Vulnerabilities > F5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-19 | CVE-2011-4968 | Improper Input Validation vulnerability in multiple products nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) | 4.8 |
| 2019-11-15 | CVE-2019-6664 | Unspecified vulnerability in F5 products On BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions, network protections on the management port do not follow current best practices. | 7.5 |
| 2019-11-15 | CVE-2019-6663 | Improper Input Validation vulnerability in F5 products The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning (DNS Rebinding) attack. | 5.5 |
| 2019-11-15 | CVE-2019-6662 | Information Exposure Through Log Files vulnerability in F5 products On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. | 6.5 |
| 2019-11-15 | CVE-2019-6661 | Resource Exhaustion vulnerability in F5 Big-Ip Access Policy Manager When the BIG-IP APM 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.4.1, or 11.5.1-11.6.5 system processes certain requests, the APD/APMD daemon may consume excessive resources. | 7.5 |
| 2019-11-15 | CVE-2019-6660 | Resource Exhaustion vulnerability in F5 products On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service. | 7.5 |
| 2019-11-15 | CVE-2019-6659 | Unspecified vulnerability in F5 products On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of service due to undisclosed incoming messages. | 7.5 |
| 2019-11-14 | CVE-2018-12207 | Improper Input Validation vulnerability in multiple products Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. | 6.5 |
| 2019-11-01 | CVE-2019-6658 | SQL Injection vulnerability in F5 Big-Ip Advanced Firewall Manager On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack. | 4.3 |
| 2019-11-01 | CVE-2019-6657 | Cross-site Scripting vulnerability in F5 products On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility. | 6.1 |