CVSS: 9.0EPSS: 0%CPEs: 140EXPL: 0CVE-2016-5020
https://notcve.org/view.php?id=CVE-2016-5020
F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script. F5 BIG-IP en versiones anteriores a 12.0.0 HF3 permite a usuarios remotos autenticados modificar la configuración de cuenta de usuarios con el rol Resource Administration y obtener privilegios a través de una secuencia de comandos de monitor Extended Application Verification (EAV) externa manipulada. • http://www.securityfocus.com/bid/91532 http://www.securitytracker.com/id/1036131 https://support.f5.com/kb/en-us/solutions/public/k/00/sol00265182.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 73EXPL: 0CVE-2016-5021
https://notcve.org/view.php?id=CVE-2016-5021
The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors. El servicio iControl REST en F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller y PEM 11.5.x en versiones anteriores a 11.5.4, 11.6.x en versiones anteriores a 11.6.1 y 12.x en versiones anteriores a 12.0.0 HF3; BIG-IP DNS 12.x en versiones anteriores a 12.0.0 HF3; BIG-IP GTM 11.5.x en versiones anteriores a 11.5.4 y 11.6.x en versiones anteriores a 11.6.1; BIG-IQ Cloud and Security 4.0.0 hasta la versión 4.5.0; BIG-IQ Device 4.2.0 hasta la versión 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0 y BIG-IQ Cloud and Orchestration 1.0.0 permite a administradores remotos autenticados obtener información sensible a través de vectores no especificados. • http://www.securitytracker.com/id/1036172 https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 120EXPL: 0CVE-2015-8099
https://notcve.org/view.php?id=CVE-2015-8099
F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment. F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller y PEM 11.3.x, 11.4.x en versiones anteriores a 11.4.1 HF10, 11.5.x en versiones anteriores a 11.5.4, 11.6.x en versiones anteriores a 11.6.1 y 12.x en versiones anteriores a 12.0.0 HF1; BIG-IP AAM 11.4.x en versiones anteriores a 11.4.1 HF10, 11.5.x en versiones anteriores a 11.5.4, 11.6.x en versiones anteriores a 11.6.1 y 12.x en versiones anteriores a 12.0.0 HF1; BIG-IP DNS 12.x en versiones anteriores a 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator y WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x en versiones anteriores a 11.4.1 HF10, 11.5.x en versiones anteriores a 11.5.4 y 11.6.x en versiones anteriores a 11.6.1; BIG-IP PSM 11.3.x y 11.4.x en versiones anteriores a 11.4.1 HF10; Enterprise Manager 3.0.0 hasta la versión 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 hasta la versión 4.5.0; BIG-IQ Device 4.2.0 hasta la versión 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; y BIG-IQ Cloud and Orchestration 1.0.0 en las plataformas 3900, 6900, 8900, 8950, 11000, 11050, PB100 y PB200, cuando las cookies del sofware SYN están configuradas en servidores virtuales, permite a atacantes remotos provocar una denegación de servicio (cuelgue de High-Speed Bridge) a través de un segmento TCP no válido. • http://www.securitytracker.com/id/1035873 http://www.securitytracker.com/id/1035874 https://support.f5.com/kb/en-us/solutions/public/k/35/sol35358312.html • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 106EXPL: 0CVE-2016-2084
https://notcve.org/view.php?id=CVE-2016-2084
F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, and 11.6.0 before build 6.204.442; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 build 685-HF10; BIG-IQ Cloud, Device, and Security 4.2.0 through 4.5.0; and BIG-IQ ADC 4.5.0 do not properly regenerate certificates and keys when deploying cloud images in Amazon Web Services (AWS), Azure or Verizon cloud services environments, which allows attackers to obtain sensitive information or cause a denial of service (disruption) by leveraging a target instance configuration. F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Lenk Controller y PEM 11.3.x, 11.4.x en versiones anteriores a 11.4.1 build 685-HF10, 11.5.1 en versiones anteriores a build 10.104.180, 11.5.2 en versiones anteriores a 11.5.4 build 0.1.256, 11.6.0 en versiones anteriores a build 6.204.442 y 12.0.0 en versiones anteriores a build 1.14.628; BIG-IP AAM 11.4.x en versiones anteriores a 11.4.1 build 685-HF10, 11.5.1 en versiones anteriores a build 10.104.180, 11.5.2 en versiones anteriores a 11.5.4 build 0.1.256, 11.6.0 en versiones anteriores a build 6.204.442 y 12.0.0 en versiones anteriores a build 1.14.628; BIG-IP DNS 12.0.0 en versiones anteriores a build 1.14.628; BIG-IP Edge Gateway, WebAccelerator y WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x en versiones anteriores a 11.4.1 build 685-HF10, 11.5.1 en versiones anteriores a build 10.104.180, 11.5.2 en versiones anteriores a 11.5.4 build 0.1.256 y 11.6.0 en versiones anteriores a build 6.204.442; BIG-IP PSM 11.3.x y 11.4.x en versiones anteriores a 11.4.1 build 685-HF10; BIG-IQ Cloud, Device y Security 4.2.0 hasta la versión 4.5.0 y BIG-IQ ADC 4.5.0 no regenera correctamente certificados y claves cuando despliega imágenes en la nube en Amazon Web Services (AWS), Azure o entornos de servicios en al nube de Verizon, lo que permite a atacantes obtener información sensible o provocar una denegación de servicio (interrupción) aprovechando una configuración de instancia de objetivo. • http://www.securitytracker.com/id/1035520 https://support.f5.com/kb/en-us/solutions/public/k/11/sol11772107.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 97%CPEs: 68EXPL: 10CVE-2015-7547 – glibc - 'getaddrinfo' Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2015-7547
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. Múltiples desbordamientos de buffer basado en pila en las funciones (1) send_dg y (2) send_vc en la librería libresolv en la librería GNU C (también conocida como glibc o libc6) en versiones anteriores a 2.23 permiten a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una respuesta DNS manipulada que desencadenan una llamada a la función getaddrinfo con la familia de direcciones AF_UNSPEC o AF_INET6, en relación con la ejecución de "consultas duales A/AAAA DNS" y el módulo libnss_dns.so.2 NSS. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. • https://www.exploit-db.com/exploits/39454 https://www.exploit-db.com/exploits/40339 https://github.com/fjserna/CVE-2015-7547 https://github.com/cakuzo/CVE-2015-7547 https://github.com/Stick-U235/CVE-2015-7547-Research https://github.com/t0r0t0r0/CVE-2015-7547 https://github.com/babykillerblack/CVE-2015-7547 https://github.com/Amilaperera12/Glibc-Vulnerability-Exploit-CVE-2015-7547 https://github.com/miracle03/CVE-2015-7547-master https://github.com/bluebluelan/CVE-2015-7547&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •