILITY TITLE RISK
2019-12-23 CVE-2019-6685 Improper Privilege Management vulnerability in F5 products
On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution.
local
low complexity
f5 CWE-269
4.6
4.6
2019-12-23 CVE-2019-6684 Unspecified vulnerability in F5 products
On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, under certain conditions, a multi-bladed BIG-IP Virtual Clustered Multiprocessing (vCMP) may drop broadcast packets when they are rebroadcast to the vCMP guest secondary blades.
network
low complexity
f5
5.0
5.0
2019-12-23 CVE-2019-6683 Resource Exhaustion vulnerability in F5 products
On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IP virtual servers with Loose Initiation enabled on a FastL4 profile may be subject to excessive flow usage under undisclosed conditions.
network
f5 CWE-400
4.3
4.3
2019-12-23 CVE-2019-6679 Link Following vulnerability in F5 products
On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks.
local
low complexity
f5 CWE-59
3.6
3.6
2019-12-23 CVE-2019-6678 Unspecified vulnerability in F5 products
On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, the TMM process may restart when the packet filter feature is enabled.
network
f5
4.3
4.3
2019-12-23 CVE-2019-6676 Unspecified vulnerability in F5 products
On versions 15.0.0-15.0.1, 14.0.0-14.1.2.2, and 13.1.0-13.1.3.1, TMM may restart on BIG-IP Virtual Edition (VE) when using virtio direct descriptors and packets 2 KB or larger.
network
low complexity
f5
5.0
5.0
2019-07-26 CVE-2019-10744 Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution.
network
low complexity
lodash netapp redhat oracle f5
critical
 9.1
9.1
2019-05-23 CVE-2019-12295 Uncontrolled Recursion vulnerability in multiple products
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash.
network
low complexity
wireshark debian canonical f5 CWE-674
7.5
7.5
2019-02-20 CVE-2019-8331 Cross-site Scripting vulnerability in multiple products
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
network
low complexity
getbootstrap f5 redhat tenable CWE-79
6.1
6.1
2018-09-06 CVE-2018-5391 Improper Input Validation vulnerability in multiple products
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. 		7.5
7.5