CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 0CVE-2014-3959
https://notcve.org/view.php?id=CVE-2014-3959
03 Jun 2014 — Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Vulnerabilidad de XSS en list.jsp en la utilidad de configuración en F5 BIG-IP... • http://secunia.com/advisories/58969 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 68%CPEs: 86EXPL: 4CVE-2014-2928 – F5 iControl - Remote Command Execution
https://notcve.org/view.php?id=CVE-2014-2928
07 May 2014 — The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands ... • https://packetstorm.news/files/id/128592 •
CVSS: 7.0EPSS: 1%CPEs: 49EXPL: 7CVE-2014-0196 – Linux Kernel Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2014-0196
06 May 2014 — The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. La función n_tty_write en drivers/tty/n_tty.c en el kernel de Linux hasta 3.14.3 no maneja debidamente acceso al controlador tty en el caso 'LECHO & !OPOST', lo... • https://packetstorm.news/files/id/126603 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 65%CPEs: 35EXPL: 0CVE-2014-0101 – kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk
https://notcve.org/view.php?id=CVE-2014-0101
11 Mar 2014 — The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. La función sctp_sf_do_5_1D_ce en net/sctp/sm_statefuns.c en el kernel de Linux hasta la versión 3.13.6 no v... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec0223ec48a90cb605244b45f7c62de856403729 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2013-6024
https://notcve.org/view.php?id=CVE-2013-6024
10 Feb 2014 — The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory via unspecified vectors. Los componentes Edge Client en F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, y 14.x, BIG-IP Edge Gateway 10.x y 11.x y FirePass 7.0.0 permiten a atacantes obtener información sensible de la memoria de procesos a través de vectores no especificados. • http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14969.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 49EXPL: 0CVE-2012-3000
https://notcve.org/view.php?id=CVE-2012-3000
30 Jan 2014 — Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter. Múltiples vulnerabilidades de inyección de SQL en sam/admin/reports/php/saveSettings.php en el APM WebGUI de F5 BIG-IP LTM, GTM,... • http://archives.neohapsis.com/archives/bugtraq/2013-01/0094.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 86EXPL: 0CVE-2013-6016
https://notcve.org/view.php?id=CVE-2013-6016
26 Oct 2013 — The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.4.1; and WebAccelerator 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.3.0 might change a TCP connection to the ESTABLISHED state before receiving the ACK packet, which allows remote attackers to cause a denial of service (SIGFPE or assertion failure and TMM... • http://secunia.com/advisories/55378 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2013-5975
https://notcve.org/view.php?id=CVE-2013-5975
01 Oct 2013 — The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. La política de acceso en la página de inicio de sesión (logon.inc) en F5 BIG-IP APM v11.1.0 hasta v11.2.1 permite a atacantes remotos llevar a cabo ataques de clickjacking a través de vectores no especificados. • http://secunia.com/advisories/54844 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2013-5976
https://notcve.org/view.php?id=CVE-2013-5976
01 Oct 2013 — Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web script or HTML via the LastMRH_Session cookie. Vulnerabilidad XSS en la política de accesos de la página de logout (logout.inc) en F5 BIG-IP APM v10.1.0 hasta v10.2.4 y v11.1.0 hasta v11.3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de la cookie LastMRH_Session. • http://secunia.com/advisories/54941 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 0CVE-2013-0150
https://notcve.org/view.php?id=CVE-2013-0150
09 Aug 2013 — Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter. Vulnerabilidad de salto de directorio en una firma no especificada de un Applet Java en un componente client-side en F5 BIG-IP APM v10.1.0 hasta v10.2.... • http://secunia.com/advisories/53477 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •