CVSS: 9.8EPSS: 0%CPEs: 111EXPL: 0CVE-2017-6165
https://notcve.org/view.php?id=CVE-2017-6165
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM y WebSafe 11.5.1 HF6 hasta la versión 11.5.4 HF4, 11.6.0 hasta la versión 11.6.1 HF1 y 12.0.0 hasta la versión 12.1.2 solo en plataformas VIPRION, el script que sincroniza elementos de configuración SafeNet External Network HSM entre hojas en una implementación agrupada registrará la contraseña de partición HSM en texto en claro en el archivo de registro "/var/log/ltm". • http://www.securityfocus.com/bid/101543 http://www.securitytracker.com/id/1039638 https://support.f5.com/csp/article/K74759095 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.9EPSS: 0%CPEs: 20EXPL: 0CVE-2017-6147
https://notcve.org/view.php?id=CVE-2017-6147
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 and 13.0.0, an undisclosed type of responses may cause TMM to restart, causing an interruption of service when "SSL Forward Proxy" setting is enabled in both the Client and Server SSL profiles assigned to a BIG-IP Virtual Server. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM y WebSafe 12.1.2-HF1 y 13.0.0, una serie de peticiones no reveladas puede provocar el reinicio del TMM y la interrupción del servicio, cuando la configuración "SSL Forward Proxy" está habilitada en los perfiles SSL del servidor y del cliente asignados a un BIG-IP Virtual Server. • http://www.securityfocus.com/bid/100981 https://support.f5.com/csp/article/K43945001 •
CVSS: 7.8EPSS: 1%CPEs: 45EXPL: 4CVE-2015-4047
https://notcve.org/view.php?id=CVE-2015-4047
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. racoon/gssapi.c en IPsec-Tools 0.8.2 permite a atacantes remotos causar una denegación de servicios (referencia a puntero nulo y caída de demonio IKE) a través de una serie de solicitudes UDP manipuladas. • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.html http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html http://seclists.org/fulldisclosure/2015/May/81 http://seclists.org/fulldisclosure/2015/May/83 http://www.debian.org/security/2015/dsa-3272 http://www.openwall.com/lists/oss-security/2015/05/20/1 http://www.openwall.com/lists/oss-security/20 • CWE-476: NULL Pointer Dereference •