From DHS/US-CERT’s National Vulnerability Database CVE-2019-6592
On BIG-IP 14.1.0-188.8.131.52, TMM may restart and produce a core file when validating SSL certificates in client SSL or server SSL profiles.
On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle (MITM) attack, despite the a…
On BIG-IP 11.5.1-184.108.40.206, 220.127.116.11-18.104.22.168, 13.0.0 HF1-22.214.171.124, and 14.0.0-126.96.36.199, Multi-Path TCP (MPTCP) does not protect against multiple zero length DATA_FINs in the reassembly queue, which can lead to an infinite loop in some circumstances.
Cross-site scripting (XSS) vulnerability in F5 BIG-IP Access Policy Manager (APM) 11.5.x and 11.6.x Admin Web UI.
SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option parameter.