Vulnerabilities > F5

DATE CVE VULNERABILITY TITLE RISK
2019-02-26 CVE-2019-6592 Improper Certificate Validation vulnerability in F5 products
On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file when validating SSL certificates in client SSL or server SSL profiles.
network
low complexity
f5 CWE-295
critical
9.1
2019-02-24 CVE-2019-9077 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in GNU Binutils 2.32.
local
low complexity
gnu netapp canonical f5 CWE-787
7.8
2019-02-24 CVE-2019-9075 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32.
local
low complexity
gnu netapp canonical f5 CWE-787
7.8
2019-02-24 CVE-2019-9070 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32.
local
low complexity
gnu netapp canonical f5 CWE-125
7.8
2019-02-20 CVE-2019-8331 Cross-site Scripting vulnerability in multiple products
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
network
low complexity
getbootstrap f5 redhat tenable CWE-79
6.1
2019-02-15 CVE-2019-6974 Use After Free vulnerability in multiple products
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
network
high complexity
linux debian canonical f5 redhat CWE-416
8.1
2019-02-14 CVE-2019-6589 Cross-site Scripting vulnerability in F5 products
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility.
network
low complexity
f5 CWE-79
6.1
2019-02-06 CVE-2018-16890 Integer Overflow or Wraparound vulnerability in multiple products
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read.
7.5
2019-02-05 CVE-2019-6590 Unspecified vulnerability in F5 Big-Ip Local Traffic Manager
On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic.
network
high complexity
f5
5.9
2019-02-05 CVE-2019-6591 Cross-site Scripting vulnerability in F5 Big-Ip Access Policy Manager
On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system.
network
low complexity
f5 CWE-79
5.4