CVSS: 7.8EPSS: 91%CPEs: 35EXPL: 0CVE-2014-0101 – kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk
https://notcve.org/view.php?id=CVE-2014-0101
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. La función sctp_sf_do_5_1D_ce en net/sctp/sm_statefuns.c en el kernel de Linux hasta la versión 3.13.6 no valida ciertos campos auth_enable y auth_capable antes de hacer una llamada sctp_sf_authenticate, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída del sistema) a través de un SCTP handshake con un fragmento INIT modificado y un fragmento AUTH manipulado anterior a un fragmento COOKIE_ECHO. A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec0223ec48a90cb605244b45f7c62de856403729 http://rhn.redhat.com/errata/RHSA-2014-0328.html http://rhn.redhat.com/errata/RHSA-2014-0419.html http://rhn.redhat.com/errata/RHSA-2014-0432.html http://secunia.com/advisories/59216 http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.html http://www.openwall.com/lists/oss-security/2014/03/04/6 http://www.securityfocus.com/bid/65943 h • CWE-476: NULL Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 21EXPL: 0CVE-2013-6024
https://notcve.org/view.php?id=CVE-2013-6024
The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory via unspecified vectors. Los componentes Edge Client en F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, y 14.x, BIG-IP Edge Gateway 10.x y 11.x y FirePass 7.0.0 permiten a atacantes obtener información sensible de la memoria de procesos a través de vectores no especificados. • http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14969.html http://www.kb.cert.org/vuls/id/146430 http://www.securityfocus.com/bid/65422 https://support.f5.com/csp/article/K14969 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2013-5976
https://notcve.org/view.php?id=CVE-2013-5976
Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web script or HTML via the LastMRH_Session cookie. Vulnerabilidad XSS en la política de accesos de la página de logout (logout.inc) en F5 BIG-IP APM v10.1.0 hasta v10.2.4 y v11.1.0 hasta v11.3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de la cookie LastMRH_Session. • http://secunia.com/advisories/54941 http://support.f5.com/kb/en-us/solutions/public/14000/700/sol14712.html http://www.securityfocus.com/bid/62596 http://www.securitytracker.com/id/1029079 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2013-5975
https://notcve.org/view.php?id=CVE-2013-5975
The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. La política de acceso en la página de inicio de sesión (logon.inc) en F5 BIG-IP APM v11.1.0 hasta v11.2.1 permite a atacantes remotos llevar a cabo ataques de clickjacking a través de vectores no especificados. • http://secunia.com/advisories/54844 http://support.f5.com/kb/en-us/solutions/public/14000/700/sol14700.html http://www.securitytracker.com/id/1029079 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 1%CPEs: 23EXPL: 0CVE-2013-0150
https://notcve.org/view.php?id=CVE-2013-0150
Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter. Vulnerabilidad de salto de directorio en una firma no especificada de un Applet Java en un componente client-side en F5 BIG-IP APM v10.1.0 hasta v10.2.4 y v11.0.0 hasta v11.3.0, FirePass v6.0.0 hasta v6.1.0 y v7.0.0, y otros productos "cuando APM se aprovisiona," permite que atacantes remotos puedan subir y ejecutar fichero de su elección a través de .. (punto punto) en el parámetro nombre de fichero. • http://secunia.com/advisories/53477 http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html https://nealpoole.com/blog/2013/07/code-execution-via-f5-networks-java-applet • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •