Vulnerabilities > F5 > BIG IP Policy Enforcement Manager > 14.0.0

DATE CVE VULNERABILITY TITLE RISK
2019-11-27 CVE-2019-6673 Unspecified vulnerability in F5 products
On versions 15.0.0-15.0.1 and 14.0.0-14.1.2, when the BIG-IP is configured in HTTP/2 Full Proxy mode, specifically crafted requests may cause a disruption of service provided by the Traffic Management Microkernel (TMM).
network
f5
4.3
4.3
2019-11-27 CVE-2019-6671 Missing Release of Resource after Effective Lifetime vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, under certain conditions tmm may leak memory when processing packet fragments, leading to resource starvation.
network
low complexity
f5 CWE-772
5.0
5.0
2019-11-27 CVE-2019-6670 Cleartext Storage of Sensitive Information vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the filesystem.
local
low complexity
f5 CWE-312
2.1
2.1
2019-11-27 CVE-2019-6669 Unspecified vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, undisclosed traffic flow may cause TMM to restart under some circumstances.
network
low complexity
f5
5.0
5.0
2019-11-27 CVE-2019-6667 Resource Exhaustion vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.5.1-11.6.5, under certain conditions, TMM may consume excessive resources when processing traffic for a Virtual Server with the FIX (Financial Information eXchange) profile applied.
network
f5 CWE-400
4.3
4.3
2019-11-27 CVE-2019-6666 Unspecified vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, and 13.1.0-13.1.1.4, the TMM process may produce a core file when an upstream server or cache sends the BIG-IP an invalid age header value.
network
low complexity
f5
5.0
5.0
2019-11-15 CVE-2019-6663 Improper Input Validation vulnerability in F5 products
The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning (DNS Rebinding) attack.
network
f5 CWE-20
4.3
4.3
2019-11-15 CVE-2019-6660 Resource Exhaustion vulnerability in F5 products
On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service.
network
low complexity
f5 CWE-400
5.0
5.0
2019-11-15 CVE-2019-6659 Unspecified vulnerability in F5 products
On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of service due to undisclosed incoming messages.
network
low complexity
f5
5.0
5.0
2019-10-09 CVE-2019-6471 Reachable Assertion vulnerability in multiple products
A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c.
network
high complexity
f5 isc CWE-617
5.9
5.9