CVSS: 4.3EPSS: 0%CPEs: 71EXPL: 0CVE-2015-8021
https://notcve.org/view.php?id=CVE-2015-8021
Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before HF6; BIG-IP AFM and PEM 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; and BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF11 and 11.3.0 allows remote authenticated users to upload files via uploadImage.php. Vulnerabilidad de lista negra incompleta en la utilidad Configuration en F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller y PSM 11.x en versiones anteriores a 11.2.1 HF11, 11.3.x, 11.4.0 en versiones anteriores a HF8 y 11.4.1 en versiones anteriores a HF6; BIG-IP AAM 11.4.0 en versiones anteriores a HF8 y 11.4.1 en versiones anteriores a HF6; BIG-IP AFM y PEM 11.3.x, 11.4.0 en versiones anteriores a HF8 y 11.4.1 en versiones anteriores a HF6 y BIG-IP Edge Gateway, WebAccelerator y WOM 11.x en versiones anteriores a 11.2.1 HF11 y 11.3.0 permite a usuarios remotos autenticados cargar archivos a través de uploadImage.php. • http://www.securityfocus.com/bid/82340 http://www.securitytracker.com/id/1034781 https://support.f5.com/kb/en-us/solutions/public/k/49/sol49580002.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2015-8240
https://notcve.org/view.php?id=CVE-2015-8240
The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.0 HF6 and BIG-IP PSM before 11.4.1 HF10 does not properly handle TCP options, which allows remote attackers to cause a denial of service via unspecified vectors, related to the tm.minpathmtu database variable. El Traffic Management Microkernel (TMM) en F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller y BIG-IP PEM en versiones anteriores a 11.4.1 HF10, 11.5.x en versiones anteriores a 11.5.4 y 11.6.x en versiones anteriores a 11.6.0 HF6 y BIG-IP PSM en versiones anteriores a 11.4.1 HF10 no maneja correctamente opciones TCP, lo que permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados, relacionado con la variable de base de datos tm.minpathmtu. • http://www.securitytracker.com/id/1035367 https://support.f5.com/kb/en-us/solutions/public/k/06/sol06223540.html • CWE-19: Data Processing Errors •
CVSS: 8.1EPSS: 97%CPEs: 68EXPL: 10CVE-2015-7547 – glibc - 'getaddrinfo' Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2015-7547
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. Múltiples desbordamientos de buffer basado en pila en las funciones (1) send_dg y (2) send_vc en la librería libresolv en la librería GNU C (también conocida como glibc o libc6) en versiones anteriores a 2.23 permiten a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una respuesta DNS manipulada que desencadenan una llamada a la función getaddrinfo con la familia de direcciones AF_UNSPEC o AF_INET6, en relación con la ejecución de "consultas duales A/AAAA DNS" y el módulo libnss_dns.so.2 NSS. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. • https://www.exploit-db.com/exploits/39454 https://www.exploit-db.com/exploits/40339 https://github.com/fjserna/CVE-2015-7547 https://github.com/cakuzo/CVE-2015-7547 https://github.com/Stick-U235/CVE-2015-7547-Research https://github.com/t0r0t0r0/CVE-2015-7547 https://github.com/babykillerblack/CVE-2015-7547 https://github.com/Amilaperera12/Glibc-Vulnerability-Exploit-CVE-2015-7547 https://github.com/miracle03/CVE-2015-7547-master https://github.com/bluebluelan/CVE-2015-7547&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 193EXPL: 0CVE-2015-5516
https://notcve.org/view.php?id=CVE-2015-5516
Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM, and Link Controller 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.x before HF6, BIG-IP AAM 11.4.x, 11.5.x before 11.5.3 HF2 and 11.6.0 before HF6, BIG-IP AFM and PEM 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP Analytics 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP APM and ASM 10.1.0 through 10.2.4, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, and 11.3.0, BIG-IP PSM 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, and 11.4.x before 11.4.1 HF, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, and BIG-IQ ADC 4.5.0 might allow remote attackers to cause a denial of service (memory consumption) via a large number of crafted UDP packets. Fuga de memoria en el modulo kernel last hop en F5 BIG-IP LTM, GTM y Link Controller 10.1.x, 10.2.x en versiones anteriores a 10.2.4 HF13, 11.x en versiones anteriores a 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x en versiones anteriores a 11.5.3 HF2 y 11.6.x en versiones anteriores a HF6, BIG-IP AAM 11.4.x, 11.5.x en versiones anteriores a 11.5.3 HF2 y 11.6.0 en versiones anteriores a HF6, BIG-IP AFM y PEM 11.3.x, 11.4.x, 11.5.x en versiones anteriores a 11.5.3 HF2 y 11.6.0 en versiones anteriores a HF6, BIG-IP Analytics 11.x en versiones anteriores a 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x en versiones anteriores a 11.5.3 HF2 y 11.6.0 en versiones anteriores a HF6, BIG-IP APM and ASM 10.1.0 hasta la versión 10.2.4, 11.x en versiones anteriores a 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x en versiones anteriores a 11.5.3 HF2 y 11.6.0 en versiones anteriores a HF6, BIG-IP Edge Gateway, WebAccelerator y WOM 10.1.x, 10.2.x en versiones anteriores a 10.2.4 HF13, 11.x en versiones anteriores a 11.2.1 HF15 y 11.3.0, BIG-IP PSM 10.1.x, 10.2.x en versiones anteriores a 10.2.4 HF13, 11.x en versiones anteriores a 11.2.1 HF15, 11.3.x y 11.4.x en versiones anteriores a 11.4.1 HF, Enterprise Manager 3.0.0 hasta la versión 3.1.1, BIG-IQ Cloud and Security 4.0.0 hasta la versión 4.5.0, BIG-IQ Device 4.2.0 hasta la versión 4.5.0 y BIG-IQ ADC 4.5.0 podría permitir a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de un gran número de paquetes UDP manipulados. • http://www.securitytracker.com/id/1034686 http://www.securitytracker.com/id/1034687 https://support.f5.com/kb/en-us/solutions/public/k/00/sol00032124.html • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2015-7759
https://notcve.org/view.php?id=CVE-2015-7759
BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1, when the TCP profile for a virtual server is configured with Congestion Metrics Cache enabled, allow remote attackers to cause a denial of service (Traffic Management Microkernel (TMM) restart) via crafted ICMP packets, related to Path MTU (PMTU) discovery. BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller y PEM 12.0.0 en versiones anteriores a HF1, cuando el perfil TCP para un servidor virtual se configura con Congestion Metrics Cache habilitado, permiten a atacantes remotos causar una denegación de servicio (reinicio del Traffic Management Microkernel (TMM)) a través de paquetes ICMP manipulados, relacionada con el descubrimiento de Path MTU (PMTU). • http://www.securitytracker.com/id/1034627 https://support.f5.com/kb/en-us/solutions/public/k/22/sol22843911.html • CWE-20: Improper Input Validation •