2021-11-11
|
CVE-2002-20001
|
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must...
|
Dheater, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_advanced_web_application_firewall, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_application_visibility_and_reporting, Big\-Ip_carrier\-Grade_nat, Big\-Ip_ddos_hybrid_defender, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_service_proxy, Big\-Ip_ssl_orchestrator, Big\-Ip_webaccelerator, Big\-Ip_websafe, Big\-Iq_centralized_management, F5os\-A, F5os\-C, Traffix_signaling_delivery_controller, Arubaos\-Cx, Scalance_w1750d_firmware, Stormshield_management_center, Stormshield_network_security, Linux_enterprise_server
|
7.5
|
|
|
2014-05-07
|
CVE-2014-0196
|
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
|
Ubuntu_linux, Debian_linux, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_edge_gateway, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_protocol_security_module, Big\-Ip_wan_optimization_manager, Big\-Ip_webaccelerator, Big\-Iq_application_delivery_controller, Big\-Iq_centralized_management, Big\-Iq_cloud, Big\-Iq_cloud_and_orchestration, Big\-Iq_device, Big\-Iq_security, Enterprise_manager, Linux_kernel, Linux, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_eus, Suse_linux_enterprise_desktop, Suse_linux_enterprise_high_availability_extension, Suse_linux_enterprise_server
|
N/A
|
|
|
2019-07-26
|
CVE-2019-10744
|
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
|
Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_application_visibility_and_reporting, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_webaccelerator, Big\-Iq_centralized_management, Iworkflow, Lodash, Active_iq_unified_manager, Service_level_manager, Banking_extensibility_workbench, Virtualization_manager
|
9.1
|
|
|
2019-06-19
|
CVE-2019-11479
|
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.
|
Ubuntu_linux, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_webaccelerator, Big\-Iq_centralized_management, Enterprise_manager, Iworkflow, Traffix_signaling_delivery_controller, Linux_kernel, Enterprise_linux, Virtualization_host
|
7.5
|
|
|
2019-02-27
|
CVE-2019-1559
|
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt...
|
Ubuntu_linux, Debian_linux, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_webaccelerator, Big\-Iq_centralized_management, Traffix_signaling_delivery_controller, Fedora, Agent, Data_exchange_layer, Threat_intelligence_exchange_server, Web_gateway, A220_firmware, A320_firmware, A800_firmware, Active_iq_unified_manager, Altavault, C190_firmware, Cloud_backup, Clustered_data_ontap_antivirus_connector, Cn1610_firmware, Element_software, Fas2720_firmware, Fas2750_firmware, Hci_compute_node, Hci_management_node, Hyper_converged_infrastructure, Oncommand_insight, Oncommand_unified_manager, Oncommand_unified_manager_core_package, Oncommand_workflow_automation, Ontap_select_deploy, Ontap_select_deploy_administration_utility, Santricity_smi\-S_provider, Service_processor, Smi\-S_provider, Snapcenter, Snapdrive, Snapprotect, Solidfire, Steelstore_cloud_integrated_storage, Storage_automation_store, Storagegrid, Node\.js, Openssl, Leap, Api_gateway, Business_intelligence, Communications_diameter_signaling_router, Communications_performance_intelligence_center, Communications_session_border_controller, Communications_session_router, Communications_unified_session_manager, Endeca_server, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql, Mysql_enterprise_monitor, Mysql_workbench, Peoplesoft_enterprise_peopletools, Secure_global_desktop, Services_tools_bundle, Pan\-Os, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Jboss_enterprise_web_server, Virtualization, Virtualization_host, Nessus
|
5.9
|
|
|
2019-07-01
|
CVE-2019-6642
|
In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp.
|
Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_webaccelerator, Big\-Iq_centralized_management, Enterprise_manager, Iworkflow
|
8.8
|
|
|
2019-07-02
|
CVE-2019-6621
|
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ 7.0.0-7.1.0.2, 6.0.0-6.1.0, and 5.1.0-5.4.0, an undisclosed iControl REST worker is vulnerable to command injection by an admin/resource admin user. This issue impacts both iControl REST and tmsh implementations.
|
Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_webaccelerator, Big\-Iq_centralized_management
|
7.2
|
|
|
2019-09-25
|
CVE-2019-6651
|
In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request.
|
Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_webaccelerator, Big\-Iq_centralized_management, Enterprise_manager, Iworkflow
|
5.3
|
|
|
2019-09-25
|
CVE-2019-6652
|
In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any form of Transport Layer Security (TLS).
|
Big\-Iq_centralized_management
|
6.5
|
|
|
2019-09-25
|
CVE-2019-6653
|
There is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0 or 5.2.0-5.4.0 system. The attack can be stored by users granted the Device Manager and Administrator roles.
|
Big\-Iq_centralized_management
|
5.4
|
|
|