All CVEs — 2017 (Page 2/103)

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0

2017-12-27

Medium

CVE-2017-17909

PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter.

CVSS: 4.8 CWE: CWE-79

High

CVE-2017-17908

PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general.

CVSS: 8.8 CWE: CWE-352

Medium

CVE-2017-17907

PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter.

CVSS: 6.1 CWE: CWE-79

Critical

CVE-2017-17906

PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.

CVSS: 9.8 CWE: CWE-89

High

CVE-2017-17905

PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php.

CVSS: 8.8 CWE: CWE-352

Medium

CVE-2017-17904

FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile.

CVSS: 5.4 CWE: CWE-79

High

CVE-2017-17903

FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel.

CVSS: 8.8 CWE: CWE-352

Critical

CVE-2017-17900

SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter.

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2017-17899

SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter.

CVSS: 9.8 CWE: CWE-89

High

CVE-2017-17898

Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.

CVSS: 7.5 CWE: CWE-200

Critical

CVE-2017-17897

SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 9.8 CWE: CWE-89

Medium

CVE-2017-17896

Readymade Job Site Script has XSS via the keyword parameter to the /job URI.

CVSS: 6.1 CWE: CWE-79

Critical

CVE-2017-17895

Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI.

CVSS: 9.8 CWE: CWE-89

High

CVE-2017-17894

Readymade Job Site Script has CSRF via the /job URI.

CVSS: 8.8 CWE: CWE-352

Medium

CVE-2017-17893

Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter.

CVSS: 6.1 CWE: CWE-79

Critical

CVE-2017-17892

Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter.

CVSS: 9.8 CWE: CWE-89

High

CVE-2017-17891

Readymade Video Sharing Script has CSRF via user-profile-edit.php.

CVSS: 8.8 CWE: CWE-352

High

CVE-2017-17888

cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter…

CVSS: 8.8 CWE: CWE-78

Medium

CVE-2017-17887

In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image fi…

CVSS: 6.5 CWE: CWE-772

Medium

CVE-2017-17886

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.

CVSS: 6.5 CWE: CWE-772

Medium

CVE-2017-17885

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.

CVSS: 6.5 CWE: CWE-772

Medium

CVE-2017-17884

In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.

CVSS: 6.5 CWE: CWE-772

Medium

CVE-2017-17883

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file.

CVSS: 6.5 CWE: CWE-772

Medium

CVE-2017-17882

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.

CVSS: 6.5 CWE: CWE-772

Medium

CVE-2017-17881

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.

CVSS: 6.5 CWE: CWE-772

High

CVE-2017-17880

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check.

CVSS: 8.8 CWE: CWE-125

High

CVE-2017-17879

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.

CVSS: 8.8 CWE: CWE-125

Critical

CVE-2017-17878

An issue was discovered in Valve Steam Link build 643. Root passwords longer than 8 characters are truncated because of the default use of DES (aka the CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="des" settin…

CVSS: 9.8 CWE: CWE-327

Critical

CVE-2017-17875

The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action.

CVSS: 9.8 CWE: CWE-89

High

CVE-2017-17874

Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.

CVSS: 8.8 CWE: CWE-434

Critical

CVE-2017-17873

Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2017-17872

The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action.

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2017-17871

The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter.

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2017-17870

The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action.

CVSS: 9.8 CWE: CWE-89

Medium

CVE-2017-17869

The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2017-17868

In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag.

CVSS: 6.1 CWE: CWE-79

High

CVE-2017-17866

pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (b…

CVSS: 7.8 CWE: CWE-119

Low

CVE-2017-17864

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentia…

CVSS: 3.3 CWE: CWE-200

High

CVE-2017-17863

kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer…

CVSS: 7.8 CWE: CWE-190

Medium

CVE-2017-17862

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning…

CVSS: 5.5 CWE: CWE-20

Medium

CVE-2017-17859

Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside X…

CVSS: 6.1 CWE: CWE-79

High

CVE-2017-17857

The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other im…

CVSS: 7.8 CWE: CWE-119

High

CVE-2017-17856

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-…

CVSS: 7.8 CWE: CWE-119

High

CVE-2017-17855

CVSS: 7.8 CWE: CWE-119

High

CVE-2017-17854

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveragi…

CVSS: 7.8 CWE: CWE-190

High

CVE-2017-17853

CVSS: 7.8 CWE: CWE-119

High

CVE-2017-17852

CVSS: 7.8 CWE: CWE-119

High

CVE-2017-17850

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must…

CVSS: 7.5 CWE: CWE-20

Critical

CVE-2017-17849

A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response.

CVSS: 9.8 CWE: CWE-119

High

CVE-2017-17848

An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a…

CVSS: 7.5 CWE: CWE-347

High

CVE-2017-17847

An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the enti…

CVSS: 7.5 CWE: CWE-347

High

CVE-2017-17846

An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.

CVSS: 7.5 CWE: CWE-20

High

CVE-2017-17845

An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001.

CVSS: 7.3 CWE: CWE-338

Medium

CVE-2017-17844

An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relyin…

CVSS: 6.5 CWE: CWE-319

High

CVE-2017-17840

An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to la…

CVSS: 7.8 CWE: CWE-119

Medium

CVE-2017-17832

ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter,…

CVSS: 5.4 CWE: CWE-79

High

CVE-2017-17010

Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified dire…

CVSS: 7.8 CWE: CWE-426

High

CVE-2017-16996

CVSS: 7.8 CWE: CWE-119

High

CVE-2017-16995

The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by lev…

CVSS: 7.8 CWE: CWE-119

Medium

CVE-2017-1698

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390.

CVSS: 5.3 CWE: CWE-200

High

CVE-2017-16897

A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate the…

CVSS: 8.1 CWE: CWE-290

Medium

CVE-2017-1365

IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScrip…

CVSS: 5.4 CWE: CWE-79

2017-12-26

High

CVE-2017-12741

Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually.

CVSS: 7.5 CWE: CWE-400

Medium

CVE-2017-12740

Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to mani…

CVSS: 5.9 CWE: CWE-494

High

CVE-2017-12736

After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. This could allow an attacker located in the adjacent network of…

CVSS: 8.8 CWE: CWE-1188

2017-12-25

High

CVE-2017-13883

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privi…

CVSS: 7.8 CWE: CWE-119

High

CVE-2017-13879

An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "IOMobileFrameBuffer" component. It allows attackers to execute arbitrary code in a privileged c…

CVSS: 7.8 CWE: CWE-119

High

CVE-2017-13878

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read res…

CVSS: 7.1 CWE: CWE-125

High

CVE-2017-13876

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the…

CVSS: 7.8 CWE: CWE-119

High

CVE-2017-13875

CVSS: 7.8 CWE: CWE-125

High

CVE-2017-13870

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected…

CVSS: 8.8 CWE: CWE-119

Medium

CVE-2017-13869

CVSS: 5.5 CWE: CWE-200

Medium

CVE-2017-13868

CVSS: 5.5 CWE: CWE-200

High

CVE-2017-13867

CVSS: 7.8 CWE: CWE-119

High

CVE-2017-13866

CVSS: 8.8 CWE: CWE-119

Medium

CVE-2017-13865

CVSS: 5.5 CWE: CWE-200

Medium

CVE-2017-13864

An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It allows man…

CVSS: 5.9 CWE: CWE-200

High

CVE-2017-13862

CVSS: 7.8 CWE: CWE-119

High

CVE-2017-13861

An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows a…

CVSS: 7.8 CWE: CWE-119

High

CVE-2017-13858

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context vi…

CVSS: 7.8 CWE: CWE-20

High

CVE-2017-13856

CVSS: 8.8 CWE: CWE-119

Medium

CVE-2017-13855

CVSS: 5.5 CWE: CWE-704

High

CVE-2017-13848

CVSS: 7.8 CWE: CWE-20

High

CVE-2017-13847

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary co…

CVSS: 7.8 CWE: CWE-119

2017-12-23

High

CVE-2017-14022

An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with Fact…

CVSS: 7.5 CWE: CWE-20

2017-12-22

High

CVE-2017-15328

Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the priv…

CVSS: 7.5 CWE: CWE-200

High

CVE-2017-15324

Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. A remote attacker could exploit this vulnera…

CVSS: 7.5 CWE: CWE-20

Medium

CVE-2017-15322

Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 and BGO-L03C331B009CUSTC331D001 have a DoS vulnerability due to insufficient input validation. An attacker could exploit this vuln…

CVSS: 6.5 CWE: CWE-20

Low

CVE-2017-15321

Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets tran…

CVSS: 3.7 CWE: CWE-200

High

CVE-2017-15320

RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bou…

CVSS: 7.5 CWE: CWE-125

High

CVE-2017-15319

CVSS: 7.5 CWE: CWE-125

High

CVE-2017-15318

CVSS: 7.5 CWE: CWE-125

High

CVE-2017-15317

AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR1200-S V200R006C10, V200R007C00, V200R0…

CVSS: 7.5 CWE: CWE-125

High

CVE-2017-15316

The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vu…

CVSS: 7.8 CWE: CWE-415

High

CVE-2017-15313

Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device.

CVSS: 8.8 CWE: CWE-74

Medium

CVE-2017-15312

Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious script…

CVSS: 5.4 CWE: CWE-79

High

CVE-2017-15311

The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00…

CVSS: 8.8 CWE: CWE-119

Medium

CVE-2017-15310

Huawei iReader app before 8.0.2.301 has an arbitrary file deletion vulnerability due to the lack of input validation. An attacker can exploit this vulnerability to delete specific files from the SD c…

CVSS: 6.5 CWE: CWE-20

High

CVE-2017-15309

Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious f…

CVSS: 7.1 CWE: CWE-22

High

CVE-2017-15308

Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load maliciou…

CVSS: 8.8 CWE: CWE-20

Medium

CVE-2017-16766

An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML vi…

CVSS: 6.5 CWE: CWE-284

High

CVE-2017-10909

Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CVSS: 7.8 CWE: CWE-426

High

CVE-2017-10908

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.

CVSS: 7.5 CWE: CWE-20

Medium

CVE-2017-10907

Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors.

CVSS: 4.3 CWE: CWE-22

Medium

CVE-2017-10872

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors.

CVSS: 6.5 CWE: CWE-118

High

CVE-2017-10869

Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors.

CVSS: 7.5 CWE: CWE-119

High

CVE-2017-10868

H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header.

CVSS: 7.5 CWE: CWE-20

2017-12-21

Medium

CVE-2017-14363

Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scrip…

CVSS: 5.9 CWE: CWE-79

High

CVE-2017-17692

Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the…

CVSS: 7.5 CWE: CWE-200

High

CVE-2017-6167

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being execute…

CVSS: 7.5 CWE: CWE-362

High

CVE-2017-6164

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4…

CVSS: 8.1 CWE: CWE-20

High

CVE-2017-6140

On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 1…

CVSS: 7.5 CWE: CWE-20

Medium

CVE-2017-6139

In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers r…

CVSS: 5.9 CWE: CWE-532

High

CVE-2017-6138

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profil…

CVSS: 7.5 CWE: CWE-20

Medium

CVE-2017-6136

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, w…

CVSS: 5.9 CWE: CWE-20

High

CVE-2017-6135

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP…

CVSS: 7.5 CWE: CWE-772

Medium

CVE-2017-6134

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced f…

CVSS: 6.5 CWE: CWE-20

High

CVE-2017-6133

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service.

CVSS: 7.5 CWE: CWE-20

High

CVE-2017-6132

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of…

CVSS: 7.5 CWE: CWE-20

High

CVE-2017-6129

In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow no…

CVSS: 7.5 CWE: CWE-20