CVSS: 10.0EPSS: 13%CPEs: 7EXPL: 0CVE-2015-8098
https://notcve.org/view.php?id=CVE-2015-8098
12 Jan 2016 — F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and 11.6.0 before 11.6.0 HF4 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors related to processing a Citrix Remote Desktop connection through a virtual server configured with a remote desktop profile, aka an "Out-of-bounds memory vulnerability." F5 BIG-IP APM 11.4.1 en versiones anteriores a 11.4.1 HF9, 11.5.x en versiones anteriores a 11.5.3 y 11.6.0 en versiones anteriores a 11.6.0 HF4 permi... • http://www.securitytracker.com/id/1034609 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 76%CPEs: 97EXPL: 4CVE-2015-3628 – F5 iControl - 'iCall::Script' Root Command Execution
https://notcve.org/view.php?id=CVE-2015-3628
19 Nov 2015 — The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0, BIG-IP GTM 11.3.0 before 11.6.0 HF6, BIG-IP PSM 11.3.0 through 11.4.1, Enterprise Manager 3.1.0 through 3.1.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote authenticated users with... • https://packetstorm.news/files/id/134434 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 126EXPL: 0CVE-2015-7394
https://notcve.org/view.php?id=CVE-2015-7394
06 Nov 2015 — The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.1.0 through 11.3.0, BIG-IP GTM 11.1.0 through 11.6.0, BIG-IP PSM 11.1.0 through 11.4.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ ADC 4.5.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to cause a denial of... • http://www.securitytracker.com/id/1034025 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 101EXPL: 0CVE-2015-6546
https://notcve.org/view.php?id=CVE-2015-6546
06 Nov 2015 — The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, and LTM 11.0.0 before 11.6.0, BIG-IP AAM 11.4.0 before 11.6.0, BIG-IP AFM and PEM 11.3.0 before 11.6.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0, BIG-IP PSM 11.0.0 through 11.4.1 allows remote attackers to cause a denial of service via "malicious traffic." El host vCMP en F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller y LTM 11.0.0 en versiones anteriores a 11.6.0, BIG-IP AAM 11.4.0 en versiones anteriores a ... • http://www.securitytracker.com/id/1033952 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 10%CPEs: 16EXPL: 2CVE-2015-4040 – F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 - Directory Traversal
https://notcve.org/view.php?id=CVE-2015-4040
17 Sep 2015 — Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors. Vulnerabilidad de salto de directorio en la utilidad de configuración en F5 BIG-IP en versiones anteriores a 12.0.0 y Enterprise Manager 3.0.0 hasta la versión 3.1.1, permite a usuarios remotos autenticados acceder a archivos arbitrarios en la raíz web a través de vectores no e... • https://packetstorm.news/files/id/133931 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 1%CPEs: 31EXPL: 0CVE-2015-5058
https://notcve.org/view.php?id=CVE-2015-5058
24 Aug 2015 — Memory leak in the virtual server component in F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.5.x before 11.5.1 HF10, 11.5.3 before HF1, and 11.6.0 before HF5, BIG-IQ Cloud, Device, and Security 4.4.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted ICMP packets. Vulnerabilidad de fuga de memoria en el componente de servidor virtual en F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, ... • http://www.securitytracker.com/id/1033334 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 6%CPEs: 45EXPL: 4CVE-2015-4047 – Debian Security Advisory 3272-1
https://notcve.org/view.php?id=CVE-2015-4047
26 May 2015 — racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. racoon/gssapi.c en IPsec-Tools 0.8.2 permite a atacantes remotos causar una denegación de servicios (referencia a puntero nulo y caída de demonio IKE) a través de una serie de solicitudes UDP manipuladas. Javantea discovered a NULL pointer dereference flaw in racoon, the Internet Key Exchange daemon of ipsec-tools. A remote attacker c... • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.4EPSS: 0%CPEs: 43EXPL: 0CVE-2014-9326
https://notcve.org/view.php?id=CVE-2014-9326
12 May 2015 — The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the (2) Call Home feature in ASM 10.0.0 through 11.6.0 and PEM 11.3.0 through 11.6.0 does not properly validate server SSL certificates, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate. La funcionalidad de la actualización automática de fi... • http://www.securitytracker.com/id/1032305 •
CVSS: 5.9EPSS: 3%CPEs: 136EXPL: 0CVE-2014-8730 – HP Security Bulletin HPSBPV03516 2
https://notcve.org/view.php?id=CVE-2014-8730
10 Dec 2014 — The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, PEM 11.3.0 through 11.6.0, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.4.1 and BIG-IQ Cloud and Security 4.0.0 through 4.4.0 and Device 4.2.0 through 4.4.0, when using TLS 1.x before TLS 1.2, does not properly check CBC pad... • http://marc.info/?l=bugtraq&m=144372772101168&w=2 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 7%CPEs: 195EXPL: 3CVE-2014-2927 – F5 Big-IP - rsync Access
https://notcve.org/view.php?id=CVE-2014-2927
15 Oct 2014 — The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address. El demonio rsync en F5 BIG-IP 11.6 anterior a 11.6.0, 11.5.1 anterior a HF3, 11.5.0 anterior a HF4, 11.4.1 anterior a ... • https://www.exploit-db.com/exploits/34465 • CWE-287: Improper Authentication •