| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
|
When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
|
An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration.
|
| An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers. |
| In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed |
| In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed |
| In enginnermode service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed |
| In power manager, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed |
| In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed |
| In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed |
| In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed |
| In engineermode service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed |
| In telocom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed |
| In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In telephony service, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed |
| In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
| In IMS service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
