788 matches found
macOS - 'process_policy' Stack Leak Through Uninitialized Field
/ The syscall processpolicyscope=PROCPOLICYSCOPEPROCESS, action=PROCPOLICYACTIONGET, policy=PROCPOLICYRESOURCEUSAGE, policysubtype=PROCPOLICYRUSAGECPU, attrp=, targetpid=0, targetthreadid= causes 4 bytes of uninitialized kernel stack memory to be written to userspace. The call graph looks as...
CVE-2017-17818
In Netwide Assembler NASM 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in pastetokens in asm/preproc.c...
CVE-2017-17814
In Netwide Assembler NASM 2.14rc0, there is a use-after-free in dodirective in asm/preproc.c that will cause a remote denial of service attack...
CVE-2017-17812
In Netwide Assembler NASM 2.14rc0, there is a heap-based buffer over-read in the function detoken in asm/preproc.c that will cause a remote denial of service attack...
CVE-2017-6136
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause...
Code injection
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners primary and/or secondary IP may...
Design/Logic Flaw
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause...
CVE-2017-6138
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of...
CVE-2017-6132
CVE-2017-6132 affects F5 BIG-IP LTM and multiple modules (AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe) across versions 11.5.0–11.5.4, 11.6.0–11.6.1, 12.0.0–12.1.2, and 13.0.0. The issue stems from an undisclosed sequence of packets sent to HA mirror listeners that may c...
CVE-2017-6133
In F5 BIG-IP, the CVE-2017-6133 vulnerability affects BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe with versions 13.0.0 and 12.1.0–12.1.2. The issue arises from an undisclosed HTTP request handling flaw in the Traffic Management Microkernel (TMM), leading to de...
CVE-2017-6167
CVE-2017-6167 is a race-condition vulnerability in F5 BIG-IP iControl REST that can cause commands to execute with elevated privileges. Affected BIG-IP versions include 13.x (13.0.0), 12.x (12.1.0–12.1.2), 14.x (14.1.x), 15.x (15.0–15.1.1/2), and 16.x (16.0.0–16.0.1). Red Hat and F5 advisories co...
CVE-2017-6134
The vulnerability CVE-2017-6134 affects F5 BIG-IP BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe across 11.x, 12.x, and 13.x branches. An undisclosed sequence of packets from an adjacent network can cause the Traffic Management Microkernel (TMM) to crash, po...
CVE-2017-6135
CVE-2017-6135 affects F5 BIG-IP software (LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe) version 13.0.0. The issue is a slow memory leak caused by undisclosed IPv4/IPv6 packets sent to the BIG-IP management port or self IP addresses, which can lead to out-of-memory (...
CVE-2017-6138
CVE-2017-6138 affects F5 BIG-IP software (LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe) versions 13.0.0 and 12.1.0–12.1.2. Malicious requests to virtual servers with an HTTP profile can cause TMM restart; APM profiles are affected regardless of settings, and non-def...
CVE-2017-6151
CVE-2017-6151 affects F5 BIG-IP software (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) version 13.0.0 where virtual servers using the HTTP/2 profile may cause disruption of TMM. Root cause: undisclosed requests to HTTP/2-enabled virtua...
CVE-2017-17818
In Netwide Assembler NASM 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in pastetokens in asm/preproc.c...
CVE-2017-17811
In Netwide Assembler NASM 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in pastetokens in asm/preproc.c, a similar issue to CVE-2017-11111...
CVE-2017-17814
In Netwide Assembler NASM 2.14rc0, there is a use-after-free in dodirective in asm/preproc.c that will cause a remote denial of service attack...
DEBIAN-CVE-2017-17811
In Netwide Assembler NASM 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in pastetokens in asm/preproc.c, a similar issue to CVE-2017-11111...
Heap overflow
In Netwide Assembler NASM 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in pastetokens in asm/preproc.c...