Search

Find a vulnerability

Search criteria

    26 vulnerabilities found for big-iq_cloud_and_orchestration by f5

    CVE-2014-5209 (GCVE-0-2014-5209)

    Vulnerability from nvd – Published: 2020-01-08 00:29 – Updated: 2024-08-06 11:41
    VLAI
    Summary
    An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.
    Severity
    No CVSS data available.
    CWE
    • information disclosure
    Assigner
    Impacted products
    Vendor Product Version
    NTP NTP Affected: 4.2.7p25
    Create a notification for this product.
    Date Public
    2014-08-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:41:47.478Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K44942017"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K44942017?utm_source=f5support\u0026amp%3Butm_medium=RSS"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K44942017"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NTP",
              "vendor": "NTP",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.2.7p25"
                }
              ]
            }
          ],
          "datePublic": "2014-08-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-08T00:31:11.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K44942017"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K44942017?utm_source=f5support\u0026amp%3Butm_medium=RSS"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.f5.com/csp/article/K44942017"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2014-5209",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NTP",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.2.7p25"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NTP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K44942017",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K44942017"
                },
                {
                  "name": "https://support.f5.com/csp/article/K44942017?utm_source=f5support\u0026amp;utm_medium=RSS",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K44942017?utm_source=f5support\u0026amp;utm_medium=RSS"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841"
                },
                {
                  "name": "https://support.f5.com/csp/article/K44942017",
                  "refsource": "MISC",
                  "url": "https://support.f5.com/csp/article/K44942017"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2014-5209",
        "datePublished": "2020-01-08T00:29:42.000Z",
        "dateReserved": "2014-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:41:47.478Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15322 (GCVE-0-2018-15322)

    Vulnerability from nvd – Published: 2018-10-31 14:00 – Updated: 2024-08-05 09:54
    VLAI
    Summary
    On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action utilises storage space on the /var partition and when performed repeatedly causes the /var partition to be full.
    Severity
    No CVSS data available.
    CWE
    • DoS
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K28003839 x_refsource_CONFIRM
    Date Public
    2018-10-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:54:01.869Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K28003839"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe), BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration, iWorkflow, Enterprise Manager",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, 11.2.1-11.5.6"
                }
              ]
            }
          ],
          "datePublic": "2018-10-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action utilises storage space on the /var partition and when performed repeatedly causes the /var partition to be full."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DoS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-31T13:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K28003839"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2018-15322",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe), BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration, iWorkflow, Enterprise Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, 11.2.1-11.5.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action utilises storage space on the /var partition and when performed repeatedly causes the /var partition to be full."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DoS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K28003839",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K28003839"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-15322",
        "datePublished": "2018-10-31T14:00:00.000Z",
        "dateReserved": "2018-08-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:54:01.869Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15321 (GCVE-0-2018-15321)

    Vulnerability from nvd – Published: 2018-10-31 14:00 – Updated: 2024-08-05 09:54
    VLAI
    Summary
    When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack.
    Severity
    No CVSS data available.
    CWE
    • Privilege escalation
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K01067037 x_refsource_CONFIRM
    Date Public
    2018-10-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:54:01.880Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K01067037"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration, iWorkflow, Enterprise Manager",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, 11.2.1-11.5.6"
                }
              ]
            }
          ],
          "datePublic": "2018-10-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-31T13:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K01067037"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2018-15321",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration, iWorkflow, Enterprise Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, 11.2.1-11.5.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K01067037",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K01067037"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-15321",
        "datePublished": "2018-10-31T14:00:00.000Z",
        "dateReserved": "2018-08-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:54:01.880Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14634 (GCVE-0-2018-14634)

    Vulnerability from nvd – Published: 2018-09-25 21:00 – Updated: 2026-01-27 13:34
    VLAI CISA KEVIntel
    Summary
    An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2018:3540 vendor-advisoryx_refsource_REDHAT
    https://security.netapp.com/advisory/ntap-2019020… x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2018:2925 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3591 vendor-advisoryx_refsource_REDHAT
    https://www.exploit-db.com/exploits/45516/ exploitx_refsource_EXPLOIT-DB
    https://usn.ubuntu.com/3775-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2933 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3779-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2748 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3590 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3775-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2763 vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/105407 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2018:2924 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3586 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3643 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2846 vendor-advisoryx_refsource_REDHAT
    https://www.openwall.com/lists/oss-security/2018/… mailing-listx_refsource_MLIST
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
    https://support.f5.com/csp/article/K20934447?utm_… x_refsource_CONFIRM
    https://security.paloaltonetworks.com/CVE-2018-14634 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2021/07/20/2 mailing-listx_refsource_MLIST
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    Impacted products
    Vendor Product Version
    The Linux Foundation kernel Affected: 2.6.x, 3.10.x, 4.14.x
    Create a notification for this product.
    Date Public
    2018-09-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:13.057Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2018:3540",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3540"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20190204-0002/"
              },
              {
                "name": "RHSA-2018:2925",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2925"
              },
              {
                "name": "RHSA-2018:3591",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3591"
              },
              {
                "name": "45516",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45516/"
              },
              {
                "name": "USN-3775-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3775-1/"
              },
              {
                "name": "RHSA-2018:2933",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2933"
              },
              {
                "name": "USN-3779-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3779-1/"
              },
              {
                "name": "RHSA-2018:2748",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2748"
              },
              {
                "name": "RHSA-2018:3590",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3590"
              },
              {
                "name": "USN-3775-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3775-2/"
              },
              {
                "name": "RHSA-2018:2763",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2763"
              },
              {
                "name": "105407",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105407"
              },
              {
                "name": "RHSA-2018:2924",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2924"
              },
              {
                "name": "RHSA-2018:3586",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3586"
              },
              {
                "name": "RHSA-2018:3643",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3643"
              },
              {
                "name": "RHSA-2018:2846",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2846"
              },
              {
                "name": "[oss-security] 20180925 Integer overflow in Linux\u0027s create_elf_tables() (CVE-2018-14634)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2018/09/25/4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K20934447?utm_source=f5support\u0026amp%3Butm_medium=RSS"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2018-14634"
              },
              {
                "name": "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/07/20/2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-14634",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-27T04:55:37.112982Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-01-26",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14634"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-27T13:34:52.261Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14634"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel",
              "vendor": "The Linux Foundation",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6.x, 3.10.x, 4.14.x"
                }
              ]
            }
          ],
          "datePublic": "2018-09-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An integer overflow flaw was found in the Linux kernel\u0027s create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-20T14:06:15.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2018:3540",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3540"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20190204-0002/"
            },
            {
              "name": "RHSA-2018:2925",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2925"
            },
            {
              "name": "RHSA-2018:3591",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3591"
            },
            {
              "name": "45516",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45516/"
            },
            {
              "name": "USN-3775-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3775-1/"
            },
            {
              "name": "RHSA-2018:2933",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2933"
            },
            {
              "name": "USN-3779-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3779-1/"
            },
            {
              "name": "RHSA-2018:2748",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2748"
            },
            {
              "name": "RHSA-2018:3590",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3590"
            },
            {
              "name": "USN-3775-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3775-2/"
            },
            {
              "name": "RHSA-2018:2763",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2763"
            },
            {
              "name": "105407",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105407"
            },
            {
              "name": "RHSA-2018:2924",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2924"
            },
            {
              "name": "RHSA-2018:3586",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3586"
            },
            {
              "name": "RHSA-2018:3643",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3643"
            },
            {
              "name": "RHSA-2018:2846",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2846"
            },
            {
              "name": "[oss-security] 20180925 Integer overflow in Linux\u0027s create_elf_tables() (CVE-2018-14634)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2018/09/25/4"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K20934447?utm_source=f5support\u0026amp%3Butm_medium=RSS"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2018-14634"
            },
            {
              "name": "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/07/20/2"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2018-14634",
        "datePublished": "2018-09-25T21:00:00.000Z",
        "dateReserved": "2018-07-27T00:00:00.000Z",
        "dateUpdated": "2026-01-27T13:34:52.261Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-5540 (GCVE-0-2018-5540)

