Big Ip Application Acceleration Manager

big-ip_application_acceleration_manager

Vendor: F5 • 486 CVEs

CVEs (486)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-6664 1F5 13Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+10 more Nov 21, 2024 Nov 15, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 On BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions, network protections on the management port do not follow current best practices.
CVE-2019-6663 1F5 16Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+13 more Nov 21, 2024 Nov 15, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerabl...Show more The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning (DNS Rebinding) attack.Show less
CVE-2019-6662 1F5 13Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+10 more Nov 21, 2024 Nov 15, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that...Show more On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data.Show less
CVE-2019-6660 1F5 13Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+10 more Nov 21, 2024 Nov 15, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service.
CVE-2019-6659 1F5 13Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+10 more Nov 21, 2024 Nov 15, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of service due to undisclosed incoming messages.
CVE-2018-12207 8Canonical DebianF5+5 more 778Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+775 more Nov 21, 2024 Nov 14, 2019 N/A· v4 6.5 MEDIUM· v3 4.9 MEDIUM· v2 Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local acces...Show more Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.Show less
CVE-2019-6657 1F5 13Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+10 more Nov 21, 2024 Nov 1, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the...Show more On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility.Show less
CVE-2019-6471 2F5 Isc 17Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+14 more Nov 21, 2024 Oct 9, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.1...Show more A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1.Show less
CVE-2018-5743 2F5 Isc 17Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+14 more Nov 21, 2024 Oct 9, 2019 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most...Show more By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.Show less
CVE-2018-14880 7Apple DebianF5+4 more 23Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+20 more Nov 21, 2024 Oct 3, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
CVE-2018-14468 7Apple DebianF5+4 more 23Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+20 more Dec 3, 2025 Oct 3, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
CVE-2019-6655 1F5 6Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+3 more Nov 21, 2024 Sep 25, 2019 N/A· v4 5.3 MEDIUM· v3 4.3 MEDIUM· v2 On versions 13.0.0-13.1.0.1, 12.1.0-12.1.4.1, 11.6.1-11.6.4, and 11.5.1-11.5.9, BIG-IP platforms where AVR, ASM, APM, PEM, AFM, and/or AAM is provisioned may leak sensitive data.
CVE-2019-6654 1F5 13Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+10 more Nov 21, 2024 Sep 25, 2019 N/A· v4 4.3 MEDIUM· v3 3.3 LOW· v2 On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface)....Show more On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). This may allow attackers on an adjacent system to force BIG-IP into processing packets with spoofed source addresses.Show less
CVE-2019-6651 1F5 16Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+13 more Nov 21, 2024 Sep 25, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login p...Show more In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request.Show less
CVE-2019-6649 1F5 14Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+11 more Nov 21, 2024 Sep 20, 2019 N/A· v4 9.1 CRITICAL· v3 5.8 MEDIUM· v2 F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to b...Show more F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.Show less
CVE-2019-6646 1F5 14Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+11 more Nov 21, 2024 Sep 4, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges.
CVE-2019-6643 1F5 13Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+10 more Nov 21, 2024 Sep 4, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured with a DHCPv6 profile m...Show more On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured with a DHCPv6 profile may be able to cause the TMM process to produce a core file.Show less
CVE-2019-6647 1F5 13Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+10 more Nov 21, 2024 Sep 4, 2019 N/A· v4 5.3 MEDIUM· v3 4.3 MEDIUM· v2 On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when processing authentication attempts for control-plane users MCPD leaks a small amount of memory. Under rare conditions attack...Show more On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when processing authentication attempts for control-plane users MCPD leaks a small amount of memory. Under rare conditions attackers with access to the management interface could eventually deplete memory on the system.Show less
CVE-2019-6644 1F5 13Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+10 more Nov 21, 2024 Sep 4, 2019 N/A· v4 9.4 CRITICAL· v3 6.8 MEDIUM· v2 Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose th...Show more Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.Show less
CVE-2019-6645 1F5 13Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+10 more Nov 21, 2024 Sep 4, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, FTP traffic passing through a Virtual Server with both an active FTP profile associated and connection mirroring configured may lead to a TMM cras...Show more On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, FTP traffic passing through a Virtual Server with both an active FTP profile associated and connection mirroring configured may lead to a TMM crash causing the configured HA action to be taken.Show less

Previous 1...141516...25 Next