CVE-2017-17818

In Netwide Assembler NASM 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in pastetokens in asm/preproc.c...

CVE-2017-17811

In Netwide Assembler NASM 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in pastetokens in asm/preproc.c, a similar issue to CVE-2017-11111...

CVE-2017-17818

In Netwide Assembler NASM 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in pastetokens in asm/preproc.c...

F5 Networks BIG-IP : NTP vulnerability (K31310492)

Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response. CVE-2017-6460 C Tenable Network Security, Inc. The descriptive text and package chec...

Netwide Assembler 'do_directive' function memory misreference vulnerability

Netwide Assembler NASM is a Linux-based assembler that creates binaries and writes bootloaders. A memory misreference vulnerability exists in the 'dodirective' function of the asm/preproc.c file in NASM version 2.14rc0. A remote attacker could exploit this vulnerability to cause a denial of servi...

Netwide Assembler 'pp_getline' Function Memory Misreference Vulnerability

Netwide Assembler NASM is a Linux-based assembler that creates binaries and writes bootloaders. A memory misreference vulnerability exists in the 'ppgetline' function in the asm/preproc.c file in NASM version 2.14rc0. A remote attacker could exploit this vulnerability to cause a denial of service...

UBUNTU-CVE-2017-17816

In Netwide Assembler NASM 2.14rc0, there is a use-after-free in ppgetline in asm/preproc.c that will cause a remote denial of service attack...

Code injection

In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel TMM may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4...

Code injection

In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams...

Code injection

F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server. Data plane is vulnerable when using the MPTCP option of a TC...

CVE-2017-6157

CVE-2017-6157 affects BIG-IP virtual servers configured with HTTP Explicit Proxy functionality and/or SOCKS profile across multiple BIG-IP modules. The issue allows an unauthenticated, remote attacker to modify system configuration, exfiltrate sensitive files, and potentially execute commands on ...

CVE-2017-6163

CVE-2017-6163 affects BIG-IP LTM and multiple modules (AAM, AFM, APM, ASM, Link Controller, PEM, PSM). When a virtual server uses HTTP/2 or SPDY with a Client SSL profile, and a client opens concurrent streams beyond the advertised limit, the TMM data plane can be disrupted, while the control pla...

CVE-2017-6157

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an...

CVE-2017-0303

Summary : CVE-2017-0303 affects multiple BIG-IP products (e.g., BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe) with affected versions including 13.0.0 and 12.0.0–12.1.2, 11.5.1–11.6.1. The issue arises when connections handled by a Virtual Server with an assoc...

Authorization

iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. This service does not properly re-validate cookies when making that...

Linux/x86_64 - mkdir() evil Shellcode (30 bytes)

/ ;Title: Linux/x8664 - mkdir shellcode 30 bytes ;Author: Touhid M.Shaikh ;Contact: https://github.com/touhidshaikh ;Category: Shellcode ;Architecture: Linux x8664 ;Description: Create Folder with 755 permission. ; You can Change folder by change code in ASM in fname Field ;Shellcode Length: 30...

USN-3422-1 linux vulnerabilities

It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service system crash. CVE-2017-1000251 It was discovered that the asynchronous I/O aio...

Bytecode Viewer - A Java 8 Jar & Android Apk Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

Bytecode Viewer is an Advanced Lightweight Java Bytecode Viewer, GUI Java Decompiler, GUI Bytecode Editor, GUI Smali, GUI Baksmali, GUI APK Editor, GUI Dex Editor, GUI APK Decompiler, GUI DEX Decompiler, GUI Procyon Java Decompiler, GUI Krakatau, GUI CFR Java Decompiler, GUI FernFlower Java...

PHP vulnerabilities CVE-2017-9226 and CVE-2017-7890

F5 Product Development has evaluated the currently supported releases for potential vulnerability. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an...