14.1.2.1.0.83.4

DATE	CVE	VULNERABILITY TITLE	RISK
2022-10-19	CVE-2022-41983	Cleartext Transmission of Sensitive Information vulnerability in F5 products On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied. network high complexity f5 CWE-319	3.7
2021-11-11	CVE-2002-20001	Resource Exhaustion vulnerability in multiple products The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. network low complexity balasys siemens suse f5 hpe stormshield CWE-400	7.5
2020-04-30	CVE-2020-5883	Missing Release of Resource after Effective Lifetime vulnerability in F5 products On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, when a virtual server is configured with HTTP explicit proxy and has an attached HTTP_PROXY_REQUEST iRule, POST requests sent to the virtual server cause an xdata memory leak. network low complexity f5 CWE-772	5.0
2020-01-14	CVE-2020-5852	Unspecified vulnerability in F5 products Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). network low complexity f5	5.0
2019-07-26	CVE-2019-10744	Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. network low complexity lodash netapp redhat oracle f5 critical	9.1
2019-07-01	CVE-2019-13135	Use of Uninitialized Resource vulnerability in multiple products ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c. network low complexity imagemagick debian canonical f5 CWE-908	8.8
2019-05-23	CVE-2019-12295	Uncontrolled Recursion vulnerability in multiple products In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. network low complexity wireshark debian canonical f5 CWE-674	7.5
2019-02-20	CVE-2019-8331	Cross-site Scripting vulnerability in multiple products In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. network low complexity getbootstrap f5 redhat tenable CWE-79	6.1
2018-09-06	CVE-2018-5391	Improper Input Validation vulnerability in multiple products The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. network low complexity linux redhat debian canonical microsoft f5 siemens CWE-20	7.5
2018-07-06	CVE-2018-13405	Improper Privilege Management vulnerability in multiple products The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. local low complexity linux debian canonical fedoraproject redhat f5 CWE-269	7.8