Lucene search

K
F5Big-ip Edge Gateway

213 matches found

CVE
CVE
added 2020/04/30 9:15 p.m.39 views

CVE-2020-5882

On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5, and 11.6.1-11.6.5.1, under certain conditions, the Intel QuickAssist Technology (QAT) cryptography driver may produce a Traffic Management Microkernel (TMM) core file.

7.5CVSS7.4AI score0.00647EPSS
CVE
CVE
added 2018/03/22 6:29 p.m.38 views

CVE-2018-5504

In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or ...

9.3CVSS8.4AI score0.03251EPSS
CVE
CVE
added 2018/04/13 1:29 p.m.38 views

CVE-2018-5507

On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU.

7.5CVSS7.5AI score0.00537EPSS
CVE
CVE
added 2018/05/02 1:29 p.m.38 views

CVE-2018-5519

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allo...

5.5CVSS5.2AI score0.00197EPSS
CVE
CVE
added 2018/07/25 2:29 p.m.38 views

CVE-2018-5542

F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server.

8.1CVSS8.1AI score0.00837EPSS
CVE
CVE
added 2019/11/27 10:15 p.m.38 views

CVE-2019-6671

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, under certain conditions tmm may leak memory when processing packet fragments, leading to resource starvation.

7.5CVSS7.4AI score0.00891EPSS
CVE
CVE
added 2015/09/18 2:59 p.m.37 views

CVE-2015-4638

The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.3.0 through 11.5.2 and 11.6.0 through 11.6.0 HF4, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 through 11.3.0, and BIG-IP PSM 11.2.1 through 11.4.1 allows remote attackers to cause a d...

5CVSS6.6AI score0.00725EPSS
CVE
CVE
added 2018/05/02 1:29 p.m.37 views

CVE-2018-5520

On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources.

4.4CVSS4.9AI score0.002EPSS
CVE
CVE
added 2020/08/26 3:15 p.m.37 views

CVE-2020-5915

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored XSS when BIG-IP systems are setup in a device trust.

6.1CVSS5.9AI score0.00398EPSS
CVE
CVE
added 2018/07/25 2:29 p.m.36 views

CVE-2018-5537

A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end.

5.3CVSS5.2AI score0.0069EPSS
CVE
CVE
added 2019/12/23 5:15 p.m.36 views

CVE-2019-6678

On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, the TMM process may restart when the packet filter feature is enabled.

5.3CVSS5.3AI score0.00868EPSS
CVE
CVE
added 2020/11/05 8:15 p.m.36 views

CVE-2020-5940

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility.

5.4CVSS5.2AI score0.0028EPSS
CVE
CVE
added 2018/05/02 1:29 p.m.34 views

CVE-2018-5514

On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue.

7.5CVSS7.4AI score0.03171EPSS
Total number of security vulnerabilities213