Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
f5

BIG-IP LTM

20 Versions 13 CVEs

Versions

11.6.0-11.6.3.4

OTHER 1 CVE

12.1.0-12.1.4

OTHER 10 CVEs

14.0.0-14.0.0.4

OTHER 1 CVE

11.6.1-11.6.3.4

OTHER 7 CVEs

11.5.2-11.5.8

OTHER 7 CVEs

13.0.0-13.1.1.4

OTHER 9 CVEs

11.5.2-11.6.5.1

OTHER 1 CVE

11.5.1-11.5.8

OTHER 1 CVE

13.0.0-13.1.1.1

OTHER 1 CVE

14.0.0-14.1.0.1

OTHER 8 CVEs

12.1.0-12.1.5

OTHER 1 CVE

13.1.0-13.1.3.1

OTHER 1 CVE

12.1.x

OTHER 1 CVE

17.0.0

SEMANTIC 1 CVE

17.0.x

OTHER 1 CVE

14.1.x

OTHER 2 CVEs

11.6.x

OTHER 1 CVE

13.1.x

OTHER 2 CVEs

15.1.x

OTHER 2 CVEs

16.1.x

OTHER 2 CVEs

Recent CVEs

CVE-2022-41787

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with DNSSEC can cause TMM to terminate.

HIGH Oct 19, 2022

CVE-2022-29491

On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side (client/server), and DTLS on the other (server/client), undisclosed requests can cause the TMM process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

HIGH May 05, 2022

CVE-2019-6657

On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility.

UNKNOWN Nov 01, 2019

CVE-2019-6619

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel (TMM) may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation (ALPN) enabled and it processes traffic where the ALPN extension size is zero.

UNKNOWN May 03, 2019

CVE-2019-6617

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. This is contrary to our definition for the Resource Administrator (RA) role restrictions.

UNKNOWN May 03, 2019

CVE-2019-6614

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite arbitrary system files.

UNKNOWN May 03, 2019

CVE-2019-6615

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems.

UNKNOWN May 03, 2019

CVE-2019-6612

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, DNS query TCP connections that are aborted before receiving a response from a DNS cache may cause TMM to restart.

UNKNOWN May 03, 2019