F5 Big-Ip Application Acceleration Manager vulnerabilities

485 known vulnerabilities affecting f5/big-ip_application_acceleration_manager.

Total CVEs

485

CISA KEV

11

actively exploited

Public exploits

19

Exploited in wild

11

Severity breakdown

CRITICAL36HIGH274MEDIUM170LOW5

Vulnerabilities

Page 25 of 25

CVE-2014-6271CRITICALCVSS 9.8KEVPoC≥ 11.4.0, ≤ 11.5.1v11.6.02014-09-24

CVE-2014-6271 [CRITICAL] CWE-78 CVE-2014-6271: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environm GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts execute

CVE-2014-4027LOWCVSS 2.3≥ 11.4.0, ≤ 11.6.0v12.0.02014-06-23

CVE-2014-4027 [LOW] CWE-200 CVE-2014-4027: The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.1 The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.

CVE-2014-3959MEDIUMCVSS 4.3v11.4.0v11.5.12014-06-03

CVE-2014-3959 [MEDIUM] CWE-79 CVE-2014-3959: Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remot

CVE-2014-0196MEDIUMCVSS 5.5KEVPoC≥ 11.4.0, ≤ 11.5.12014-05-07

CVE-2014-0196 [MEDIUM] CWE-362 CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

CVE-2014-0101HIGHCVSS 7.8≥ 11.4.0, ≤ 11.5.32014-03-11

CVE-2014-0101 [HIGH] CWE-476 CVE-2014-0101: The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does n The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and

← Previous25 / 25