cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2016-3687,https://securityvulnerability.io/vulnerability/CVE-2016-3687,,"Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in the SSO_ORIG_URI parameter.",F5,Big-ip Access Policy Manager,5.3,MEDIUM,0.0015800000401213765,false,false,false,false,,false,false,2016-06-16T18:00:00.000Z,0
CVE-2015-8099,https://securityvulnerability.io/vulnerability/CVE-2015-8099,,"F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment.",F5,Big-ip Access Policy Manager,5.9,MEDIUM,0.0063299997709691525,false,false,false,false,,false,false,2016-05-13T16:00:00.000Z,0
CVE-2015-8021,https://securityvulnerability.io/vulnerability/CVE-2015-8021,,"Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before HF6; BIG-IP AFM and PEM 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; and BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF11 and 11.3.0 allows remote authenticated users to upload files via uploadImage.php.",F5,"Big-ip Access Policy Manager,Big-ip Link Controller,Big-ip Analytics,Big-ip Edge Gateway,Big-ip Protocol Security Module,Big-ip Local Traffic Manager,Big-ip Wan Optimization Manager,Big-ip Global Traffic Manager,Big-ip Advanced Firewall Manager,Big-ip Webaccelerator,Big-ip Application Security Manager,Big-ip Application Acceleration Manager,Big-ip Policy Enforcement Manager",4.3,MEDIUM,0.001180000021122396,false,false,false,false,,false,false,2016-04-12T14:00:00.000Z,0
CVE-2015-8240,https://securityvulnerability.io/vulnerability/CVE-2015-8240,,"The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.0 HF6 and BIG-IP PSM before 11.4.1 HF10 does not properly handle TCP options, which allows remote attackers to cause a denial of service via unspecified vectors, related to the tm.minpathmtu database variable.",F5,"Big-ip Analytics,Big-ip Link Controller,Big-ip Protocol Security Module,Big-ip Application Security Manager,Big-ip Advanced Firewall Manager,Big-ip Application Acceleration Manager,Big-ip Global Traffic Manager,Big-ip Local Traffic Manager,Big-ip Access Policy Manager,Big-ip Policy Enforcement Manager",7.5,HIGH,0.00203999993391335,false,false,false,false,,false,false,2016-04-11T14:00:00.000Z,0
CVE-2015-8098,https://securityvulnerability.io/vulnerability/CVE-2015-8098,,"F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and 11.6.0 before 11.6.0 HF4 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors related to processing a Citrix Remote Desktop connection through a virtual server configured with a remote desktop profile, aka an ""Out-of-bounds memory vulnerability.""",F5,Big-ip Access Policy Manager,9.8,CRITICAL,0.009960000403225422,false,false,false,false,,false,false,2016-01-12T19:00:00.000Z,0
CVE-2015-5058,https://securityvulnerability.io/vulnerability/CVE-2015-5058,,"Memory leak in the virtual server component in F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.5.x before 11.5.1 HF10, 11.5.3 before HF1, and 11.6.0 before HF5, BIG-IQ Cloud, Device, and Security 4.4.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted ICMP packets.",F5,"Big-ip Link Controller,Big-ip Analytics,Big-iq Security,Big-ip Application Security Manager,Big-ip Global Traffic Manager,Big-ip Advanced Firewall Manager,Big-ip Application Acceleration Manager,Big-ip Access Policy Manager,Big-iq Device,Big-ip Local Traffic Manager,Big-iq Cloud,Big-iq Adc",,,0.002099999925121665,false,false,false,false,,false,false,2015-08-24T14:00:00.000Z,0
CVE-2014-2927,https://securityvulnerability.io/vulnerability/CVE-2014-2927,,"The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.",F5,"Big-ip Protocol Security Module,Arx,Big-ip Wan Optimization Manager,Big-ip Local Traffic Manager,Big-ip Access Policy Manager,Big-ip Link Controller,Big-ip Webaccelerator,Big-ip Application Security Manager,Big-ip Analytics,Big-ip Edge Gateway,Big-ip Global Traffic Manager,Firepass,Big-iq Security,Big-iq Cloud,Enterprise Manager,Big-ip Advanced Firewall Manager,Big-ip Policy Enforcement Manager,Big-ip Application Acceleration Manager,Big-iq Device",,,0.0760900005698204,false,false,false,false,,false,false,2014-10-15T14:00:00.000Z,0
CVE-2014-3959,https://securityvulnerability.io/vulnerability/CVE-2014-3959,,"Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.",F5,"Big-ip Protocol Security Module,Big-ip Advanced Firewall Manager,Big-ip Edge Gateway,Big-ip Local Traffic Manager,Big-ip Wan Optimization Manager,Big-ip Link Controller,Big-ip Application Security Manager,Big-ip Analytics,Big-ip Global Traffic Manager,Big-ip Application Acceleration Manager,Big-ip Webaccelerator,Big-ip Access Policy Manager,Enterprise Manager,Big-ip Policy Enforcement Manager",,,0.0025599999353289604,false,false,false,false,,false,false,2014-06-03T14:00:00.000Z,0
CVE-2013-6024,https://securityvulnerability.io/vulnerability/CVE-2013-6024,,"The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory via unspecified vectors.",F5,"Big-ip Access Policy Manager,Firepass,Big-ip Edge Gateway",,,0.000590000010561198,false,false,false,false,,false,false,2014-02-10T17:00:00.000Z,0
CVE-2013-5976,https://securityvulnerability.io/vulnerability/CVE-2013-5976,,Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web script or HTML via the LastMRH_Session cookie.,F5,Big-ip Access Policy Manager,,,0.002199999988079071,false,false,false,false,,false,false,2013-10-01T20:00:00.000Z,0
CVE-2013-5975,https://securityvulnerability.io/vulnerability/CVE-2013-5975,,The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.,F5,Big-ip Access Policy Manager,,,0.0030300000216811895,false,false,false,false,,false,false,2013-10-01T20:00:00.000Z,0
CVE-2013-0150,https://securityvulnerability.io/vulnerability/CVE-2013-0150,,"Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products ""when APM is provisioned,"" allows remote attackers to upload and execute arbitrary files via a ..  (dot dot) in the filename parameter.",F5,Big-ip Access Policy Manager,,,0.008150000125169754,false,false,false,false,,false,false,2013-08-09T20:56:00.000Z,0