F5 Networks BIG-IP : TMM vulnerability (K82851041)

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disrupti...

CVE-2017-5949

Removed by vendor...

Mozilla: asm.js JIT-spray bypass of ASLR and DEP (MFSA 2017-06)

JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox 52, Firefox ESR 45.8, Thunderbird 52, and Thunderbird 45.8...

asm-smt.com XSS vulnerability

Vulnerable URL: http://www.asm-smt.com/en/SMT-Solutions-Home/News-Center/Press/Press-Releases/page30411.aspx?newsid=3003"--!"=30411=0===KNOXSS Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...

Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes)

Title: x86 SELinux change between permissive and enforcing modes shellcode Date: 20-02-2017 Author: Krzysztof Przybylski Platform: Linx86 Tested on: CentOS 6.8 i686 Shellcode Size: 45 bytes ID: SLAE - 871 / 1. Description: SELinux mode switcher. Permissive = "\x30"; Enforcing = "\x31" gcc...

CVE-2016-9644

The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this...

CVE-2016-9644

The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this...

UBUNTU-CVE-2016-9644

The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this...

www2.asminternational.org Open Redirect vulnerability

Open Bug Bounty ID: OBB-194932 Description| Value ---|--- Affected Website:| www2.asminternational.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

F5 Networks BIG-IP : libgd vulnerability (K71581599)

The output function in gdgifout.c in the GD Graphics Library aka libgd allows remote attackers to cause a denial of service out-of-bounds read via a crafted image. CVE-2016-6161 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks...

F5 Networks BIG-IP : BIG-IP ASM vulnerability (SOL17119920)

When ASM is provisioned and configured, BIG-IP ASM 12.1.0 and 12.1.1 systems may allow remote attackers to cause a denial of service DoS via a crafted HTTP request. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP...

SOL17119920 - BIG-IP ASM vulnerability CVE-2016-7472

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

CVE-2016-9178

The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a getuserex call...

CVE-2016-5022

F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-I...

CVE-2015-8022

CVE-2015-8022 affects multiple F5 BIG-IP products (LTM, Analytics, APM, ASM, GTM, Link Controller; AAM, AFM, PEM; Edge Gateway, WebAccelerator, WOM, PSM) across 11.x releases. The root cause is in the Configuration utility: an Access Policy Manager customization configuration section that allows ...

F5 Networks BIG-IP : glibc vulnerability (SOL09408132)

Integer overflow in posix/fnmatch.c in the GNU C Library aka glibc or libc6 2.13 and earlier allows context-dependent attackers to cause a denial of service application crash via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than...

CVE-2015-8099

CVE-2015-8099 affects F5 BIG-IP products (multiple modules) where software SYN cookies are configured on virtual servers. Under limited conditions, an invalid TCP segment can cause a DoS (High-Speed Bridge hang) in the data plane via virtual servers. The vulnerability impacts various BIG-IP relea...

Default configuration

F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5....

CVE-2016-2084

CVE-2016-2084 affects F5 BIG-IP and BIG-IQ cloud deployments (AWS, Azure, Verizon) where certificates and keys are not regenerated during deployment, allowing potential disclosure of sensitive data or disruption. The root cause is improper regeneration of certificates/keys when deploying cloud im...

CVE-2015-8021

The CVE-2015-8021 entry maps to an actual vulnerability in the BIG-IP Configuration utility where file uploads via uploadImage.php are not properly validated. Affected BIG-IP products (LTM, Analytics, APM, ASM, GTM, Link Controller, PSM, and related modules) running vulnerable 11.x releases are e...