    Vulnerability from nvd – Published: 2018-07-19 14:00 – Updated: 2024-09-17 00:36
    VLAI
    Summary
    On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.
    Severity
    No CVSS data available.
    CWE
    • Privilege escalation
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1041340 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K82038789 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/104920 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1041341 vdb-entryx_refsource_SECTRACK
    Date Public
    2018-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:50.601Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1041340",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041340"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K82038789"
              },
              {
                "name": "104920",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104920"
              },
              {
                "name": "1041341",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041341"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP (DNS, GTM)",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0-13.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.3.3"
                },
                {
                  "status": "affected",
                  "version": "11.6.0-11.6.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.5.1-11.5.6"
                }
              ]
            },
            {
              "product": "Enterprise Manager",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                }
              ]
            },
            {
              "product": "BIG-IQ Centralized Management",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.0-5.1.0"
                }
              ]
            },
            {
              "product": "BIG-IQ Cloud and Orchestration",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                }
              ]
            },
            {
              "product": "F5 iWorkflow",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.0-2.3.0"
                }
              ]
            }
          ],
          "datePublic": "2018-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-31T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1041340",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041340"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K82038789"
            },
            {
              "name": "104920",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104920"
            },
            {
              "name": "1041341",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041341"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-07-18T00:00:00",
              "ID": "CVE-2018-5540",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP (DNS, GTM)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0-13.0.1"
                              },
                              {
                                "version_value": "12.1.0-12.1.3.3"
                              },
                              {
                                "version_value": "11.6.0-11.6.3.1"
                              },
                              {
                                "version_value": "11.5.1-11.5.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Enterprise Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IQ Centralized Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.0-5.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IQ Cloud and Orchestration",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "F5 iWorkflow",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.1.0-2.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1041340",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041340"
                },
                {
                  "name": "https://support.f5.com/csp/article/K82038789",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K82038789"
                },
                {
                  "name": "104920",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104920"
                },
                {
                  "name": "1041341",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041341"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-5540",
        "datePublished": "2018-07-19T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:36:23.820Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5516 (GCVE-0-2018-5516)

    Vulnerability from nvd – Published: 2018-05-02 13:00 – Updated: 2024-09-17 02:41
    VLAI
    Summary
    On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.
    Severity
    No CVSS data available.
    CWE
    • Privilege escalation
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K37442533 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040800 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id/1040799 vdb-entryx_refsource_SECTRACK
    Date Public
    2018-04-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:50.596Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K37442533"
              },
              {
                "name": "1040800",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040800"
              },
              {
                "name": "1040799",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040799"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0-13.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.1-11.6.3.1"
                }
              ]
            },
            {
              "product": "Enterprise Manager",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                }
              ]
            },
            {
              "product": "BIG-IQ Centralized Management",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.0-5.4.0"
                },
                {
                  "status": "affected",
                  "version": "4.6.0"
                }
              ]
            },
            {
              "product": "BIG-IQ Cloud and Orchestration",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                }
              ]
            },
            {
              "product": "iWorkflow",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.2-2.3.0"
                }
              ]
            }
          ],
          "datePublic": "2018-04-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-03T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K37442533"
            },
            {
              "name": "1040800",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040800"
            },
            {
              "name": "1040799",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040799"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-04-30T00:00:00",
              "ID": "CVE-2018-5516",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0-13.1.0.5"
                              },
                              {
                                "version_value": "12.1.0-12.1.2"
                              },
                              {
                                "version_value": "11.2.1-11.6.3.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Enterprise Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IQ Centralized Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.0-5.4.0"
                              },
                              {
                                "version_value": "4.6.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IQ Cloud and Orchestration",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iWorkflow",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.0.2-2.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K37442533",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K37442533"
                },
                {
                  "name": "1040800",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040800"
                },
                {
                  "name": "1040799",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040799"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-5516",
        "datePublished": "2018-05-02T13:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:41:51.080Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6128 (GCVE-0-2017-6128)

    Vulnerability from nvd – Published: 2017-05-01 15:00 – Updated: 2024-08-05 15:18
    VLAI
    Summary
    An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.
    Severity
    No CVSS data available.
    CWE
    • sshd is vulnerable to DoS
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1038363 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K92140924 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038362 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WebSafe Affected: varies depending on product - see https://support.f5.com/csp/article/K92140924 for table
    Create a notification for this product.
    F5 Networks, Inc. Enterprise Manager Affected: varies depending on product - see https://support.f5.com/csp/article/K92140924 for table
    Create a notification for this product.
    F5 Networks, Inc. BIG-IQ Cloud, Device, Security, ADC, Centralized Management, Cloud and Orchestration Affected: varies depending on product - see https://support.f5.com/csp/article/K92140924 for table
    Create a notification for this product.
    F5 Networks, Inc. iWorkflow Affected: varies depending on product - see https://support.f5.com/csp/article/K92140924 for table
    Create a notification for this product.
    Date Public
    2017-04-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.772Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038363",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038363"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K92140924"
              },
              {
                "name": "1038362",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038362"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
                }
              ]
            },
            {
              "product": "Enterprise Manager",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
                }
              ]
            },
            {
              "product": "BIG-IQ Cloud, Device, Security, ADC, Centralized Management, Cloud and Orchestration",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
                }
              ]
            },
            {
              "product": "iWorkflow",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
                }
              ]
            }
          ],
          "datePublic": "2017-04-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "sshd is vulnerable to DoS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1038363",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038363"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K92140924"
            },
            {
              "name": "1038362",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038362"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2017-6128",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Enterprise Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IQ Cloud, Device, Security, ADC, Centralized Management, Cloud and Orchestration",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iWorkflow",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "sshd is vulnerable to DoS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038363",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038363"
                },
                {
                  "name": "https://support.f5.com/csp/article/K92140924",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K92140924"
                },
                {
                  "name": "1038362",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038362"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6128",
        "datePublished": "2017-05-01T15:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:18:49.772Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5022 (GCVE-0-2016-5022)

