Latest CVE Feed
-
9.8
CRITICALCVE-2017-6089
SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id para... Read more
Affected Products : phpcollab- Published: Oct. 03, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2017-6166
In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a v... Read more
Affected Products : big-ip_analytics big-ip_application_acceleration_manager big-ip_link_controller big-ip_ltm big-ip_afm big-ip_apm big-ip_asm big-ip_pem big-ip_dns f5_websafe +1 more products- Published: Nov. 22, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-6104
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.... Read more
Affected Products : zen_mobile_app_native- Published: Mar. 02, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-6134
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager big-ip_websafe +1 more products- Published: Dec. 21, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-6129
In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow not in use" assertion. An attacker may be able to disrupt ... Read more
Affected Products : big-ip_access_policy_manager- Published: Dec. 21, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2017-6141
In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traf... Read more
- Published: Oct. 20, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-6133
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service.... Read more
- Published: Dec. 21, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2017-6137
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie ... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager +1 more products- Published: May. 09, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2017-6147
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 and 13.0.0, an undisclosed type of responses may cause TMM to restart, causing an interruption of service when "SSL Forward Proxy" setting is enabled in bot... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager big-ip_websafe- Published: Sep. 18, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-6151
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a d... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager big-ip_websafe +3 more products- Published: Dec. 21, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-6197
The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.... Read more
Affected Products : radare2- Published: Feb. 24, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-6277
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to deni... Read more
- Published: Sep. 22, 2017
- Modified: Apr. 20, 2025
-
7.2
HIGHCVE-2017-6183
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.... Read more
- Published: Mar. 30, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-6161
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be ... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager big-ip_edge_gateway +1 more products- Published: Oct. 27, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2017-6159
F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server. Data plane is vuln... Read more
- Published: Oct. 27, 2017
- Modified: Apr. 20, 2025
-
5.9
MEDIUMCVE-2017-6163
In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client ... Read more
- Published: Oct. 27, 2017
- Modified: Apr. 20, 2025
-
8.5
HIGHCVE-2017-6167
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected.... Read more
- Published: Dec. 21, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-6181
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.... Read more
Affected Products : ruby- Published: Apr. 03, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-6180
Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vulnerability affecting goform/formChnUserPwd and goform/formUserMng (and the entire set of other pages).... Read more
- Published: Mar. 13, 2017
- Modified: Apr. 20, 2025
-
7.3
HIGHCVE-2017-6189
Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working directory of the Kindle Setup installer.... Read more
Affected Products : kindle_for_pc- Published: Mar. 15, 2017
- Modified: Apr. 20, 2025