F5 » Big-ip Access Policy Manager : Security Vulnerabilities, CVEs, (Memory corruption)
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Max CVSS
7.5
EPSS Score
0.08%
Published
2023-02-01
Updated
2023-02-09
On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or writes. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Max CVSS
7.5
EPSS Score
0.10%
Published
2021-02-12
Updated
2021-02-18
In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.
Max CVSS
8.8
EPSS Score
0.23%
Published
2020-05-12
Updated
2020-05-14
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.
Max CVSS
7.8
EPSS Score
0.12%
Published
2019-02-24
Updated
2021-12-10
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
Max CVSS
8.1
EPSS Score
3.58%
Published
2019-02-15
Updated
2023-05-16
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.
Max CVSS
7.8
EPSS Score
1.78%
Published
2015-05-29
Updated
2019-03-27
CVE-2014-0196
Known exploited
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
Max CVSS
6.9
EPSS Score
1.91%
Published
2014-05-07
Updated
2024-02-09
CISA KEV Added
2023-05-12
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
Max CVSS
7.8
EPSS Score
91.79%
Published
2014-03-11
Updated
2023-02-13
8 vulnerabilities found