    Vulnerability from nvd – Published: 2016-09-07 19:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.x before 11.2.1 HF16 and 11.3.0; BIG-IP GTM 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1 HF1; BIG-IP PSM 11.2.x before 11.2.1 HF16, 11.3.x, and 11.4.0 through 11.4.1; Enterprise Manager 3.1.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 5.0.0; BIG-IQ Cloud and Orchestration 1.0.0; and iWorkflow 2.0.0, when Packet Filtering is enabled on virtual servers and possibly self IP addresses, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) and possibly have unspecified other impact via crafted network traffic.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036710 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/kb/en-us/solutions/public/… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036709 vdb-entryx_refsource_SECTRACK
    Date Public
    2016-08-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:40.240Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036710",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036710"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/kb/en-us/solutions/public/k/06/sol06045217.html"
              },
              {
                "name": "1036709",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036709"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-08-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.x before 11.2.1 HF16 and 11.3.0; BIG-IP GTM 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1 HF1; BIG-IP PSM 11.2.x before 11.2.1 HF16, 11.3.x, and 11.4.0 through 11.4.1; Enterprise Manager 3.1.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 5.0.0; BIG-IQ Cloud and Orchestration 1.0.0; and iWorkflow 2.0.0, when Packet Filtering is enabled on virtual servers and possibly self IP addresses, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) and possibly have unspecified other impact via crafted network traffic."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-09-07T18:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1036710",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036710"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/kb/en-us/solutions/public/k/06/sol06045217.html"
            },
            {
              "name": "1036709",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036709"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-5022",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.x before 11.2.1 HF16 and 11.3.0; BIG-IP GTM 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1 HF1; BIG-IP PSM 11.2.x before 11.2.1 HF16, 11.3.x, and 11.4.0 through 11.4.1; Enterprise Manager 3.1.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 5.0.0; BIG-IQ Cloud and Orchestration 1.0.0; and iWorkflow 2.0.0, when Packet Filtering is enabled on virtual servers and possibly self IP addresses, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) and possibly have unspecified other impact via crafted network traffic."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036710",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036710"
                },
                {
                  "name": "https://support.f5.com/kb/en-us/solutions/public/k/06/sol06045217.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/kb/en-us/solutions/public/k/06/sol06045217.html"
                },
                {
                  "name": "1036709",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036709"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-5022",
        "datePublished": "2016-09-07T19:00:00.000Z",
        "dateReserved": "2016-05-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:40.240Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5021 (GCVE-0-2016-5021)

    Vulnerability from nvd – Published: 2016-06-24 17:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://support.f5.com/kb/en-us/solutions/public/… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036172 vdb-entryx_refsource_SECTRACK
    Date Public
    2016-06-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:40.222Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454/"
              },
              {
                "name": "1036172",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036172"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-07-22T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454/"
            },
            {
              "name": "1036172",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036172"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-5021",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454/",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454/"
                },
                {
                  "name": "1036172",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036172"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-5021",
        "datePublished": "2016-06-24T17:00:00.000Z",
        "dateReserved": "2016-05-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:40.222Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-8099 (GCVE-0-2015-8099)

    Vulnerability from nvd – Published: 2016-05-13 16:00 – Updated: 2024-08-06 08:13
    VLAI
    Summary
    F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1035873 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/kb/en-us/solutions/public/… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1035874 vdb-entryx_refsource_SECTRACK
    Date Public
    2016-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:13:31.089Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1035873",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035873"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/kb/en-us/solutions/public/k/35/sol35358312.html"
              },
              {
                "name": "1035874",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035874"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-05-13T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1035873",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035873"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/kb/en-us/solutions/public/k/35/sol35358312.html"
            },
            {
              "name": "1035874",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035874"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-8099",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1035873",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035873"
                },
                {
                  "name": "https://support.f5.com/kb/en-us/solutions/public/k/35/sol35358312.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/kb/en-us/solutions/public/k/35/sol35358312.html"
                },
                {
                  "name": "1035874",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035874"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-8099",
        "datePublished": "2016-05-13T16:00:00.000Z",
        "dateReserved": "2015-11-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:13:31.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7393 (GCVE-0-2015-7393)

    Vulnerability from nvd – Published: 2016-01-12 20:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://support.f5.com/kb/en-us/solutions/public/… x_refsource_CONFIRM
    http://securitytracker.com/id/1034632 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id/1034633 vdb-entryx_refsource_SECTRACK
    Date Public
    2016-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:27.284Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/kb/en-us/solutions/public/k/75/sol75136237.html"
              },
              {
                "name": "1034632",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id/1034632"
              },
              {
                "name": "1034633",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034633"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-01-12T19:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/kb/en-us/solutions/public/k/75/sol75136237.html"
            },
            {
              "name": "1034632",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id/1034632"
            },
            {
              "name": "1034633",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034633"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7393",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/kb/en-us/solutions/public/k/75/sol75136237.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/kb/en-us/solutions/public/k/75/sol75136237.html"
                },
                {
                  "name": "1034632",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id/1034632"
                },
                {
                  "name": "1034633",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034633"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7393",
        "datePublished": "2016-01-12T20:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:27.284Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-4047 (GCVE-0-2015-4047)

