Vulnerabilities > F5 > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-02-05 CVE-2019-6590 Unspecified vulnerability in F5 Big-Ip Local Traffic Manager
On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic.
network
high complexity
f5
5.9
2019-02-05 CVE-2019-6591 Cross-site Scripting vulnerability in F5 Big-Ip Access Policy Manager
On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system.
network
low complexity
f5 CWE-79
5.4
2018-12-28 CVE-2018-15335 Unspecified vulnerability in F5 Big-Ip Access Policy Manager
When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server.
network
high complexity
f5
5.9
2018-12-28 CVE-2018-15334 Cross-Site Request Forgery (CSRF) vulnerability in F5 Big-Ip Access Policy Manager
A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication.
network
low complexity
f5 CWE-352
4.3
2018-12-28 CVE-2018-15333 Unrestricted Upload of File with Dangerous Type vulnerability in F5 products
On versions 11.2.1.
local
low complexity
f5 CWE-434
5.5
2018-12-10 CVE-2018-20002 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.
local
low complexity
gnu netapp f5 CWE-772
5.5
2018-11-07 CVE-2018-16845 nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file.
local
low complexity
f5 debian canonical opensuse apple
6.1
2018-10-31 CVE-2018-15325 Resource Exhaustion vulnerability in F5 products
In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage by authenticated users may leak a small amount of memory when executing commands
network
low complexity
f5 CWE-400
4.3
2018-10-31 CVE-2018-15324 Improper Input Validation vulnerability in F5 Big-Ip Access Policy Manager
On BIG-IP APM 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, TMM may restart when processing a specially crafted request with APM portal access.
network
high complexity
f5 CWE-20
5.9
2018-10-31 CVE-2018-15323 Improper Input Validation vulnerability in F5 products
On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, in certain circumstances, when processing traffic through a Virtual Server with an associated MQTT profile, the TMM process may produce a core file and take the configured HA action.
network
high complexity
f5 CWE-20
5.9