U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:f5:big-ip_domain_name_system:14.1.2.4:*:*:*:*:*:*:*
There are 128 matching records.
Displaying matches 121 through 128.
Vuln ID Summary CVSS Severity
CVE-2020-5912

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process's dump command does not follow current best coding practices and may overwrite arbitrary files.

Published: August 26, 2020; 11:15:12 AM -0400 		V3.1: 7.1 HIGH
 V2.0: 3.6 LOW
CVE-2020-5904

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page.

Published: July 01, 2020; 11:15:15 AM -0400 		V3.1: 8.8 HIGH
 V2.0: 6.8 MEDIUM
CVE-2020-5902

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.

Published: July 01, 2020; 11:15:15 AM -0400 		V3.1: 9.8 CRITICAL
 V2.0: 10.0 HIGH
CVE-2020-5884

On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability (HA) pair mirroring is insecure. This is a control plane issue that is exposed only on the network used for mirroring.

Published: April 30, 2020; 5:15:17 PM -0400 		V3.1: 9.1 CRITICAL
 V2.0: 6.4 MEDIUM
CVE-2019-10744

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

Published: July 25, 2019; 8:15:11 PM -0400 		V3.1: 9.1 CRITICAL
 V2.0: 6.4 MEDIUM
CVE-2019-12295

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.

Published: May 23, 2019; 8:29:00 AM -0400 		V3.1: 7.5 HIGH
 V2.0: 5.0 MEDIUM
CVE-2019-8331

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

Published: February 20, 2019; 11:29:00 AM -0500 		V3.1: 6.1 MEDIUM
 V2.0: 4.3 MEDIUM
CVE-2018-13405

The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.

Published: July 06, 2018; 10:29:01 AM -0400 		V3.1: 7.8 HIGH
 V2.0: 4.6 MEDIUM