F5

Big-ip Local Traffic Manager

461 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2019-6594

  • EPSS 0.65%
  • Published 26.02.2019 15:29:00
  • Last modified 21.11.2024 04:46:46

On BIG-IP 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, and 14.0.0-14.0.0.2, Multi-Path TCP (MPTCP) does not protect against multiple zero length DATA_FINs in the reassembly queue, which can lead to an infinite loop in some circumstances.

7.8

CVE-2019-9075

Exploit
  • EPSS 0.22%
  • Published 24.02.2019 00:29:00
  • Last modified 21.11.2024 04:50:56

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.

6.1

CVE-2019-8331

  • EPSS 2.29%
  • Published 20.02.2019 16:29:00
  • Last modified 21.11.2024 04:49:42

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

8.1

CVE-2019-6974

Exploit
  • EPSS 7.22%
  • Published 15.02.2019 15:29:00
  • Last modified 21.11.2024 04:47:20

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

6.1

CVE-2019-6589

  • EPSS 0.29%
  • Published 14.02.2019 00:29:00
  • Last modified 21.11.2024 04:46:45

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP c...

7.1

CVE-2019-6590

  • EPSS 0.55%
  • Published 05.02.2019 19:29:00
  • Last modified 21.11.2024 04:46:45

On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic.

7.5

CVE-2018-17539

  • EPSS 1.15%
  • Published 28.12.2018 16:29:02
  • Last modified 21.11.2024 03:54:34

The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) el...

5.5

CVE-2018-15333

  • EPSS 0.13%
  • Published 28.12.2018 15:29:00
  • Last modified 21.11.2024 03:50:35

On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user with any role, including Guest Role, to have access and download previously generated and available snapshot files on the BIG-IP configuration utility such...

7.2

CVE-2018-15329

  • EPSS 0.28%
  • Published 20.12.2018 20:29:00
  • Last modified 21.11.2024 03:50:34

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, r...

7.8

CVE-2018-15330

  • EPSS 0.61%
  • Published 20.12.2018 20:29:00
  • Last modified 21.11.2024 03:50:34

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, when a virtual server using the inflate functionality to process a gzip bomb as a payload, the BIG-IP system will experience a fatal error and may cause the Traffic Management Microkerne...