Vulnerabilities > F5

DATE CVE VULNERABILITY TITLE RISK
2018-12-10 CVE-2018-20002 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.
local
low complexity
gnu netapp f5 CWE-772
5.5
2018-12-06 CVE-2018-15332 Race Condition vulnerability in F5 Big-Ip Access Policy Manager
The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition.
local
high complexity
f5 CWE-362
7.0
2018-11-07 CVE-2018-16845 nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file.
local
low complexity
f5 debian canonical opensuse apple
6.1
2018-11-07 CVE-2018-16844 nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage.
network
low complexity
f5 debian canonical apple
7.5
2018-11-07 CVE-2018-16843 nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption.
network
low complexity
f5 debian canonical opensuse apple
7.5
2018-10-31 CVE-2018-15327 Missing Authorization vulnerability in F5 products
In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
network
low complexity
f5 CWE-862
7.2
2018-10-31 CVE-2018-15326 Improper Certificate Validation vulnerability in F5 Big-Ip Access Policy Manager
In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List.
network
high complexity
f5 CWE-295
7.5
2018-10-31 CVE-2018-15325 Resource Exhaustion vulnerability in F5 products
In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage by authenticated users may leak a small amount of memory when executing commands
network
low complexity
f5 CWE-400
4.3
2018-10-31 CVE-2018-15324 Improper Input Validation vulnerability in F5 Big-Ip Access Policy Manager
On BIG-IP APM 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, TMM may restart when processing a specially crafted request with APM portal access.
network
high complexity
f5 CWE-20
5.9
2018-10-31 CVE-2018-15323 Improper Input Validation vulnerability in F5 products
On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, in certain circumstances, when processing traffic through a Virtual Server with an associated MQTT profile, the TMM process may produce a core file and take the configured HA action.
network
high complexity
f5 CWE-20
5.9