Filtered by vendor F5 Subscriptions
Filtered by product Traffix Signaling Delivery Controller Subscriptions
Total 30 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-14879 7 Apple, Debian, F5 and 4 more 7 Mac Os X, Debian Linux, Traffix Signaling Delivery Controller and 4 more 2024-11-21 7.0 High
The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().
CVE-2018-14469 7 Apple, Debian, F5 and 4 more 7 Mac Os X, Debian Linux, Traffix Signaling Delivery Controller and 4 more 2024-11-21 7.5 High
The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
CVE-2018-14468 7 Apple, Debian, F5 and 4 more 23 Mac Os X, Debian Linux, Big-ip Access Policy Manager and 20 more 2024-11-21 7.5 High
The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
CVE-2018-14465 7 Apple, Debian, F5 and 4 more 7 Mac Os X, Debian Linux, Traffix Signaling Delivery Controller and 4 more 2024-11-21 7.5 High
The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
CVE-2018-14463 7 Apple, Debian, F5 and 4 more 7 Mac Os X, Debian Linux, Traffix Signaling Delivery Controller and 4 more 2024-11-21 7.5 High
The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.
CVE-2018-14462 7 Apple, Debian, F5 and 4 more 7 Mac Os X, Debian Linux, Traffix Signaling Delivery Controller and 4 more 2024-11-21 7.5 High
The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
CVE-2015-5738 2 F5, Marvell 5 Traffix Signaling Delivery Controller, Octeon Ii Cn6000, Octeon Ii Cn6010 and 2 more 2024-11-21 7.5 High
The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.
CVE-2014-7169 17 Apple, Arista, Canonical and 14 more 90 Mac Os X, Eos, Ubuntu Linux and 87 more 2024-11-21 9.8 Critical
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
CVE-2014-6271 17 Apple, Arista, Canonical and 14 more 90 Mac Os X, Eos, Ubuntu Linux and 87 more 2024-11-21 9.8 Critical
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVE-2002-20001 6 Balasys, F5, Hpe and 3 more 49 Dheater, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 46 more 2024-11-20 7.5 High
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.