    Vulnerability from nvd – Published: 2015-05-29 15:00 – Updated: 2024-08-06 06:04
    VLAI
    Summary
    racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-05-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:04:02.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-3272",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3272"
              },
              {
                "name": "20150520 Re: 0-day Denial of Service in IPsec-Tools",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/May/83"
              },
              {
                "name": "FEDORA-2015-8968",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.html"
              },
              {
                "name": "20150519 0-day Denial of Service in IPsec-Tools",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/May/81"
              },
              {
                "name": "FEDORA-2015-8948",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.altsci.com/ipsec/ipsec-tools-sa.html"
              },
              {
                "name": "1032397",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1032397"
              },
              {
                "name": "[oss-security] 20150519 CVE Request: ipsec-tools",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/05/20/1"
              },
              {
                "name": "74739",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74739"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html"
              },
              {
                "name": "USN-2623-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2623-1"
              },
              {
                "name": "[oss-security] 20150521 Re: CVE Request: ipsec-tools",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/05/21/11"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K05013313"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-05-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-26T14:06:07.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "DSA-3272",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3272"
            },
            {
              "name": "20150520 Re: 0-day Denial of Service in IPsec-Tools",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/May/83"
            },
            {
              "name": "FEDORA-2015-8968",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.html"
            },
            {
              "name": "20150519 0-day Denial of Service in IPsec-Tools",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/May/81"
            },
            {
              "name": "FEDORA-2015-8948",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.altsci.com/ipsec/ipsec-tools-sa.html"
            },
            {
              "name": "1032397",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1032397"
            },
            {
              "name": "[oss-security] 20150519 CVE Request: ipsec-tools",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/05/20/1"
            },
            {
              "name": "74739",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74739"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html"
            },
            {
              "name": "USN-2623-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2623-1"
            },
            {
              "name": "[oss-security] 20150521 Re: CVE Request: ipsec-tools",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/05/21/11"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K05013313"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-4047",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-3272",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3272"
                },
                {
                  "name": "20150520 Re: 0-day Denial of Service in IPsec-Tools",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2015/May/83"
                },
                {
                  "name": "FEDORA-2015-8968",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.html"
                },
                {
                  "name": "20150519 0-day Denial of Service in IPsec-Tools",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2015/May/81"
                },
                {
                  "name": "FEDORA-2015-8948",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.html"
                },
                {
                  "name": "https://www.altsci.com/ipsec/ipsec-tools-sa.html",
                  "refsource": "MISC",
                  "url": "https://www.altsci.com/ipsec/ipsec-tools-sa.html"
                },
                {
                  "name": "1032397",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1032397"
                },
                {
                  "name": "[oss-security] 20150519 CVE Request: ipsec-tools",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/05/20/1"
                },
                {
                  "name": "74739",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74739"
                },
                {
                  "name": "http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html"
                },
                {
                  "name": "USN-2623-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2623-1"
                },
                {
                  "name": "[oss-security] 20150521 Re: CVE Request: ipsec-tools",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/05/21/11"
                },
                {
                  "name": "https://support.f5.com/csp/article/K05013313",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K05013313"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-4047",
        "datePublished": "2015-05-29T15:00:00.000Z",
        "dateReserved": "2015-05-20T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:04:02.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0196 (GCVE-0-2014-0196)

    Vulnerability from nvd – Published: 2014-05-07 10:00 – Updated: 2025-10-22 00:05
    VLAI CISA KEVIntel
    Summary
    The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
    SSVC
    Exploitation: active Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2203-1 vendor-advisoryx_refsource_UBUNTU
    http://support.f5.com/kb/en-us/solutions/public/1… x_refsource_CONFIRM
    http://www.osvdb.org/106646 vdb-entryx_refsource_OSVDB
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2014/05/05/6 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/59262 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/USN-2204-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/59218 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/USN-2202-1 vendor-advisoryx_refsource_UBUNTU
    http://www.exploit-db.com/exploits/33516 exploitx_refsource_EXPLOIT-DB
    http://www.debian.org/security/2014/dsa-2928 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-2199-1 vendor-advisoryx_refsource_UBUNTU
    http://linux.oracle.com/errata/ELSA-2014-0771.html x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=1094232 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2197-1 vendor-advisoryx_refsource_UBUNTU
    http://source.android.com/security/bulletin/2016-… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-0512.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/59599 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-2926 vendor-advisoryx_refsource_DEBIAN
    https://github.com/torvalds/linux/commit/4291086b… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://pastebin.com/raw.php?i=yTSFUBgZ x_refsource_MISC
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    http://bugzilla.novell.com/show_bug.cgi?id=875690 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2198-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2200-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2201-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2196-1 vendor-advisoryx_refsource_UBUNTU
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    Date Public
    2014-04-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:05:39.223Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2203-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2203-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html"
              },
              {
                "name": "106646",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/106646"
              },
              {
                "name": "SUSE-SU-2014:0683",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"
              },
              {
                "name": "[oss-security] 20140429 CVE-2014-0196: Linux kernel pty layer race condition memory corruption",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/05/05/6"
              },
              {
                "name": "59262",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59262"
              },
              {
                "name": "USN-2204-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2204-1"
              },
              {
                "name": "59218",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59218"
              },
              {
                "name": "USN-2202-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2202-1"
              },
              {
                "name": "33516",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/33516"
              },
              {
                "name": "DSA-2928",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2928"
              },
              {
                "name": "USN-2199-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2199-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094232"
              },
              {
                "name": "USN-2197-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2197-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://source.android.com/security/bulletin/2016-07-01.html"
              },
              {
                "name": "RHSA-2014:0512",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0512.html"
              },
              {
                "name": "59599",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59599"
              },
              {
                "name": "DSA-2926",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2926"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00"
              },
              {
                "name": "SUSE-SU-2014:0667",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://pastebin.com/raw.php?i=yTSFUBgZ"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugzilla.novell.com/show_bug.cgi?id=875690"
              },
              {
                "name": "USN-2198-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2198-1"
              },
              {
                "name": "USN-2200-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2200-1"
              },
              {
                "name": "USN-2201-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2201-1"
              },
              {
                "name": "USN-2196-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2196-1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2014-0196",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T13:36:55.768079Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2023-05-12",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0196"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-362",
                    "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-22T00:05:37.666Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0196"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2023-05-12T00:00:00.000Z",
                "value": "CVE-2014-0196 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-04-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the \"LECHO \u0026 !OPOST\" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-01-05T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-2203-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2203-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html"
            },
            {
              "name": "106646",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/106646"
            },
            {
              "name": "SUSE-SU-2014:0683",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"
            },
            {
              "name": "[oss-security] 20140429 CVE-2014-0196: Linux kernel pty layer race condition memory corruption",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/05/05/6"
            },
            {
              "name": "59262",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59262"
            },
            {
              "name": "USN-2204-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2204-1"
            },
            {
              "name": "59218",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59218"
            },
            {
              "name": "USN-2202-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2202-1"
            },
            {
              "name": "33516",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/33516"
            },
            {
              "name": "DSA-2928",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2928"
            },
            {
              "name": "USN-2199-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2199-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094232"
            },
            {
              "name": "USN-2197-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2197-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://source.android.com/security/bulletin/2016-07-01.html"
            },
            {
              "name": "RHSA-2014:0512",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0512.html"
            },
            {
              "name": "59599",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59599"
            },
            {
              "name": "DSA-2926",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2926"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00"
            },
            {
              "name": "SUSE-SU-2014:0667",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://pastebin.com/raw.php?i=yTSFUBgZ"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugzilla.novell.com/show_bug.cgi?id=875690"
            },
            {
              "name": "USN-2198-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2198-1"
            },
            {
              "name": "USN-2200-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2200-1"
            },
            {
              "name": "USN-2201-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2201-1"
            },
            {
              "name": "USN-2196-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2196-1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-0196",
        "datePublished": "2014-05-07T10:00:00.000Z",
        "dateReserved": "2013-12-03T00:00:00.000Z",
        "dateUpdated": "2025-10-22T00:05:37.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-5209 (GCVE-0-2014-5209)

    Vulnerability from cvelistv5 – Published: 2020-01-08 00:29 – Updated: 2024-08-06 11:41
    VLAI
    Summary
    An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.
    Severity
    No CVSS data available.
    CWE
    • information disclosure
    Assigner
    Impacted products
    Vendor Product Version
    NTP NTP Affected: 4.2.7p25
    Create a notification for this product.
    Date Public
    2014-08-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:41:47.478Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K44942017"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K44942017?utm_source=f5support\u0026amp%3Butm_medium=RSS"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K44942017"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NTP",
              "vendor": "NTP",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.2.7p25"
                }
              ]
            }
          ],
          "datePublic": "2014-08-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-08T00:31:11.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K44942017"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K44942017?utm_source=f5support\u0026amp%3Butm_medium=RSS"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.f5.com/csp/article/K44942017"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2014-5209",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NTP",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.2.7p25"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NTP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K44942017",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K44942017"
                },
                {
                  "name": "https://support.f5.com/csp/article/K44942017?utm_source=f5support\u0026amp;utm_medium=RSS",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K44942017?utm_source=f5support\u0026amp;utm_medium=RSS"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841"
                },
                {
                  "name": "https://support.f5.com/csp/article/K44942017",
                  "refsource": "MISC",
                  "url": "https://support.f5.com/csp/article/K44942017"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2014-5209",
        "datePublished": "2020-01-08T00:29:42.000Z",
        "dateReserved": "2014-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:41:47.478Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15322 (GCVE-0-2018-15322)

    Vulnerability from cvelistv5 – Published: 2018-10-31 14:00 – Updated: 2024-08-05 09:54
    VLAI
    Summary
    On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action utilises storage space on the /var partition and when performed repeatedly causes the /var partition to be full.
    Severity
    No CVSS data available.
    CWE
    • DoS
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K28003839 x_refsource_CONFIRM
    Date Public
    2018-10-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:54:01.869Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K28003839"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe), BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration, iWorkflow, Enterprise Manager",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, 11.2.1-11.5.6"
                }
              ]
            }
          ],
          "datePublic": "2018-10-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action utilises storage space on the /var partition and when performed repeatedly causes the /var partition to be full."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DoS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-31T13:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K28003839"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2018-15322",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe), BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration, iWorkflow, Enterprise Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, 11.2.1-11.5.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action utilises storage space on the /var partition and when performed repeatedly causes the /var partition to be full."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DoS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K28003839",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K28003839"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-15322",
        "datePublished": "2018-10-31T14:00:00.000Z",
        "dateReserved": "2018-08-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:54:01.869Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15321 (GCVE-0-2018-15321)

    Vulnerability from cvelistv5 – Published: 2018-10-31 14:00 – Updated: 2024-08-05 09:54
    VLAI
    Summary
    When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack.
    Severity
    No CVSS data available.
    CWE
    • Privilege escalation
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K01067037 x_refsource_CONFIRM
    Date Public
    2018-10-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:54:01.880Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K01067037"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration, iWorkflow, Enterprise Manager",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, 11.2.1-11.5.6"
                }
              ]
            }
          ],
          "datePublic": "2018-10-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-31T13:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K01067037"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2018-15321",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration, iWorkflow, Enterprise Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, 11.2.1-11.5.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K01067037",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K01067037"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-15321",
        "datePublished": "2018-10-31T14:00:00.000Z",
        "dateReserved": "2018-08-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:54:01.880Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14634 (GCVE-0-2018-14634)

    Vulnerability from cvelistv5 – Published: 2018-09-25 21:00 – Updated: 2026-01-27 13:34
    VLAI CISA KEVIntel
    Summary
    An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2018:3540 vendor-advisoryx_refsource_REDHAT
    https://security.netapp.com/advisory/ntap-2019020… x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2018:2925 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3591 vendor-advisoryx_refsource_REDHAT
    https://www.exploit-db.com/exploits/45516/ exploitx_refsource_EXPLOIT-DB
    https://usn.ubuntu.com/3775-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2933 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3779-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2748 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3590 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3775-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2763 vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/105407 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2018:2924 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3586 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3643 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2846 vendor-advisoryx_refsource_REDHAT
    https://www.openwall.com/lists/oss-security/2018/… mailing-listx_refsource_MLIST
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
    https://support.f5.com/csp/article/K20934447?utm_… x_refsource_CONFIRM
    https://security.paloaltonetworks.com/CVE-2018-14634 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2021/07/20/2 mailing-listx_refsource_MLIST
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    Impacted products
    Vendor Product Version
    The Linux Foundation kernel Affected: 2.6.x, 3.10.x, 4.14.x
    Create a notification for this product.
    Date Public
    2018-09-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:13.057Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2018:3540",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3540"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20190204-0002/"
              },
              {
                "name": "RHSA-2018:2925",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2925"
              },
              {
                "name": "RHSA-2018:3591",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3591"
              },
              {
                "name": "45516",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45516/"
              },
              {
                "name": "USN-3775-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3775-1/"
              },
              {
                "name": "RHSA-2018:2933",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2933"
              },
              {
                "name": "USN-3779-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3779-1/"
              },
              {
                "name": "RHSA-2018:2748",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2748"
              },
              {
                "name": "RHSA-2018:3590",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3590"
              },
              {
                "name": "USN-3775-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3775-2/"
              },
              {
                "name": "RHSA-2018:2763",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2763"
              },
              {
                "name": "105407",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105407"
              },
              {
                "name": "RHSA-2018:2924",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2924"
              },
              {
                "name": "RHSA-2018:3586",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3586"
              },
              {
                "name": "RHSA-2018:3643",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3643"
              },
              {
                "name": "RHSA-2018:2846",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2846"
              },
              {
                "name": "[oss-security] 20180925 Integer overflow in Linux\u0027s create_elf_tables() (CVE-2018-14634)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2018/09/25/4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K20934447?utm_source=f5support\u0026amp%3Butm_medium=RSS"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2018-14634"
              },
              {
                "name": "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/07/20/2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-14634",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-27T04:55:37.112982Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-01-26",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14634"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-27T13:34:52.261Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14634"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel",
              "vendor": "The Linux Foundation",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6.x, 3.10.x, 4.14.x"
                }
              ]
            }
          ],
          "datePublic": "2018-09-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An integer overflow flaw was found in the Linux kernel\u0027s create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-20T14:06:15.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2018:3540",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3540"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20190204-0002/"
            },
            {
              "name": "RHSA-2018:2925",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2925"
            },
            {
              "name": "RHSA-2018:3591",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3591"
            },
            {
              "name": "45516",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45516/"
            },
            {
              "name": "USN-3775-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3775-1/"
            },
            {
              "name": "RHSA-2018:2933",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2933"
            },
            {
              "name": "USN-3779-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3779-1/"
            },
            {
              "name": "RHSA-2018:2748",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2748"
            },
            {
              "name": "RHSA-2018:3590",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3590"
            },
            {
              "name": "USN-3775-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3775-2/"
            },
            {
              "name": "RHSA-2018:2763",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2763"
            },
            {
              "name": "105407",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105407"
            },
            {
              "name": "RHSA-2018:2924",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2924"
            },
            {
              "name": "RHSA-2018:3586",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3586"
            },
            {
              "name": "RHSA-2018:3643",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3643"
            },
            {
              "name": "RHSA-2018:2846",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2846"
            },
            {
              "name": "[oss-security] 20180925 Integer overflow in Linux\u0027s create_elf_tables() (CVE-2018-14634)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2018/09/25/4"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K20934447?utm_source=f5support\u0026amp%3Butm_medium=RSS"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2018-14634"
            },
            {
              "name": "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/07/20/2"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2018-14634",
        "datePublished": "2018-09-25T21:00:00.000Z",
        "dateReserved": "2018-07-27T00:00:00.000Z",
        "dateUpdated": "2026-01-27T13:34:52.261Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-5540 (GCVE-0-2018-5540)

