CVE-2016-2084
https://notcve.org/view.php?id=CVE-2016-2084
F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, and 11.6.0 before build 6.204.442; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 build 685-HF10; BIG-IQ Cloud, Device, and Security 4.2.0 through 4.5.0; and BIG-IQ ADC 4.5.0 do not properly regenerate certificates and keys when deploying cloud images in Amazon Web Services (AWS), Azure or Verizon cloud services environments, which allows attackers to obtain sensitive information or cause a denial of service (disruption) by leveraging a target instance configuration. F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Lenk Controller y PEM 11.3.x, 11.4.x en versiones anteriores a 11.4.1 build 685-HF10, 11.5.1 en versiones anteriores a build 10.104.180, 11.5.2 en versiones anteriores a 11.5.4 build 0.1.256, 11.6.0 en versiones anteriores a build 6.204.442 y 12.0.0 en versiones anteriores a build 1.14.628; BIG-IP AAM 11.4.x en versiones anteriores a 11.4.1 build 685-HF10, 11.5.1 en versiones anteriores a build 10.104.180, 11.5.2 en versiones anteriores a 11.5.4 build 0.1.256, 11.6.0 en versiones anteriores a build 6.204.442 y 12.0.0 en versiones anteriores a build 1.14.628; BIG-IP DNS 12.0.0 en versiones anteriores a build 1.14.628; BIG-IP Edge Gateway, WebAccelerator y WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x en versiones anteriores a 11.4.1 build 685-HF10, 11.5.1 en versiones anteriores a build 10.104.180, 11.5.2 en versiones anteriores a 11.5.4 build 0.1.256 y 11.6.0 en versiones anteriores a build 6.204.442; BIG-IP PSM 11.3.x y 11.4.x en versiones anteriores a 11.4.1 build 685-HF10; BIG-IQ Cloud, Device y Security 4.2.0 hasta la versión 4.5.0 y BIG-IQ ADC 4.5.0 no regenera correctamente certificados y claves cuando despliega imágenes en la nube en Amazon Web Services (AWS), Azure o entornos de servicios en al nube de Verizon, lo que permite a atacantes obtener información sensible o provocar una denegación de servicio (interrupción) aprovechando una configuración de instancia de objetivo. • http://www.securitytracker.com/id/1035520 https://support.f5.com/kb/en-us/solutions/public/k/11/sol11772107.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-7393
https://notcve.org/view.php?id=CVE-2015-7393
dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors. dcoep en BIG-IP LTM, Analytics, APM, ASM y Link Controller 11.2.0 hasta la versión 11.6.0 y 12.0.0 en versiones anteriores a 12.0.0 HF1, BIG-IP AAM 11.4.0 hasta la versión 11.6.0 y 12.0.0 en versiones anteriores a 12.0.0 HF1, BIG-IP AFM y PEM 11.3.0 hasta la versión 11.6.0 y 12.0.0 en versiones anteriores a 12.0.0 HF1, BIG-IP DNS 12.0.0 en versiones anteriores a 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator y WOM 11.2.0 hasta la versión 11.3.0, BIG-IP GTM 11.2.0 hasta la versión 11.6.0, BIG-IP PSM 11.2.0 hasta la versión 11.4.1, Enterprise Manager 3.0.0 hasta la versión 3.1.1, BIG-IQ Cloud 4.0.0 hasta la versión 4.5.0, BIG-IQ Device 4.2.0 hasta la versión 4.5.0, BIG-IQ Security 4.0.0 hasta la versión 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0 y BIG-IQ Cloud y Orchestration 1.0.0 permite a usuarios locales con acceso shell (bash) avanzado obtener privilegios a través de vectores no especificados. • http://securitytracker.com/id/1034632 http://www.securitytracker.com/id/1034633 https://support.f5.com/kb/en-us/solutions/public/k/75/sol75136237.html •
CVE-2015-4047
https://notcve.org/view.php?id=CVE-2015-4047
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. racoon/gssapi.c en IPsec-Tools 0.8.2 permite a atacantes remotos causar una denegación de servicios (referencia a puntero nulo y caída de demonio IKE) a través de una serie de solicitudes UDP manipuladas. • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.html http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html http://seclists.org/fulldisclosure/2015/May/81 http://seclists.org/fulldisclosure/2015/May/83 http://www.debian.org/security/2015/dsa-3272 http://www.openwall.com/lists/oss-security/2015/05/20/1 http://www.openwall.com/lists/oss-security/20 • CWE-476: NULL Pointer Dereference •
CVE-2014-4027 – Kernel: target/rd: imformation leakage
https://notcve.org/view.php?id=CVE-2014-4027
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. La función rd_build_device_space en drivers/target/target_core_rd.c en el kernel de Linux anterior a 3.14 no inicializa debidamente cierta estructura de datos, lo que permite a usuarios locales obtener información sensible de la memoria ramdisk_mcp mediante el aprovechamiento del acceso a un iniciador SCSI. An information leak flaw was found in the RAM Disks Memory Copy (rd_mcp) backend driver of the iSCSI Target subsystem of the Linux kernel. A privileged user could use this flaw to leak the contents of kernel memory to an iSCSI initiator remote client. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618 http://secunia.com/advisories/59134 http://secunia.com/advisories/59777 http://secunia.com/advisories/60564 http://secunia.com/advisories/61310 http://www.openwall. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •