Lucene search
K

18 matches found

NVD
NVD
added 2026/05/13 4:16 p.m.20 views

CVE-2026-28758

When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to...

6.7CVSS0.00083EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.10 views

PT-2026-40633

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 Description When BIG-IP DNS is provisioned, the 'gtm add' and 'bigip add' iControl REST commands return the ssh-password parameter in cleartext within the iControl REST...

6.7CVSS5.8AI score0.00083EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/10/25 12:0 a.m.5 views

The vulnerability of the BIG-IP Access Policy Manager, as well as software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe, is related to incorrect session duration settings. This allows attackers to gain unauthorized access to protected information.

The vulnerabilities of the BIG-IP Access Policy Manager, as well as of software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibili...

8.1CVSS7.5AI score0.00457EPSS
Exploits0References4Affected Software18
BDU FSTEC
BDU FSTEC
added 2023/10/25 12:0 a.m.4 views

The vulnerabilities of the BIG-IP Access Policy Manager, as well as the associated software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe, are related to memory leak-related errors, allowing attackers to trigger service interruptions.

The vulnerabilities of the BIG-IP Access Policy Manager, as well as of software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibili...

7.8CVSS7.3AI score0.00538EPSS
Exploits0References3Affected Software20
BDU FSTEC
BDU FSTEC
added 2023/10/25 12:0 a.m.4 views

The vulnerabilities of the BIG-IP Access Policy Manager, as well as of software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe, when running on the BIG-IP TMOS Shel operating system, allow attackers to expose the protected information.

The vulnerabilities of the BIG-IP Access Policy Manager, as well as of software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibili...

4.4CVSS5.5AI score0.00175EPSS
Exploits0References3Affected Software19
ATTACKERKB
ATTACKERKB
added 2022/01/25 8:15 p.m.6 views

CVE-2022-23013

On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute...

8.8CVSS5.8AI score0.00797EPSS
Exploits0References2
OSV
OSV
added 2021/02/12 6:15 p.m.3 views

CVE-2021-22982

On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not securely handle and parse certain payloads resulting in a buffer overflow. Note: Software versions which have reached End of Software Development EoSD are not evaluated...

7.2CVSS7.5AI score0.00991EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/02/11 12:0 a.m.4 views

AskF5 BIG-IP Buffer Error Vulnerability

AskF5 BIG-IP is an application from AskF5 USA. Provides Wide Area Traffic Manager GTM provides a smarter way to respond to DNS queries. A buffer error vulnerability exists in BIG-IP DNS and GTM that originates when a network system or product performs an operation in memory without properly...

7.2CVSS7.5AI score0.00991EPSS
Exploits0References4
CNNVD
CNNVD
added 2020/12/17 12:0 a.m.3 views

F5 BIG-IP DNS/GTM Security Vulnerabilities

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 Corporation. A security vulnerability exists in F5 BIG-IP DNS/GTM, which can be exploited by an attacker to trigger a denial of...

7.5CVSS7.1AI score0.01002EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/03/25 12:0 a.m.28 views

F5 Networks BIG-IP : BIG-IP SNMPD vulnerability (K12139752)

Under certain conditions, the snmpd process may leak memory on a multi-blade BIG-IP Virtual Clustered Multiprocessing vCMP guest when processing authorized SNMP requests. CVE-2019-6608 Impact Over time, the snmpd process consumes excessive memory, forcing the BIG-IP system to slow down and...

7.1CVSS5.9AI score0.01035EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/11/02 12:0 a.m.36 views

F5 Networks BIG-IP : SSL forward proxy vulnerability (K64552448)

Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. CVE-2018-5534 Impact This vulnerability may allow a remote attacker to cause the Traffic Management Microkernel TMM to produc...

7.5CVSS7.4AI score0.01782EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/10/24 12:0 a.m.133 views

F5 Networks BIG-IP : Linux kernel vulnerability (K81211720)

The tcpspliceread function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service infinite loop and soft lockup via vectors involving a TCP packet with the URG flag. CVE-2017-6214 C Tenable Network Security, Inc. The descriptive text and package...

7.5CVSS7AI score0.04666EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/12/21 12:0 a.m.39 views

F5 Networks BIG-IP : libxml2 vulnerability (K14338030)

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document. CVE-2016-1762 File data f5bigipSOL14338030.nasl...

8.1CVSS8.2AI score0.06466EPSS
Exploits1References2
CNVD
CNVD
added 2016/06/13 12:0 a.m.3 views

Multiple F5 BIG-IP product lifting vulnerabilities

F5 BIG-IP LTM, etc. are all products of F5 Corporation in the U.S. LTM is a local traffic manager; GTM is a wide-area traffic manager; and WebAccelerator is an application gas pedal. A power-lifting vulnerability exists in several F5 BIG-IP products, which can be exploited by attackers to modify...

9CVSS6.6AI score0.03428EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/04/14 12:0 a.m.4 views

The vulnerability of the BIG-IP Access Policy Manager, as well as the BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IQ ADC, BIG-IQ Cloud, and BIG-IQ Device – these tools’ access control and remote authentication mechanisms can be exploited by attackers, leading to service interruptions.

The vulnerability of the virtual server component of the access control and remote authentication solution, BIG-IP Access Policy Manager, as well as software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security...

7.8CVSS5.5AI score0.01908EPSS
Exploits0References3Affected Software12
Tenable Nessus
Tenable Nessus
added 2014/11/28 12:0 a.m.46 views

F5 Networks BIG-IP : GNU C Library vulnerability (SOL15885)

The GNU C Library aka glibc or libc6 before 2.12.2 and Embedded GLIBC EGLIBC allow context-dependent attackers to execute arbitrary code or cause a denial of service memory consumption via a long UTF8 string that is used in an fnmatch call, aka a 'stack extension attack,' a related issue to...

10CVSS5.7AI score0.14323EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2014/10/10 12:0 a.m.25 views

F5 Networks BIG-IP : XSS vulnerability viewing logs from the Console section of the web management interface (SOL8599)

The remote BIG-IP device is missing a patch required by a security advisory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution SOL8599. The text description of this plugin is C F5 Networks...

6.8CVSS5.4AI score0.02423EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2014/10/10 12:0 a.m.55 views

F5 Networks BIG-IP : GnuTLS vulnerability (SOL15637)

The gnutlsciphertext2compressed function in lib/gnutlscipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service buffer over-read and crash via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. C Tenable Network Security, Inc. The...

5CVSS6.3AI score0.35584EPSS
Exploits1References3
Rows per page
Query Builder