    Vulnerability from cvelistv5 – Published: 2018-07-19 14:00 – Updated: 2024-09-17 00:36
    VLAI
    Summary
    On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.
    Severity
    No CVSS data available.
    CWE
    • Privilege escalation
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1041340 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K82038789 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/104920 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1041341 vdb-entryx_refsource_SECTRACK
    Date Public
    2018-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:50.601Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1041340",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041340"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K82038789"
              },
              {
                "name": "104920",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104920"
              },
              {
                "name": "1041341",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041341"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP (DNS, GTM)",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0-13.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.3.3"
                },
                {
                  "status": "affected",
                  "version": "11.6.0-11.6.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.5.1-11.5.6"
                }
              ]
            },
            {
              "product": "Enterprise Manager",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                }
              ]
            },
            {
              "product": "BIG-IQ Centralized Management",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.0-5.1.0"
                }
              ]
            },
            {
              "product": "BIG-IQ Cloud and Orchestration",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                }
              ]
            },
            {
              "product": "F5 iWorkflow",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.0-2.3.0"
                }
              ]
            }
          ],
          "datePublic": "2018-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-31T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1041340",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041340"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K82038789"
            },
            {
              "name": "104920",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104920"
            },
            {
              "name": "1041341",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041341"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-07-18T00:00:00",
              "ID": "CVE-2018-5540",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP (DNS, GTM)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0-13.0.1"
                              },
                              {
                                "version_value": "12.1.0-12.1.3.3"
                              },
                              {
                                "version_value": "11.6.0-11.6.3.1"
                              },
                              {
                                "version_value": "11.5.1-11.5.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Enterprise Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IQ Centralized Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.0-5.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IQ Cloud and Orchestration",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "F5 iWorkflow",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.1.0-2.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1041340",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041340"
                },
                {
                  "name": "https://support.f5.com/csp/article/K82038789",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K82038789"
                },
                {
                  "name": "104920",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104920"
                },
                {
                  "name": "1041341",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041341"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-5540",
        "datePublished": "2018-07-19T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:36:23.820Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5516 (GCVE-0-2018-5516)

    Vulnerability from cvelistv5 – Published: 2018-05-02 13:00 – Updated: 2024-09-17 02:41
    VLAI
    Summary
    On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.
    Severity
    No CVSS data available.
    CWE
    • Privilege escalation
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K37442533 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040800 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id/1040799 vdb-entryx_refsource_SECTRACK
    Date Public
    2018-04-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:50.596Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K37442533"
              },
              {
                "name": "1040800",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040800"
              },
              {
                "name": "1040799",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040799"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "13.0.0-13.1.0.5"
                },
                {
                  "status": "affected",
                  "version": "12.1.0-12.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.1-11.6.3.1"
                }
              ]
            },
            {
              "product": "Enterprise Manager",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                }
              ]
            },
            {
              "product": "BIG-IQ Centralized Management",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0.0-5.4.0"
                },
                {
                  "status": "affected",
                  "version": "4.6.0"
                }
              ]
            },
            {
              "product": "BIG-IQ Cloud and Orchestration",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                }
              ]
            },
            {
              "product": "iWorkflow",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.2-2.3.0"
                }
              ]
            }
          ],
          "datePublic": "2018-04-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-03T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K37442533"
            },
            {
              "name": "1040800",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040800"
            },
            {
              "name": "1040799",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040799"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2018-04-30T00:00:00",
              "ID": "CVE-2018-5516",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "13.0.0-13.1.0.5"
                              },
                              {
                                "version_value": "12.1.0-12.1.2"
                              },
                              {
                                "version_value": "11.2.1-11.6.3.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Enterprise Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IQ Centralized Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0.0-5.4.0"
                              },
                              {
                                "version_value": "4.6.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IQ Cloud and Orchestration",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iWorkflow",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.0.2-2.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K37442533",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K37442533"
                },
                {
                  "name": "1040800",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040800"
                },
                {
                  "name": "1040799",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040799"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2018-5516",
        "datePublished": "2018-05-02T13:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:41:51.080Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6128 (GCVE-0-2017-6128)

    Vulnerability from cvelistv5 – Published: 2017-05-01 15:00 – Updated: 2024-08-05 15:18
    VLAI
    Summary
    An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.
    Severity
    No CVSS data available.
    CWE
    • sshd is vulnerable to DoS
    Assigner
    f5
    References
    URL Tags
    http://www.securitytracker.com/id/1038363 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/csp/article/K92140924 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038362 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    F5 Networks, Inc. BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WebSafe Affected: varies depending on product - see https://support.f5.com/csp/article/K92140924 for table
    Create a notification for this product.
    F5 Networks, Inc. Enterprise Manager Affected: varies depending on product - see https://support.f5.com/csp/article/K92140924 for table
    Create a notification for this product.
    F5 Networks, Inc. BIG-IQ Cloud, Device, Security, ADC, Centralized Management, Cloud and Orchestration Affected: varies depending on product - see https://support.f5.com/csp/article/K92140924 for table
    Create a notification for this product.
    F5 Networks, Inc. iWorkflow Affected: varies depending on product - see https://support.f5.com/csp/article/K92140924 for table
    Create a notification for this product.
    Date Public
    2017-04-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.772Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038363",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038363"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K92140924"
              },
              {
                "name": "1038362",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038362"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WebSafe",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
                }
              ]
            },
            {
              "product": "Enterprise Manager",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
                }
              ]
            },
            {
              "product": "BIG-IQ Cloud, Device, Security, ADC, Centralized Management, Cloud and Orchestration",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
                }
              ]
            },
            {
              "product": "iWorkflow",
              "vendor": "F5 Networks, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
                }
              ]
            }
          ],
          "datePublic": "2017-04-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "sshd is vulnerable to DoS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T09:57:01.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "name": "1038363",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038363"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K92140924"
            },
            {
              "name": "1038362",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038362"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2017-6128",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WebSafe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Enterprise Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IQ Cloud, Device, Security, ADC, Centralized Management, Cloud and Orchestration",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iWorkflow",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5 Networks, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "sshd is vulnerable to DoS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038363",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038363"
                },
                {
                  "name": "https://support.f5.com/csp/article/K92140924",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K92140924"
                },
                {
                  "name": "1038362",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038362"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2017-6128",
        "datePublished": "2017-05-01T15:00:00.000Z",
        "dateReserved": "2017-02-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:18:49.772Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5022 (GCVE-0-2016-5022)

