Lucene search
K
F5Big-ip Global Traffic Manager

489 matches found

CVE
CVE
added 2023/10/10 12:0 a.m.5308 views

CVE-2023-44487

CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...

7.5CVSS8AI score0.99999EPSS
In wild
CVE
CVE
added 2022/05/05 4:18 p.m.3902 views

CVE-2022-1388

CVE-2022-1388 affects F5 BIG-IP iControl REST authentication. Affected: BIG-IP 16.1.x before 16.1.2.2; 15.1.x before 15.1.5.1; 14.1.x before 14.1.4.6; 13.1.x before 13.1.5; and all 12.1.x and 11.6.x. Root cause per CNVD/CISA: authentication bypass via iControl REST, enabling unauthenticated acces...

9.8CVSS9.7AI score0.99956EPSS
In wildWeb
CVE
CVE
added 2014/09/24 6:0 p.m.2915 views

CVE-2014-6271

CVE-2014-6271 (Shellshock) affects GNU Bash up to 4.3, enabling remote code execution by processing trailing strings after function definitions in environment variables. Exploitation vectors include OpenSSH ForceCommand, mod_cgi/mod_cgid in Apache, DHCP client scripts, and other environment-passi...

10CVSS9.9AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2023/08/02 3:55 p.m.2530 views

CVE-2023-38419

CVE-2023-38419 affects F5 BIG-IP and BIG-IQ iControl SOAP. An authenticated attacker with guest or higher privileges can cause the iControl SOAP daemon to terminate/cease responding by sending undisclosed requests (DoS). Affected branches and fixes include: BIG-IP 17.x vulnerable (versions 17.0.0...

4.3CVSS4.8AI score0.00453EPSS
CVE
CVE
added 2020/07/01 12:0 a.m.2019 views

CVE-2020-5902

CVE-2020-5902 is an unauthenticated RCE in F5 BIG-IP TMUI (Traffic Management User Interface). The root cause is a path traversal/authentication bypass flaw in TMUI that allows remote attackers to trigger arbitrary code execution on vulnerable BIG-IP devices. Affected versions include multiple 11...

10CVSS9.9AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2019/02/20 4:0 p.m.1556 views

CVE-2019-8331

CVE-2019-8331 affects Bootstrap: XSS in tooltip/popover data-template attribute observed in Bootstrap 3.4.1 and 4.3.x before 4.3.1. The underlying issue is an input that can inject script into a client browser when the vulnerable template is rendered. Affected versions include Bootstrap 3.x prior...

6.1CVSS5.8AI score0.1686EPSS
CVE
CVE
added 2014/09/25 1:0 a.m.1333 views

CVE-2014-7169

CVE-2014-7169 affects GNU Bash up to 4.3, where parsing of function definitions in environment variables can be exploited to run commands or impact other attributes across privilege boundaries (notably via ForceCommand in OpenSSH sshd and via mod_cgi/mod_cgid in Apache, as well as DHCP client scr...

10CVSS8.4AI score0.9994EPSS
In wild
CVE
CVE
added 2021/03/31 2:4 p.m.1290 views

CVE-2021-22986

CVE-2021-22986 affects F5 BIG-IP iControl REST, allowing unauthenticated remote command execution. Affected software ranges include BIG-IP 16.0.0–16.0.1 (before 16.0.1.1), 15.1.x (before 15.1.2.1), 14.1.x (before 14.1.4), 13.1.x (before 13.1.3.6), 12.1.x (before 12.1.5.3), and BIG-IQ 7.1.0.x (bef...

10CVSS9.7AI score0.99898EPSS
In wildWeb
CVE
CVE
added 2021/03/31 5:23 p.m.1074 views

CVE-2021-22991

CVE-2021-22991 affects BIG-IP Traffic Management Microkernel (TMM) URI normalization, where undisclosed requests to a virtual server may trigger a buffer overflow in TMM. This can cause a DoS and, in some scenarios, bypass URL-based access controls or enable remote code execution. The issue impac...

9.8CVSS9.7AI score0.61064EPSS
In wildWeb
CVE
CVE
added 2012/05/24 11:0 p.m.973 views

CVE-2011-3188

CVE-2011-3188 affects the Linux kernel prior to 3.1, where IPv4 and IPv6 sequence numbers/Fragment IDs are generated with a modified MD4. This predictable value generation enables remote attackers to cause DoS or hijack sessions by crafting packets. The vulnerability is mitigated by upgrading the...

9.1CVSS8.7AI score0.05798EPSS
CVE
CVE
added 2019/07/25 11:43 p.m.959 views

CVE-2019-10744

CVE-2019-10744 affects lodash versions lower than 4.17.12 and enables Prototype Pollution via defaultsDeep, by injecting a constructor payload to modify Object.prototype. IBM X-Force lists a base3.1 score of 9.1 (CRITICAL) and confirms the prototype pollution impact. Remediation: upgrade lodash t...

9.1CVSS8.9AI score0.05006EPSS
CVE
CVE
added 2019/02/27 11:0 p.m.926 views

CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...

5.9CVSS6.3AI score0.17139EPSS
CVE
CVE
added 2019/06/18 11:34 p.m.795 views

CVE-2019-11477

CVE-2019-11477 (SACK Panic) is a Linux kernel TCP vulnerability where crafted SACK blocks can trigger an integer overflow, potentially causing a kernel crash and DoS. CVE-2019-11478/11479 describe related DoS via SACK handling and low MSS. In practice, Arista discloses affected products (EOS, Clo...

7.8CVSS7.5AI score0.98745EPSS
CVE
CVE
added 2018/09/06 9:0 p.m.724 views

CVE-2018-5391

CVE-2018-5391 affects the Linux kernel (3.9+) via FragmentSmack: IP fragment reassembly can be exploited to exhaust CPU and cause DoS. Citrix/Arista/CentOS advisories describe affected products and kernel updates; CentOS/RH advisories list patched versions and note the vulnerability stems from fr...

7.8CVSS7.7AI score0.24575EPSS
In wild
CVE
CVE
added 2018/07/06 2:0 p.m.659 views

CVE-2018-13405

CVE-2018-13405 involves the Linux kernel inode_init_owner() logic where, in a scenario with an SGID directory and a writably user who is not in that group, a local user could create a plain file with the SGID group ownership and executable bits, effectively escalating privileges. Connected docume...

7.8CVSS6.5AI score0.0101EPSS
Web
CVE
CVE
added 2019/06/18 11:34 p.m.654 views

CVE-2019-11479

The CVE-2019-11479 family (SACK/MSS issues on the Linux kernel) stems from a hard-coded MSS of 48 bytes, enabling remote DoS via fragmented TCP handling. Public docs list CVE-2019-11477 (SACK Panic), CVE-2019-11478 (SACK Slowness/Excess Resource Usage), and CVE-2019-11479 (Low MSS) with kernel-wi...

7.5CVSS7.3AI score0.9166EPSS
CVE
CVE
added 2019/06/18 11:34 p.m.627 views

CVE-2019-11478

CVE-2019-11478 describes a DoS in the Linux kernel TCP SACK handling where the TCP retransmission queue can fragment, leading to degraded performance or denial of service when processing crafted SACK sequences. The initial entry notes a fixed commit f070ef2ac66716357066b683fb0baf55f8191a2e and st...

7.5CVSS6.4AI score0.94686EPSS
CVE
CVE
added 2014/05/07 10:0 a.m.609 views

CVE-2014-0196

CVE-2014-0196 affects the Linux kernel (through 3.14.3) specifically the n_tty_write function in drivers/tty/n_tty.c. The flaw permits a local user to trigger a race condition between read and write operations with long strings in the LECHO & !OPOST case, enabling denial of service (memory corrup...

6.9CVSS6.3AI score0.22475EPSS
In wild
CVE
CVE
added 2023/10/26 8:4 p.m.585 views

CVE-2023-46747

CVE-2023-46747 is an unauthenticated remote code execution flaw in F5 BIG-IP TMUI (management port/self IP). Public linked PoCs/exploits demonstrate unauthenticated RCE by targeting TMUI to create or leverage a user/token flow and execute commands on vulnerable devices; CVSS v3.1 = 9.8 (CRITICAL)...

9.8CVSS9.9AI score0.96515EPSS
In wildWeb
CVE
CVE
added 2019/11/14 7:8 p.m.569 views

CVE-2018-12207

CVE-2018-12207 describes an issue where improper invalidation of page-table updates by a privileged guest can cause a Denial of Service on the host on Intel processors. The vulnerability stems from how the guest VM handles translations in the MMU/TLB when paging structures change, potentially exp...

6.5CVSS7AI score0.00915EPSS
CVE
CVE
added 2019/02/15 3:0 p.m.565 views

CVE-2019-6974

CVE-2019-6974 affects the Linux kernel KVM subsystem: a race in kvm_ioctl_create_device() mishandles reference counting, enabling a local user with access to /dev/kvm to cause a use-after-free, potentially crashing the guest or escalating privileges. The issue is fixed in kernel 4.20.8 and relate...

