Vulnerabilities > F5

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-27	CVE-2019-1559	Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. network high complexity openssl canonical debian netapp f5 tenable opensuse fedoraproject mcafee redhat oracle paloaltonetworks nodejs CWE-203	5.9
2019-02-26	CVE-2019-6595	Cross-site Scripting vulnerability in F5 Big-Ip Access Policy Manager Cross-site scripting (XSS) vulnerability in F5 BIG-IP Access Policy Manager (APM) 11.5.x and 11.6.x Admin Web UI. network low complexity f5 CWE-79	6.1
2019-02-26	CVE-2019-6594	Infinite Loop vulnerability in F5 products On BIG-IP 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, and 14.0.0-14.0.0.2, Multi-Path TCP (MPTCP) does not protect against multiple zero length DATA_FINs in the reassembly queue, which can lead to an infinite loop in some circumstances. network high complexity f5 CWE-835	5.9
2019-02-26	CVE-2019-6593	Use of a Broken or Risky Cryptographic Algorithm vulnerability in F5 products On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. network high complexity f5 CWE-327	5.9
2019-02-26	CVE-2019-6592	Improper Certificate Validation vulnerability in F5 products On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file when validating SSL certificates in client SSL or server SSL profiles. network low complexity f5 CWE-295 critical	9.1
2019-02-24	CVE-2019-9077	Out-of-bounds Write vulnerability in multiple products An issue was discovered in GNU Binutils 2.32. local low complexity gnu netapp canonical f5 CWE-787	7.8
2019-02-24	CVE-2019-9075	Out-of-bounds Write vulnerability in multiple products An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. local low complexity gnu netapp canonical f5 CWE-787	7.8
2019-02-24	CVE-2019-9070	Out-of-bounds Read vulnerability in multiple products An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. local low complexity gnu netapp canonical f5 CWE-125	7.8
2019-02-20	CVE-2019-8331	Cross-site Scripting vulnerability in multiple products In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. network low complexity getbootstrap f5 redhat tenable CWE-79	6.1
2019-02-15	CVE-2019-6974	Use After Free vulnerability in multiple products In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. network high complexity linux debian canonical f5 redhat CWE-416	8.1

Vulnerabilities > F5 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"F5"}]}

Vulnerabilities > F5