f5 iworkflow · threatengine.sh

CVE-2020-5854

all versions

On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes un

5.9MEDIUM

CVE-2014-5209

>= 2.0.0 and <= 2.3.0

An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, whi

5.3MEDIUM

CVE-2019-19151

all versions

On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0

5.5MEDIUM

CVE-2019-6665

all versions

On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and

9.4CRITICAL

CVE-2019-6663

all versions

The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2

5.5MEDIUM

CVE-2019-6471

all versions

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure i

5.9MEDIUM

CVE-2018-5743

all versions

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed conn

7.5HIGH

CVE-2018-14880

all versions

The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().

7.5HIGH

CVE-2018-14468

all versions

The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().

7.5HIGH

CVE-2019-6651

all versions

In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2

5.3MEDIUM

CVE-2019-10744

all versions

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into addin

9.1CRITICAL

CVE-2019-6642

all versions

In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkf

8.8HIGH

CVE-2019-11479

all versions

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP

7.5HIGH

CVE-2018-15328

>= 2.2.0 and <= 2.3.0

On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for

7.5HIGH

CVE-2018-15322

>= 2.0.1 and <= 2.3.0

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.

6.5MEDIUM

CVE-2018-15321

>= 2.1.0 and <= 2.3.0

When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.

4.9MEDIUM

CVE-2018-14634

>= 2.2.0 and <= 2.3.0

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to S

7.8HIGH

CVE-2018-5540

>= 2.1.0 and <= 2.3.0

On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Manag

4.4MEDIUM

CVE-2018-5516

>= 2.0.2 and <= 2.3.0

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4

4.7MEDIUM

CVE-2017-6128

all versions

An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG

7.5HIGH

CVE-2016-5022

all versions

F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.

9.8CRITICAL