26 matches found
F5 Networks BIG-IP : Linux kernel vulnerability (SOL16477)
The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIGCIFSDFSUPCALL is enabled, relies on a user's keyring for the dnsresolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform...
Varnish: Multiple vulnerabilities
Background Varnish is a web application accelerator. Description Multiple vulnerabilities have been discovered in Varnish. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause a Denial of Service condition via a specially crafted GET request...
F5 Networks BIG-IP : GNU C Library vulnerability (SOL15885)
The GNU C Library aka glibc or libc6 before 2.12.2 and Embedded GLIBC EGLIBC allow context-dependent attackers to execute arbitrary code or cause a denial of service memory consumption via a long UTF8 string that is used in an fnmatch call, aka a 'stack extension attack,' a related issue to...
F5 Networks BIG-IP : GnuTLS vulnerability (SOL15637)
The gnutlsciphertext2compressed function in lib/gnutlscipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service buffer over-read and crash via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. C Tenable Network Security, Inc. The...
F5 Networks BIG-IP : XSS vulnerability viewing logs from the Console section of the web management interface (SOL8599)
The remote BIG-IP device is missing a patch required by a security advisory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution SOL8599. The text description of this plugin is C F5 Networks...
Debian DSA-2814-1 : varnish - denial of service
A denial of service vulnerability was reported in varnish, a state of the art, high-performance web accelerator. With some configurations of varnish a remote attacker could mount a denial of service child-process crash and temporary caching outage via a GET request with trailing whitespace...