Latest CVE Feed
-
6.1
MEDIUMCVE-2017-6216
novaksolutions/infusionsoft-php-sdk v2016-10-31 is vulnerable to a reflected XSS in the leadscoring.php resulting code execution... Read more
Affected Products : infusionsoft-php-sdk- Published: Jul. 03, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-6215
paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution.... Read more
- Published: Aug. 02, 2018
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-6213
paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution.... Read more
- Published: Aug. 02, 2018
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2017-6201
A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from ac... Read more
Affected Products : sandstorm- Published: Feb. 06, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2017-6200
Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name.... Read more
Affected Products : sandstorm- Published: Feb. 06, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-6199
A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field.... Read more
Affected Products : sandstorm- Published: Feb. 06, 2018
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2017-6198
The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space.... Read more
Affected Products : sandstorm- Published: Feb. 06, 2018
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2017-6193
Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted image containing a malformed image size descriptor in the IHDR chunk.... Read more
Affected Products : apng_disassembler- Published: Feb. 20, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2017-6192
Buffer overflow in APNGDis 2.8 and earlier allows a remote attackers to cause denial of service and possibly execute arbitrary code via a crafted image containing a malformed chunk size descriptor.... Read more
Affected Products : apng_disassembler- Published: Feb. 20, 2018
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2017-6169
In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virtual server using the URL categorization feature may cause the Traffic Management Microkernel (TMM) to produce a core file when it receives malformed URLs during categorization.... Read more
Affected Products : big-ip_policy_enforcement_manager- Published: Feb. 06, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2017-6158
In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 there is a vulnerability in TMM related to handling of invalid IP addresses.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager +3 more products- Published: Apr. 13, 2018
- Modified: Nov. 21, 2024
-
6.4
MEDIUMCVE-2017-6156
When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The ... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager +3 more products- Published: Apr. 13, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-6155
On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There ... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager big-ip_websafe big-ip_edge_gateway big-ip_webaccelerator +1 more products- Published: Apr. 13, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-6154
On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, the BIG-IP ASM bd daemon may core dump memory under some circumstances when processing undisclosed types of data on systems with 48 or more CPU cores.... Read more
Affected Products : big-ip_application_security_manager- Published: Mar. 01, 2018
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2017-6153
Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip B... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +3 more products- Published: Jun. 01, 2018
- Modified: Nov. 21, 2024
-
6.7
MEDIUMCVE-2017-6152
A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password.... Read more
Affected Products : big-iq_centralized_management- Published: Mar. 08, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-6150
Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM).... Read more
- Published: Mar. 01, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-6148
Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attache... Read more
- Published: Apr. 13, 2018
- Modified: Nov. 21, 2024
-
5.8
MEDIUMCVE-2017-6143
X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server's identity is not properly validated in F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.2, or 11.5.0-11... Read more
- Published: Apr. 13, 2018
- Modified: Nov. 21, 2024
-
5.8
MEDIUMCVE-2017-6142
X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity... Read more
Affected Products : big-ip_advanced_firewall_manager- Published: Jan. 19, 2018
- Modified: Nov. 21, 2024