CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2015-5058
https://notcve.org/view.php?id=CVE-2015-5058
Memory leak in the virtual server component in F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.5.x before 11.5.1 HF10, 11.5.3 before HF1, and 11.6.0 before HF5, BIG-IQ Cloud, Device, and Security 4.4.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted ICMP packets. Vulnerabilidad de fuga de memoria en el componente de servidor virtual en F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller y PEM 11.5.x en versiones anteriores a 11.5.1 HF10, 11.5.3 en versiones anteriores a HF1 y 11.6.0 en versiones anteriores a HF5, BIG-IQ Cloud, Device y Security 4.4.0 hasta la versión 4.5.0 y BIG-IQ ADC 4.5.0, permite a atacantes remotos causar una denegación de servicio (consumo de la memoria) a través de un gran número de paquetes ICMP manipulados. • http://www.securitytracker.com/id/1033334 https://support.f5.com/kb/en-us/solutions/public/17000/000/sol17047.html • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2015-4637
https://notcve.org/view.php?id=CVE-2015-4637
The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name. La API REST en F5 BIG-IQ Cloud, Device, and Security 4.4.0 y 4.5.0 anterior a HF2 y ADC 4.5.0 anterior a HF2, cuando se configura para la autenticación remota LDAP y el servidor LDAP permite operaciones anónimas de bind, permite a atacantes remotos obtener un token de autenticación para usuarios arbitrarios mediante la adivinación de un nombre de cuenta de usuario de LDAP. • https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html • CWE-17: DEPRECATED: Code CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 1%CPEs: 45EXPL: 4CVE-2015-4047
https://notcve.org/view.php?id=CVE-2015-4047
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. racoon/gssapi.c en IPsec-Tools 0.8.2 permite a atacantes remotos causar una denegación de servicios (referencia a puntero nulo y caída de demonio IKE) a través de una serie de solicitudes UDP manipuladas. • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.html http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html http://seclists.org/fulldisclosure/2015/May/81 http://seclists.org/fulldisclosure/2015/May/83 http://www.debian.org/security/2015/dsa-3272 http://www.openwall.com/lists/oss-security/2015/05/20/1 http://www.openwall.com/lists/oss-security/20 • CWE-476: NULL Pointer Dereference •
CVSS: 2.3EPSS: 0%CPEs: 35EXPL: 0CVE-2014-4027 – Kernel: target/rd: imformation leakage
https://notcve.org/view.php?id=CVE-2014-4027
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. La función rd_build_device_space en drivers/target/target_core_rd.c en el kernel de Linux anterior a 3.14 no inicializa debidamente cierta estructura de datos, lo que permite a usuarios locales obtener información sensible de la memoria ramdisk_mcp mediante el aprovechamiento del acceso a un iniciador SCSI. An information leak flaw was found in the RAM Disks Memory Copy (rd_mcp) backend driver of the iSCSI Target subsystem of the Linux kernel. A privileged user could use this flaw to leak the contents of kernel memory to an iSCSI initiator remote client. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618 http://secunia.com/advisories/59134 http://secunia.com/advisories/59777 http://secunia.com/advisories/60564 http://secunia.com/advisories/61310 http://www.openwall. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 1%CPEs: 49EXPL: 6CVE-2014-0196 – Linux Kernel Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2014-0196
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. La función n_tty_write en drivers/tty/n_tty.c en el kernel de Linux hasta 3.14.3 no maneja debidamente acceso al controlador tty en el caso 'LECHO & !OPOST', lo que permite a usuarios locales causar una denegación de servicio (consumo de memoria y caída de sistema) o ganar privilegios mediante la provocación de una condición de carrera involucrando operaciones de lectura y escritura con cadenas largas. Linux Kernel contains a race condition vulnerability within the n_tty_write function that allows local users to cause a denial-of-service (DoS) or gain privileges via read and write operations with long strings. • https://www.exploit-db.com/exploits/33516 https://github.com/tempbottle/CVE-2014-0196 https://github.com/SunRain/CVE-2014-0196 http://bugzilla.novell.com/show_bug.cgi?id=875690 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00 http://linux.oracle.com/errata/ELSA-2014-0771.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg0001 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •