CVE-2017-6132

CVE-2017-6132 affects F5 BIG-IP LTM and multiple modules (AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe) across versions 11.5.0–11.5.4, 11.6.0–11.6.1, 12.0.0–12.1.2, and 13.0.0. The issue stems from an undisclosed sequence of packets sent to HA mirror listeners that may c...

CVE-2017-6133

In F5 BIG-IP, the CVE-2017-6133 vulnerability affects BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe with versions 13.0.0 and 12.1.0–12.1.2. The issue arises from an undisclosed HTTP request handling flaw in the Traffic Management Microkernel (TMM), leading to de...

Code injection

In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel TMM may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4...

Code injection

F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server. Data plane is vulnerable when using the MPTCP option of a TC...

CVE-2017-0303

Summary : CVE-2017-0303 affects multiple BIG-IP products (e.g., BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe) with affected versions including 13.0.0 and 12.0.0–12.1.2, 11.5.1–11.6.1. The issue arises when connections handled by a Virtual Server with an assoc...

CVE-2017-6157

CVE-2017-6157 affects BIG-IP virtual servers configured with HTTP Explicit Proxy functionality and/or SOCKS profile across multiple BIG-IP modules. The issue allows an unauthenticated, remote attacker to modify system configuration, exfiltrate sensitive files, and potentially execute commands on ...

CVE-2017-6157

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an...

Code injection

An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the "Analytics" component. It allows remote attackers to obtain sensitive analytics information by leveraging its presence in a cleartext HTTP transmission to an Adobe...

Authorization

iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. This service does not properly re-validate cookies when making that...

CVE-2017-10402

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications subcomponent: Report. Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2017-10404

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications subcomponent: iQuery. Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2017-10405

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications subcomponent: Report. Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2017-10402

The CVE-2017-10402 vulnerability affects Oracle Hospitality Reporting and Analytics (subcomponent: Report) within Oracle Hospitality Applications, specifically versions 8.5.1 and 9.0.0. The issue allows an unauthenticated attacker with network access via HTTP to compromise the Reporting and Analy...

CVE-2017-10403

CVE-2017-10403 affects the Oracle Hospitality Reporting and Analytics product (subcomponent iQuery). The vulnerable versions are 8.5.1 and 9.0.0. The issue is exploitable by a low-privilege attacker who can reach the service over HTTP; attacks require user interaction from a person other than the...

CVE-2017-10404

Affected software: Oracle Hospitality Reporting and Analytics, subcomponent iQuery. Affects versions 8.5.1 and 9.0.0. Root cause: unpatched vulnerability in iQuery allows a low-privilege attacker with HTTP network access to compromise Oracle Hospitality Reporting and Analytics, potentially taking...

CVE-2017-10405

CVE-2017-10405 affects Oracle Hospitality Reporting and Analytics (subcomponent: Report) in Oracle Hospitality Applications. Affected versions: 8.5.1 and 9.0.0. An unauthenticated attacker with network access via HTTP can compromise the component, potentially gaining unauthorized access to data a...

CVE-2017-10403

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications subcomponent: iQuery. Supported versions that are affected are 8.5.1 and 9.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2017-10402

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications subcomponent: Report. Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

About the security content of Apple Support 1.2 for iOS - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

Design/Logic Flaw

IBM BigFix Compliance Analytics 1.9.79 TEMA SUAv1 SCA SCM stores user credentials in clear text which can be read by a local user. IBM X-Force ID: 123676...