CVE-2015-8240
published 2016-04-11CVE-2015-8240: The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 11.4.1 HF10, 11.5.x…
high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.0 HF6 and BIG-IP PSM before 11.4.1 HF10 does not properly handle TCP options, which allows remote attackers to cause a denial of service via unspecified vectors, related to the tm.minpathmtu database variable.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | big-ip_access_policy_manager | — | — |
| f5 | big-ip_access_policy_manager | — | — |
| f5 | big-ip_access_policy_manager | — | — |
| f5 | big-ip_advanced_firewall_manager | — | — |
| f5 | big-ip_advanced_firewall_manager | — | — |
| f5 | big-ip_advanced_firewall_manager | — | — |
| f5 | big-ip_analytics | — | — |
| f5 | big-ip_analytics | — | — |
| f5 | big-ip_analytics | — | — |
| f5 | big-ip_application_acceleration_manager | — | — |
| f5 | big-ip_application_acceleration_manager | — | — |
| f5 | big-ip_application_acceleration_manager | — | — |
| f5 | big-ip_application_security_manager | — | — |
| f5 | big-ip_application_security_manager | — | — |
| f5 | big-ip_application_security_manager | — | — |
| f5 | big-ip_global_traffic_manager | — | — |
| f5 | big-ip_global_traffic_manager | — | — |
| f5 | big-ip_global_traffic_manager | — | — |
| f5 | big-ip_link_controller | — | — |
| f5 | big-ip_link_controller | — | — |
| f5 | big-ip_link_controller | — | — |
| f5 | big-ip_local_traffic_manager | — | — |
| f5 | big-ip_local_traffic_manager | — | — |
| f5 | big-ip_local_traffic_manager | — | — |
| f5 | big-ip_policy_enforcement_manager | — | — |
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-6908 openldap: ber_get_next denial of service vulnerability
bugzilla·2015-09-11·CVSS 5.0
CVE-2015-6908 [MEDIUM] CVE-2015-6908 openldap: ber_get_next denial of service vulnerability
CVE-2015-6908 openldap: ber_get_next denial of service vulnerability
A flaw was found in the way the OpenLDAP server daemon (slapd) parsed certain BER data. A remote attacker could use this flaw to crash slapd via a specially crafted packet.
Upstream advisory (including a reproducer):
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240
Upstream patch:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
CVE assignment request:
http://seclists.org/oss-sec/2015/q3/535
Discussion:
Created openldap tracking bugs for this issue:
Affects: fedora-all [bug 1262396]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Via RHSA-20
Bugzilla
CVE-2014-8240 tigervnc: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling
bugzilla·2014-10-10·CVSS 7.5
CVE-2014-8240 [HIGH] CVE-2014-8240 tigervnc: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling
CVE-2014-8240 tigervnc: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling
This issue was discovered by Tim Waugh of Red Hat. Tigervnc is affected by same thing as in CVE-2014-6051. Integer overflaw leading to a heap-based buffer overflow was found in the way screen sizes were handled. A Malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code on the client.
Discussion:
Created attachment 947578
tigervnc-1.3.1-CVE-2014-8240.patch (proposed 1.3.1 patch)
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2015:2233 https://rhn.redhat.com/errata/RHSA-2015-2233.html
---
Statement:
This issue affects the version of tigervnc as shipped with Red Hat Enterpr
2016-04-11
Published