    Vulnerability from cvelistv5 – Published: 2016-09-07 19:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.x before 11.2.1 HF16 and 11.3.0; BIG-IP GTM 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1 HF1; BIG-IP PSM 11.2.x before 11.2.1 HF16, 11.3.x, and 11.4.0 through 11.4.1; Enterprise Manager 3.1.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 5.0.0; BIG-IQ Cloud and Orchestration 1.0.0; and iWorkflow 2.0.0, when Packet Filtering is enabled on virtual servers and possibly self IP addresses, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) and possibly have unspecified other impact via crafted network traffic.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036710 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/kb/en-us/solutions/public/… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036709 vdb-entryx_refsource_SECTRACK
    Date Public
    2016-08-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:40.240Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036710",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036710"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/kb/en-us/solutions/public/k/06/sol06045217.html"
              },
              {
                "name": "1036709",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036709"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-08-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.x before 11.2.1 HF16 and 11.3.0; BIG-IP GTM 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1 HF1; BIG-IP PSM 11.2.x before 11.2.1 HF16, 11.3.x, and 11.4.0 through 11.4.1; Enterprise Manager 3.1.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 5.0.0; BIG-IQ Cloud and Orchestration 1.0.0; and iWorkflow 2.0.0, when Packet Filtering is enabled on virtual servers and possibly self IP addresses, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) and possibly have unspecified other impact via crafted network traffic."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-09-07T18:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1036710",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036710"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/kb/en-us/solutions/public/k/06/sol06045217.html"
            },
            {
              "name": "1036709",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036709"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-5022",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.x before 11.2.1 HF16 and 11.3.0; BIG-IP GTM 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1 HF1; BIG-IP PSM 11.2.x before 11.2.1 HF16, 11.3.x, and 11.4.0 through 11.4.1; Enterprise Manager 3.1.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 5.0.0; BIG-IQ Cloud and Orchestration 1.0.0; and iWorkflow 2.0.0, when Packet Filtering is enabled on virtual servers and possibly self IP addresses, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) and possibly have unspecified other impact via crafted network traffic."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036710",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036710"
                },
                {
                  "name": "https://support.f5.com/kb/en-us/solutions/public/k/06/sol06045217.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/kb/en-us/solutions/public/k/06/sol06045217.html"
                },
                {
                  "name": "1036709",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036709"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-5022",
        "datePublished": "2016-09-07T19:00:00.000Z",
        "dateReserved": "2016-05-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:40.240Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5021 (GCVE-0-2016-5021)

    Vulnerability from cvelistv5 – Published: 2016-06-24 17:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://support.f5.com/kb/en-us/solutions/public/… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036172 vdb-entryx_refsource_SECTRACK
    Date Public
    2016-06-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:40.222Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454/"
              },
              {
                "name": "1036172",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036172"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-07-22T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454/"
            },
            {
              "name": "1036172",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036172"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-5021",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454/",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454/"
                },
                {
                  "name": "1036172",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036172"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-5021",
        "datePublished": "2016-06-24T17:00:00.000Z",
        "dateReserved": "2016-05-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:40.222Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-8099 (GCVE-0-2015-8099)

    Vulnerability from cvelistv5 – Published: 2016-05-13 16:00 – Updated: 2024-08-06 08:13
    VLAI
    Summary
    F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1035873 vdb-entryx_refsource_SECTRACK
    https://support.f5.com/kb/en-us/solutions/public/… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1035874 vdb-entryx_refsource_SECTRACK
    Date Public
    2016-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:13:31.089Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1035873",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035873"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/kb/en-us/solutions/public/k/35/sol35358312.html"
              },
              {
                "name": "1035874",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035874"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-05-13T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1035873",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035873"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/kb/en-us/solutions/public/k/35/sol35358312.html"
            },
            {
              "name": "1035874",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035874"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-8099",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1035873",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035873"
                },
                {
                  "name": "https://support.f5.com/kb/en-us/solutions/public/k/35/sol35358312.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/kb/en-us/solutions/public/k/35/sol35358312.html"
                },
                {
                  "name": "1035874",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035874"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-8099",
        "datePublished": "2016-05-13T16:00:00.000Z",
        "dateReserved": "2015-11-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:13:31.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7393 (GCVE-0-2015-7393)

    Vulnerability from cvelistv5 – Published: 2016-01-12 20:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://support.f5.com/kb/en-us/solutions/public/… x_refsource_CONFIRM
    http://securitytracker.com/id/1034632 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id/1034633 vdb-entryx_refsource_SECTRACK
    Date Public
    2016-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:27.284Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/kb/en-us/solutions/public/k/75/sol75136237.html"
              },
              {
                "name": "1034632",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id/1034632"
              },
              {
                "name": "1034633",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034633"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-01-12T19:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/kb/en-us/solutions/public/k/75/sol75136237.html"
            },
            {
              "name": "1034632",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id/1034632"
            },
            {
              "name": "1034633",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034633"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7393",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/kb/en-us/solutions/public/k/75/sol75136237.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/kb/en-us/solutions/public/k/75/sol75136237.html"
                },
                {
                  "name": "1034632",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id/1034632"
                },
                {
                  "name": "1034633",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034633"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7393",
        "datePublished": "2016-01-12T20:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:27.284Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-4047 (GCVE-0-2015-4047)

