big-ip domain name system vulnerabilities and exploits

4
CVSSv2
CVE-2014-2522

curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL...

7.5
CVSSv2
CVE-2002-0651

Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers....

IscBind
5
CVSSv2
CVE-2002-0400

ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka...

NA
CVE-2013-2574

FOSCAM IP-Cameras CVE-2013-2574 Unauthorized Access Vulnerabilities...

NA
CVE-2013-25743

Core Security Technologies Advisory - Due to improper access restrictions, the FOSCAM FI8620 device allows a remote attacker the ability to browse and access arbitrary files from the directories '/tmpfs/' and '/log/' without requiring authentication. This...

NA
CVE-2015-00053

Core Security Technologies Advisory - The Microsoft Netlogon Remote Protocol is a remote procedure call (RPC) interface that is used, among other things, for user and machine authentication on domain-based networks. In a scenario where a client machine connects to a...

4.3
CVSSv2
CVE-2015-0005

The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain...

4.3
CVSSv2
CVE-2019-9596

Darktrace Enterprise Immune System before 3.1 allows CSRF via the /whitelisteddomains endpoint....

DarktraceEnterprise Immune System
4.3
CVSSv2
CVE-2019-9597

Darktrace Enterprise Immune System before 3.1 allows CSRF via the /config endpoint....

DarktraceEnterprise Immune System
NA
CVE-2019-95973

Darktrace Enterprise Immune System versions 3.0.9 and 3.0.10 contain multiple cross site request forgery vulnerabilities. It is highly likely that older versions are affected as well, but this has not been confirmed. An attacker can whitelist domains and/or change core Darktrace...