CVE-2019-6665 — CVSS 9.4 (critical): On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and…
CVE-2014-2927 — CVSS 9.3 (critical): The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before…
CVE-2011-3188 — CVSS 9.1 (critical): The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and…
CVE-2019-6642 — CVSS 8.8 (high): In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow…
CVE-2019-6646 — CVSS 8.8 (high): On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run…
CVE-2015-4047 — CVSS 7.8 (high): racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash)…
CVE-2012-1493 — CVSS 7.8 (high): F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise…
CVE-2018-14880 — CVSS 7.5 (high): The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
CVE-2017-6128 — CVSS 7.5 (high): An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and…
CVE-2018-15328 — CVSS 7.5 (high): On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3…
CVE-2018-5743 — CVSS 7.5 (high): By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections…
CVE-2019-11479 — CVSS 7.5 (high): Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend…
CVE-2018-15329 — CVSS 7.2 (high): On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run…
CVE-2019-6597 — CVSS 7.2 (high): In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated…
CVE-2018-5523 — CVSS 7.2 (high): On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when…
CVE-2018-15327 — CVSS 7.2 (high): In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the…
CVE-2018-12207 — CVSS 6.5 (medium): Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an…
CVE-2018-15322 — CVSS 6.5 (medium): On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1…
CVE-2020-5854 — CVSS 5.9 (medium): On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under…
CVE-2019-6471 — CVSS 5.9 (medium): A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in…
CVE-2019-6663 — CVSS 5.5 (medium): The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0…
CVE-2014-6032 — CVSS 5.5 (medium): Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0…
CVE-2019-19151 — CVSS 5.5 (medium): On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0…
CVE-2016-7469 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics…
CVE-2014-5209 — CVSS 5.3 (medium): An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could…
CVE-2018-15321 — CVSS 4.9 (medium): When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0…
CVE-2018-5540 — CVSS 4.4 (medium): On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management…
CVE-2014-4023 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link…
CVE-2019-6598 — CVSS 4.3 (medium): In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed…
CVE-2014-3959 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link…
CVE-2015-4040 — CVSS 4.0 (medium): Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows…
CVE-2014-4027 — CVSS 2.3 (low): The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a…