High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-24	CVE-2019-9075	Out-of-bounds Write vulnerability in multiple products An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. local low complexity gnu netapp canonical f5 CWE-787	7.8
2019-02-24	CVE-2019-9070	Out-of-bounds Read vulnerability in multiple products An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. local low complexity gnu netapp canonical f5 CWE-125	7.8
2019-02-15	CVE-2019-6974	Use After Free vulnerability in multiple products In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. network high complexity linux debian canonical f5 redhat CWE-416	8.1
2019-02-06	CVE-2018-16890	Integer Overflow or Wraparound vulnerability in multiple products libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. network low complexity haxx canonical debian netapp siemens oracle redhat f5 CWE-190	7.5
2019-01-07	CVE-2018-1320	Improper Certificate Validation vulnerability in multiple products Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. network low complexity apache debian f5 oracle CWE-295	7.5
2019-01-02	CVE-2018-20657	Missing Release of Resource after Effective Lifetime vulnerability in multiple products The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. network low complexity gnu f5 CWE-772	7.5
2018-12-28	CVE-2018-17539	The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) elements. network low complexity f5 ipinfusion	7.5
2018-12-20	CVE-2018-15331	Improper Privilege Management vulnerability in F5 Big-Ip Application Acceleration Manager On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts, which could be used to leverage attacks against the BIG-IP system. local low complexity f5 CWE-269	7.8
2018-12-20	CVE-2018-15330	Improper Input Validation vulnerability in F5 products On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, when a virtual server using the inflate functionality to process a gzip bomb as a payload, the BIG-IP system will experience a fatal error and may cause the Traffic Management Microkernel (TMM) to produce a core file. network low complexity f5 CWE-20	7.5
2018-12-20	CVE-2018-15329	Missing Authorization vulnerability in F5 products On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. network low complexity f5 CWE-862	7.2