Vulnerabilities > F5 > BIG IP Websafe
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-11 | CVE-2016-7476 | Improper Input Validation vulnerability in F5 products The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1 HF10 may suffer from a memory leak while handling certain types of TCP traffic. | 7.5 |
| 2017-05-10 | CVE-2016-9250 | Permissions, Privileges, and Access Controls vulnerability in F5 products In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism. | 7.5 |
| 2017-05-09 | CVE-2017-6137 | Unspecified vulnerability in F5 products In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations. | 5.9 |
| 2017-05-09 | CVE-2016-9256 | Race Condition vulnerability in F5 products In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request. | 7.5 |
| 2017-05-09 | CVE-2016-9253 | Improper Input Validation vulnerability in F5 products In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile. | 7.5 |
| 2017-05-09 | CVE-2016-9251 | Permissions, Privileges, and Access Controls vulnerability in F5 products In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection. | 8.8 |
| 2017-05-01 | CVE-2017-6128 | Unspecified vulnerability in F5 products An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow. | 7.5 |
| 2017-03-27 | CVE-2016-9252 | Data Processing Errors vulnerability in F5 products The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors. | 7.5 |
| 2017-03-27 | CVE-2016-7474 | Information Exposure vulnerability in F5 products In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information. | 5.5 |
| 2017-03-07 | CVE-2016-9245 | Improper Access Control vulnerability in F5 products In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. | 5.9 |