    Vulnerability from cvelistv5 – Published: 2015-05-29 15:00 – Updated: 2024-08-06 06:04
    VLAI
    Summary
    racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-05-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:04:02.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-3272",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3272"
              },
              {
                "name": "20150520 Re: 0-day Denial of Service in IPsec-Tools",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/May/83"
              },
              {
                "name": "FEDORA-2015-8968",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.html"
              },
              {
                "name": "20150519 0-day Denial of Service in IPsec-Tools",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/May/81"
              },
              {
                "name": "FEDORA-2015-8948",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.altsci.com/ipsec/ipsec-tools-sa.html"
              },
              {
                "name": "1032397",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1032397"
              },
              {
                "name": "[oss-security] 20150519 CVE Request: ipsec-tools",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/05/20/1"
              },
              {
                "name": "74739",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74739"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html"
              },
              {
                "name": "USN-2623-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2623-1"
              },
              {
                "name": "[oss-security] 20150521 Re: CVE Request: ipsec-tools",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/05/21/11"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K05013313"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-05-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-26T14:06:07.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "DSA-3272",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3272"
            },
            {
              "name": "20150520 Re: 0-day Denial of Service in IPsec-Tools",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/May/83"
            },
            {
              "name": "FEDORA-2015-8968",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.html"
            },
            {
              "name": "20150519 0-day Denial of Service in IPsec-Tools",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/May/81"
            },
            {
              "name": "FEDORA-2015-8948",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.altsci.com/ipsec/ipsec-tools-sa.html"
            },
            {
              "name": "1032397",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1032397"
            },
            {
              "name": "[oss-security] 20150519 CVE Request: ipsec-tools",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/05/20/1"
            },
            {
              "name": "74739",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74739"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html"
            },
            {
              "name": "USN-2623-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2623-1"
            },
            {
              "name": "[oss-security] 20150521 Re: CVE Request: ipsec-tools",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/05/21/11"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K05013313"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-4047",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-3272",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3272"
                },
                {
                  "name": "20150520 Re: 0-day Denial of Service in IPsec-Tools",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2015/May/83"
                },
                {
                  "name": "FEDORA-2015-8968",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.html"
                },
                {
                  "name": "20150519 0-day Denial of Service in IPsec-Tools",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2015/May/81"
                },
                {
                  "name": "FEDORA-2015-8948",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.html"
                },
                {
                  "name": "https://www.altsci.com/ipsec/ipsec-tools-sa.html",
                  "refsource": "MISC",
                  "url": "https://www.altsci.com/ipsec/ipsec-tools-sa.html"
                },
                {
                  "name": "1032397",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1032397"
                },
                {
                  "name": "[oss-security] 20150519 CVE Request: ipsec-tools",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/05/20/1"
                },
                {
                  "name": "74739",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74739"
                },
                {
                  "name": "http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html"
                },
                {
                  "name": "USN-2623-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2623-1"
                },
                {
                  "name": "[oss-security] 20150521 Re: CVE Request: ipsec-tools",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/05/21/11"
                },
                {
                  "name": "https://support.f5.com/csp/article/K05013313",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K05013313"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-4047",
        "datePublished": "2015-05-29T15:00:00.000Z",
        "dateReserved": "2015-05-20T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:04:02.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0196 (GCVE-0-2014-0196)

    Vulnerability from cvelistv5 – Published: 2014-05-07 10:00 – Updated: 2025-10-22 00:05
    VLAI CISA KEVIntel
    Summary
    The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
    SSVC
    Exploitation: active Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2203-1 vendor-advisoryx_refsource_UBUNTU
    http://support.f5.com/kb/en-us/solutions/public/1… x_refsource_CONFIRM
    http://www.osvdb.org/106646 vdb-entryx_refsource_OSVDB
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2014/05/05/6 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/59262 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/USN-2204-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/59218 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/USN-2202-1 vendor-advisoryx_refsource_UBUNTU
    http://www.exploit-db.com/exploits/33516 exploitx_refsource_EXPLOIT-DB
    http://www.debian.org/security/2014/dsa-2928 vendor-advisoryx_refsource_DEBIAN
    http://www.ubuntu.com/usn/USN-2199-1 vendor-advisoryx_refsource_UBUNTU
    http://linux.oracle.com/errata/ELSA-2014-0771.html x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=1094232 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2197-1 vendor-advisoryx_refsource_UBUNTU
    http://source.android.com/security/bulletin/2016-… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-0512.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/59599 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-2926 vendor-advisoryx_refsource_DEBIAN
    https://github.com/torvalds/linux/commit/4291086b… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://pastebin.com/raw.php?i=yTSFUBgZ x_refsource_MISC
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    http://bugzilla.novell.com/show_bug.cgi?id=875690 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2198-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2200-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2201-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2196-1 vendor-advisoryx_refsource_UBUNTU
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    Date Public
    2014-04-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:05:39.223Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2203-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2203-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html"
              },
              {
                "name": "106646",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/106646"
              },
              {
                "name": "SUSE-SU-2014:0683",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"
              },
              {
                "name": "[oss-security] 20140429 CVE-2014-0196: Linux kernel pty layer race condition memory corruption",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/05/05/6"
              },
              {
                "name": "59262",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59262"
              },
              {
                "name": "USN-2204-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2204-1"
              },
              {
                "name": "59218",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59218"
              },
              {
                "name": "USN-2202-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2202-1"
              },
              {
                "name": "33516",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/33516"
              },
              {
                "name": "DSA-2928",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2928"
              },
              {
                "name": "USN-2199-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2199-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094232"
              },
              {
                "name": "USN-2197-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2197-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://source.android.com/security/bulletin/2016-07-01.html"
              },
              {
                "name": "RHSA-2014:0512",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0512.html"
              },
              {
                "name": "59599",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59599"
              },
              {
                "name": "DSA-2926",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2926"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00"
              },
              {
                "name": "SUSE-SU-2014:0667",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://pastebin.com/raw.php?i=yTSFUBgZ"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugzilla.novell.com/show_bug.cgi?id=875690"
              },
              {
                "name": "USN-2198-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2198-1"
              },
              {
                "name": "USN-2200-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2200-1"
              },
              {
                "name": "USN-2201-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2201-1"
              },
              {
                "name": "USN-2196-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2196-1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2014-0196",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T13:36:55.768079Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2023-05-12",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0196"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-362",
                    "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-22T00:05:37.666Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0196"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2023-05-12T00:00:00.000Z",
                "value": "CVE-2014-0196 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-04-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the \"LECHO \u0026 !OPOST\" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-01-05T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-2203-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2203-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html"
            },
            {
              "name": "106646",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/106646"
            },
            {
              "name": "SUSE-SU-2014:0683",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"
            },
            {
              "name": "[oss-security] 20140429 CVE-2014-0196: Linux kernel pty layer race condition memory corruption",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/05/05/6"
            },
            {
              "name": "59262",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59262"
            },
            {
              "name": "USN-2204-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2204-1"
            },
            {
              "name": "59218",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59218"
            },
            {
              "name": "USN-2202-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2202-1"
            },
            {
              "name": "33516",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/33516"
            },
            {
              "name": "DSA-2928",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2928"
            },
            {
              "name": "USN-2199-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2199-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094232"
            },
            {
              "name": "USN-2197-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2197-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://source.android.com/security/bulletin/2016-07-01.html"
            },
            {
              "name": "RHSA-2014:0512",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0512.html"
            },
            {
              "name": "59599",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59599"
            },
            {
              "name": "DSA-2926",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2926"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00"
            },
            {
              "name": "SUSE-SU-2014:0667",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://pastebin.com/raw.php?i=yTSFUBgZ"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugzilla.novell.com/show_bug.cgi?id=875690"
            },
            {
              "name": "USN-2198-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2198-1"
            },
            {
              "name": "USN-2200-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2200-1"
            },
            {
              "name": "USN-2201-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2201-1"
            },
            {
              "name": "USN-2196-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2196-1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-0196",
        "datePublished": "2014-05-07T10:00:00.000Z",
        "dateReserved": "2013-12-03T00:00:00.000Z",
        "dateUpdated": "2025-10-22T00:05:37.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }