Latest CVE Feed
-
6.8
MEDIUMCVE-2017-6169
In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virtual server using the URL categorization feature may cause the Traffic Management Microkernel (TMM) to produce a core file when it receives malformed URLs during categorization.... Read more
Affected Products : big-ip_policy_enforcement_manager- Published: Feb. 06, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2017-6158
In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 there is a vulnerability in TMM related to handling of invalid IP addresses.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager +3 more products- Published: Apr. 13, 2018
- Modified: Nov. 21, 2024
-
6.4
MEDIUMCVE-2017-6156
When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The ... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager +3 more products- Published: Apr. 13, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-6155
On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There ... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager big-ip_websafe big-ip_edge_gateway big-ip_webaccelerator +1 more products- Published: Apr. 13, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-6154
On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, the BIG-IP ASM bd daemon may core dump memory under some circumstances when processing undisclosed types of data on systems with 48 or more CPU cores.... Read more
Affected Products : big-ip_application_security_manager- Published: Mar. 01, 2018
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2017-6153
Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip B... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +3 more products- Published: Jun. 01, 2018
- Modified: Nov. 21, 2024
-
6.7
MEDIUMCVE-2017-6152
A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password.... Read more
Affected Products : big-iq_centralized_management- Published: Mar. 08, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-6150
Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM).... Read more
- Published: Mar. 01, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-6148
Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attache... Read more
- Published: Apr. 13, 2018
- Modified: Nov. 21, 2024
-
5.8
MEDIUMCVE-2017-6143
X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server's identity is not properly validated in F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.2, or 11.5.0-11... Read more
- Published: Apr. 13, 2018
- Modified: Nov. 21, 2024
-
5.8
MEDIUMCVE-2017-6142
X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity... Read more
Affected Products : big-ip_advanced_firewall_manager- Published: Jan. 19, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-6049
Detcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL.... Read more
Affected Products : detcon_sitewatch_gateway- Published: Apr. 02, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-6047
Detcon Sitewatch Gateway, all versions without cellular, Passwords are presented in plaintext in a file that is accessible without authentication.... Read more
Affected Products : detcon_sitewatch_gateway- Published: Apr. 02, 2019
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-6021
In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially ... Read more
- Published: May. 14, 2018
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2017-6020
Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level.... Read more
Affected Products : laquis_scada- Published: Apr. 17, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-6015
Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileg... Read more
Affected Products : factorytalk_activation- Published: May. 11, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2017-5984
In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a heap-based buffer over-read.... Read more
Affected Products : libav- Published: May. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5971
SQL injection vulnerability in NewsBee CMS allow remote attackers to execute arbitrary SQL commands.... Read more
Affected Products : newsbee- Published: Jan. 08, 2018
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2017-5947
An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn cou... Read more
- Published: Mar. 29, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2017-5934
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more
- Published: Oct. 15, 2018
- Modified: Nov. 21, 2024