8.1CVSS7.7AI score0.16523EPSS
CVE
CVE
added 2022/05/05 4:45 p.m.553 views

CVE-2022-29474

Summary of CVE-2022-29474 (F5 BIG-IP iControl SOAP directory traversal) Vulnerability: A directory traversal in iControl SOAP allows an authenticated user with at least guest privileges to read wsdl files from the BIG-IP filesystem. Affected products/versions (as cited by multiple sources): BIG-I...

4.3CVSS4.7AI score0.01469EPSS
CVE
CVE
added 2019/10/09 2:17 p.m.524 views

CVE-2018-5743

CVE-2018-5743 affects BIND in multiple releases (notably 9.9.0–9.14.0, including some 9.11/9.13 branches). The flaw allows the named process to exceed its configured limit on simultaneous TCP connections, risking exhaustion of file descriptors and potentially affecting associated log/zone file ma...

7.5CVSS7.7AI score0.06404EPSS
CVE
CVE
added 2022/10/19 9:24 p.m.524 views

CVE-2022-41832

CVE-2022-41832 (BIG-IP SIP profile vulnerability) affects BIG-IP products with a SIP profile on a virtual server, where undisclosed SIP messages can drive memory resource usage up, potentially causing DoS. Affected versions and fixed releases per F5 advisory K10347453: vulnerable on BIG-IP 17.0.x...

7.5CVSS7.6AI score0.00616EPSS
CVE
CVE
added 2018/08/06 8:0 p.m.497 views

CVE-2018-5390

CVE-2018-5390 (SegmentSmack) affects Linux kernels 4.9+ where specially crafted TCP packets can trigger expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue(), potentially exhausting CPU and causing DoS. The Citrix advisory corroborates that TCP reassembly issues can lead to CPU sa...

7.8CVSS7.5AI score0.7354EPSS
CVE
CVE
added 2018/09/25 9:0 p.m.465 views

CVE-2018-14634

CVE-2018-14634 is a Linux kernel integer overflow vulnerability in create_elf_tables(). An unprivileged local user with access to a SUID (or otherwise privileged) binary could escalate privileges. Documented vulnerable kernel families include 2.6.x, 3.10.x, and 4.14.x. Mitigations/recognitions ex...

7.8CVSS7.3AI score0.14806EPSS
In wild
CVE
CVE
added 2012/10/17 12:0 a.m.420 views

CVE-2012-3163

CVE-2012-3163 affects the MySQL Server component in Oracle MySQL 5.1.64 and earlier and 5.5.26 and earlier. It is described as an unspecified vulnerability that remote authenticated users can exploit via unknown vectors related to Information Schema, impacting confidentiality, integrity, and avai...

9CVSS4.2AI score0.05096EPSS
CVE
CVE
added 2021/11/11 12:0 a.m.405 views

CVE-2002-20001

CVE-2002-20001 describes a Diffie-Hellman key exchange weakness where a remote attacker (from the client side) can send non-public values to induce expensive server-side DHE modular-exponentiation, potentially impacting availability. The description specifies that the attack is most disruptive wh...

7.5CVSS7.3AI score0.23061EPSS
CVE
CVE
added 2019/10/09 2:17 p.m.400 views

CVE-2019-6471

CVE-2019-6471 is a race-condition vulnerability in ISC BIND where discarding malformed packets can trigger a REQUIRE assertion failure in dispatch.c, causing named to exit and produce a DoS. Affected versions include BIND 9.11.0–9.11.7, 9.12.0–9.12.4-P1, 9.14.0–9.14.2, all 9.13 development releas...

5.9CVSS5.8AI score0.03271EPSS
CVE
CVE
added 2022/08/04 5:47 p.m.386 views

CVE-2022-34851

CVE-2022-34851 affects BIG-IP and BIG-IQ iControl SOAP. An authenticated attacker may render iControl SOAP unavailable via undisclosed requests. Affected versions include BIG-IP 13.1.x, 14.1.x < 14.1.5.1, 15.1.x < 15.1.6.1, 16.1.x < 16.1.3.1, 17.0.x

6.5CVSS5.5AI score0.00658EPSS
CVE
CVE
added 2023/10/26 8:5 p.m.366 views

CVE-2023-46748

CVE-2023-46748 is an authenticated SQL injection vulnerability in F5 BIG-IP’s Configuration utility. An attacker with network access via the BIG-IP management port and/or self IPs can execute arbitrary system commands through the vulnerable Configuration utility. Affected BIG-IP versions include ...

8.8CVSS9.2AI score0.04468EPSS
In wild
CVE
CVE
added 2022/12/07 3:8 a.m.359 views

CVE-2022-41622

CVE-2022-41622 is a cross-site request forgery (CSRF) vulnerability in iControl SOAP affecting BIG-IP and BIG-IQ. An authenticated user with resource administrator privileges can trick the user into performing actions on the control plane. Affected versions include BIG-IP (17.x up to 17.0.0.2; 16...

8.8CVSS8.7AI score0.87987EPSS
In wildWeb
CVE
CVE
added 2019/09/20 7:52 p.m.347 views

CVE-2019-6649

CVE-2019-6649 affects F5 BIG-IP (and Enterprise Manager) configurations using non-default ConfigSync settings. Affected versions include BIG-IP 12.1.x, 11.5.x–11.6.x, 13.0.x–13.1.x, 14.0.x, 14.1.x, 15.0.0 and Enterprise Manager 3.1.1. The issue allows exposure of sensitive information and the abi...

9.1CVSS9AI score0.01295EPSS
CVE
CVE
added 2014/03/11 1:0 a.m.339 views

CVE-2014-0101

The CVE-2014-0101 issue affects the Linux kernel up to version 3.13.6, where the function sctp_sf_do_5_1D_ce in net/sctp/sm_statefuns.c does not validate certain auth_enable/auth_capable fields before sctp_sf_authenticate. This can enable a remote attacker to cause a denial of service by sending ...

7.8CVSS5.9AI score0.07045EPSS
CVE
CVE
added 2022/12/07 3:12 a.m.318 views

CVE-2022-41800

CVE-2022-41800: BIG-IP Appliance mode iControl REST vulnerability means that, in Appliance mode, an authenticated administrator can bypass restrictions via an undisclosed iControl REST endpoint, potentially crossing a security boundary and, in some exploit samples, enabling root-level access. Pub...

8.7CVSS8.4AI score0.62406EPSS
In wildWeb
CVE
CVE
added 2022/10/19 9:21 p.m.297 views

CVE-2022-41770

CVE-2022-41770 affects BIG-IP and BIG-IQ iControl REST. An authenticated iControl REST user can cause memory resource usage to spike via undisclosed requests, potentially enabling DoS. Affected: BIG-IP (all modules) 13.1.x; 14.1.x before 14.1.5.1; 15.1.x before 15.1.7; 16.1.x before 16.1.3.1; 17....

6.5CVSS6.7AI score0.00595EPSS
CVE
CVE
added 2019/10/03 3:27 p.m.296 views

CVE-2018-14468

tcpdump before 4.9.3 contains a buffer over-read in the FRF.16 parser (print-fr.c:mfr_print()). Upgrading to tcpdump 4.9.3 (or later) is the remediation mentioned in the accompanying advisories for affected platforms.

7.5CVSS8.6AI score0.03985EPSS
CVE
CVE
added 2019/10/03 3:35 p.m.281 views

CVE-2018-14880

tcpdump has a confirmed vulnerability CVE-2018-14880 in the OSPFv3 parser: a buffer over-read in ospf6_print_lshdr() inside print-ospf6.c, affecting tcpdump before version 4.9.3. Connected advisories (e.g., AlmaLinux ALSA-2020:4760, Debian DSA-4547-1, DLA-1955-1) reference this CVE and span multi...

7.5CVSS8.6AI score0.05342EPSS
CVE
CVE
added 2019/07/03 6:23 p.m.248 views

CVE-2019-6638

CVE-2019-6638 affects F5 BIG-IP iControl REST (restjavad) where malformed HTTP requests to an undisclosed iControl REST endpoint can cause an infinite loop, yielding a DoS for iControl REST operations. Affected versions are BIG-IP 14.0.0–14.0.0.4 and 14.1.0–14.1.0.5. Mitigation/remediation per ve...

6.5CVSS6.4AI score0.01989EPSS
CVE
CVE
added 2019/02/24 12:0 a.m.246 views

CVE-2019-9075

CVE-2019-9075 affects GNU Binutils 2.32 (libbfd) with a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap (archive64.c). Multiple connected sources (Astra Linux, CNVD, Debian tracker, F5 advisory, Cloud Linux updates) confirm the vulnerability in the BFD library and describe potential...

7.8CVSS7.7AI score0.01697EPSS
CVE
CVE
added 2019/07/02 9:3 p.m.207 views

CVE-2019-6623

CVE-2019-6623 affects F5 BIG-IP TMM when an iSession virtual server receives undisclosed traffic, causing TMM to restart and generate DoS across multiple BIG-IP train versions (12.1.x, 13.0–13.1.1.x, 14.0–14.1.x). Affected ranges: 12.1.0–12.1.4, 13.0.0–13.1.1.4, 14.0.0–14.0.4, 14.1.0–14.1.0.5. Re...

7.5CVSS7.4AI score0.02531EPSS
CVE
CVE
added 2019/07/02 8:19 p.m.205 views

CVE-2019-6621

CVE-2019-6621 affects BIG-IP and BIG-IQ: an undisclosed iControl REST worker is vulnerable to command injection by an admin/resource admin user, impacting both iControl REST and tmsh. Proof-of-concept or exploitation details are not provided; remediation per the linked advisory is to upgrade to v...

7.2CVSS7.2AI score0.01965EPSS
CVE
CVE
added 2019/05/23 11:56 a.m.200 views

CVE-2019-12295

CVE-2019-12295 affects the Wireshark dissection engine across multiple branches (Wireshark 3.0.x up to 3.0.1, 2.6.x up to 2.6.8, and 2.4.x up to 2.4.14). The vulnerability causes the dissector to crash due to excessive recursion when processing layered protocol structures. Root cause: unbounded r...

7.5CVSS7.2AI score0.03765EPSS
CVE
CVE
added 2019/07/03 6:6 p.m.195 views

CVE-2019-6632

CVE-2019-6632 affects BIG-IP vCMP: the vCMP configuration unit key is generated with insufficient randomness, enabling decryption of encrypted configuration/UCS files when an attacker has direct access to those files. Affected: BIG-IP versions 12.1.0–12.1.4, 13.0.0–13.1.1.4, 14.0.0–14.0.0.4/14.0....

5.5CVSS5.4AI score0.00371EPSS
CVE
CVE
added 2019/07/02 8:14 p.m.193 views

CVE-2019-6620

CVE-2019-6620 concerns an undisclosed iControl REST worker causing command injection on BIG-IP and BIG-IQ. Affected ranges include BIG-IP: 14.1.0–14.1.0.5, 14.0.0–14.0.0.5, 13.0.0–13.1.1.4, 12.1.0–12.1.4.1, 11.5.1–11.6.4; BIG-IQ: 6.0.0–6.1.0 and 5.1.0–5.4.0. The vulnerability allows execution of ...

7.2CVSS7.2AI score0.01844EPSS
CVE
CVE
added 2019/07/02 8:55 p.m.184 views

CVE-2019-6624

The CVE-2019-6624 issue affects F5 BIG-IP TMM when a UDP virtual server is configured with UDP Protocol Profile and Datagram LB enabled. A crafted, undisclosed UDP traffic pattern may trigger a DoS by causing TMM to restart. Affected versions include BIG-IP 12.1.0–12.1.4, 13.0.0–13.1.1.4 (13.1.x)...

7.5CVSS7.4AI score0.01321EPSS
CVE
CVE
added 2019/07/02 8:25 p.m.183 views

CVE-2019-6622

CVE-2019-6622 affects BIG-IP iControl REST: an undisclosed worker is vulnerable to command injection by an administrator on multi-bladed systems. Affected versions include BIG-IP 11.5.1–11.6.4, 12.1.0–12.1.4.1, 13.0.0–13.1.1.4, and 14.0.0–14.1.0.5 (plus 14.1.0). Impact is remote execution of arbi...

7.2CVSS7.2AI score0.01844EPSS
CVE
CVE
added 2022/01/25 7:11 p.m.183 views

CVE-2022-23027

CVE-2022-23027 affects BIG-IP when a FastL4 profile is paired with an HTTP, FIX, and/or hash persistence profile on the same virtual server. The root cause is an undisclosed request handling issue that can cause the virtual server to stop processing new client connections, leading to a DoS on the...

5.3CVSS5.5AI score0.00915EPSS
CVE
CVE
added 2019/07/03 6:33 p.m.181 views

CVE-2019-6641

CVE-2019-6641 affects F5 BIG-IP 12.1.0–12.1.4.1 where undisclosed requests cause the iControl REST restjavad process to crash, with exploitation limited to authenticated users (all roles); unauthenticated users cannot exploit. The vulnerability is documented across multiple sources (F5 advisory K...

6.5CVSS6.3AI score0.02045EPSS
CVE
CVE
added 2022/01/25 7:11 p.m.177 views

CVE-2022-23010

CVE-2022-23010 affects BIG-IP: when a FastL4 profile and an HTTP profile are on a virtual server, undisclosed requests can cause memory resource utilization to increase, potentially impacting performance. Affects 16.x (16.0.0–16.0.1), 15.x (15.1.0–15.1.4, fixed in 15.1.4.1), 14.x (14.1.0–14.1.4, ...

7.5CVSS7.6AI score0.00952EPSS
Total number of security vulnerabilities489