15.0.0

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-15	CVE-2019-6663	Improper Input Validation vulnerability in F5 products The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning (DNS Rebinding) attack. local low complexity f5 CWE-20	5.5
2019-11-14	CVE-2018-12207	Improper Input Validation vulnerability in multiple products Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. local low complexity intel debian opensuse fedoraproject canonical f5 redhat oracle CWE-20	6.5
2019-10-09	CVE-2019-6471	Reachable Assertion vulnerability in multiple products A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. network high complexity f5 isc CWE-617	5.9
2019-10-09	CVE-2018-5743	Allocation of Resources Without Limits or Throttling vulnerability in multiple products By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. network low complexity f5 isc CWE-770	7.5
2019-10-03	CVE-2018-14880	Out-of-bounds Read vulnerability in multiple products The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). network low complexity tcpdump redhat debian opensuse fedoraproject apple f5 CWE-125	7.5
2019-10-03	CVE-2018-14468	Out-of-bounds Read vulnerability in multiple products The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). network low complexity tcpdump redhat debian opensuse fedoraproject apple f5 CWE-125	7.5
2019-09-25	CVE-2019-6651	Information Exposure Through Discrepancy vulnerability in F5 products In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request. network low complexity f5 CWE-203	5.3
2019-09-20	CVE-2019-6649	Unspecified vulnerability in F5 products F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings. network low complexity f5 critical	9.1
2019-08-13	CVE-2019-9515	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. network low complexity apple apache canonical debian synology fedoraproject opensuse redhat oracle mcafee f5 nodejs CWE-770	7.5
2019-08-13	CVE-2019-9514	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. network low complexity apple apache debian canonical synology fedoraproject opensuse redhat oracle mcafee netapp f5 nodejs CWE-770	7.5