cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2018-15322,https://securityvulnerability.io/vulnerability/CVE-2018-15322,,"On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action utilises storage space on the /var partition and when performed repeatedly causes the /var partition to be full.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Gtm, Link Controller, Pem, Webaccelerator, Websafe), Big-iq Centralized Management, Big-iq Cloud And Orchestration, Iworkflow, Enterprise Manager",6.5,MEDIUM,0.0007200000109151006,false,false,false,false,,false,false,2018-10-31T14:00:00.000Z,0
CVE-2018-15321,https://securityvulnerability.io/vulnerability/CVE-2018-15321,,"When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator), Big-iq Centralized Management, Big-iq Cloud And Orchestration, Iworkflow, Enterprise Manager",4.9,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2018-10-31T14:00:00.000Z,0
CVE-2018-5540,https://securityvulnerability.io/vulnerability/CVE-2018-5540,,"On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.",F5,"Big-ip (dns, Gtm),Enterprise Manager,Big-iq Centralized Management,Big-iq Cloud And Orchestration,F5 Iworkflow",4.4,MEDIUM,0.0007900000200606883,false,false,false,false,,false,false,2018-07-19T14:29:00.000Z,0
CVE-2018-5516,https://securityvulnerability.io/vulnerability/CVE-2018-5516,,"On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Gtm, Link Controller, Pem, Webaccelerator, Websafe),Enterprise Manager,Big-iq Centralized Management,Big-iq Cloud And Orchestration,Iworkflow",4.7,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2018-05-02T13:29:00.000Z,0
CVE-2017-6128,https://securityvulnerability.io/vulnerability/CVE-2017-6128,,"An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.",F5,"Big-ip Ltm, Aam, Afm, Analytics, Apm, Asm, Edge Gateway, Gtm, Link Controller, Pem, Psm, Webaccelerator, Websafe,Enterprise Manager,Big-iq Cloud, Device, Security, Adc, Centralized Management, Cloud And Orchestration,Iworkflow",7.5,HIGH,0.002580000087618828,false,false,false,false,,false,false,2017-05-01T15:00:00.000Z,0
CVE-2015-5058,https://securityvulnerability.io/vulnerability/CVE-2015-5058,,"Memory leak in the virtual server component in F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.5.x before 11.5.1 HF10, 11.5.3 before HF1, and 11.6.0 before HF5, BIG-IQ Cloud, Device, and Security 4.4.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted ICMP packets.",F5,"Big-ip Link Controller,Big-ip Analytics,Big-iq Security,Big-ip Application Security Manager,Big-ip Global Traffic Manager,Big-ip Advanced Firewall Manager,Big-ip Application Acceleration Manager,Big-ip Access Policy Manager,Big-iq Device,Big-ip Local Traffic Manager,Big-iq Cloud,Big-iq Adc",,,0.002099999925121665,false,false,false,false,,false,false,2015-08-24T14:00:00.000Z,0
CVE-2015-4637,https://securityvulnerability.io/vulnerability/CVE-2015-4637,,"The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name.",F5,"Big-iq Security,Big-iq Device,Big-iq Cloud,Big-iq Adc",,,0.001990000018849969,false,false,false,false,,false,false,2015-07-16T14:00:00.000Z,0
CVE-2014-2927,https://securityvulnerability.io/vulnerability/CVE-2014-2927,,"The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.",F5,"Big-ip Protocol Security Module,Arx,Big-ip Wan Optimization Manager,Big-ip Local Traffic Manager,Big-ip Access Policy Manager,Big-ip Link Controller,Big-ip Webaccelerator,Big-ip Application Security Manager,Big-ip Analytics,Big-ip Edge Gateway,Big-ip Global Traffic Manager,Firepass,Big-iq Security,Big-iq Cloud,Enterprise Manager,Big-ip Advanced Firewall Manager,Big-ip Policy Enforcement Manager,Big-ip Application Acceleration Manager,Big-iq Device",,,0.0760900005698204,false,false,false,false,,false,false,2014-10-15T14:00:00.000Z,0