CVSS: 5.5EPSS: 0%CPEs: 70EXPL: 0CVE-2018-15321
https://notcve.org/view.php?id=CVE-2018-15321
31 Oct 2018 — When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place... • https://support.f5.com/csp/article/K01067037 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 71EXPL: 0CVE-2018-15322
https://notcve.org/view.php?id=CVE-2018-15322
31 Oct 2018 — On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This actio... • https://support.f5.com/csp/article/K28003839 •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2016-7475
https://notcve.org/view.php?id=CVE-2016-7475
08 Oct 2018 — Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles. En algunas circunstancias en BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1 o 11.4.0-11.5.4 HF1, Traffic Management Microkernel (TMM) podría no limpiar correctamente las conexiones de red de miembros del grupo al emplear los perfiles del servidor virtual SPDY o HTTP/2. • https://support.f5.com/csp/article/K01587042 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 52EXPL: 0CVE-2018-5531
https://notcve.org/view.php?id=CVE-2018-5531
25 Jul 2018 — Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6, adjacent network attackers can cause a denial of service for VCMP guest and host systems. Attack must be sourced from adjacent network (layer 2). Mediante métodos sin revelar, en on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1 o 11.2.1-11.5.6, los atacantes de red adyacentes pueden provocar una denegación de servicio (DoS) para los sistemas invitado y host VCMP. El ataque debe origin... • https://support.f5.com/csp/article/K64721111 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 40EXPL: 0CVE-2018-5537
https://notcve.org/view.php?id=CVE-2018-5537
25 Jul 2018 — A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end. Un atacante remoto podría ser capaz de interrumpir los servicios en F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1 o 11.2.1-11.5.6 si el servidor virtual TMM está configurado con un perfil HTML o Rewrite. ... • https://support.f5.com/csp/article/K94105051 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 39EXPL: 0CVE-2018-5542
https://notcve.org/view.php?id=CVE-2018-5542
25 Jul 2018 — F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server. Los monitores de salud HTTPS F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6 o 11.2.1-11.6.3.2 no validan la identidad del servidor monitorizado. • https://support.f5.com/csp/article/K05112543 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 52EXPL: 0CVE-2018-5532
https://notcve.org/view.php?id=CVE-2018-5532
19 Jul 2018 — On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name. En F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1 o 11.2.1-11.5.6, un nombre de dominio cacheado con la DNS Cache de TMM podría ser resuelto por la caché incluso después de que el servidor padre revoque el registro, siempre y cua... • http://www.securitytracker.com/id/1041345 •
CVSS: 7.5EPSS: 0%CPEs: 52EXPL: 0CVE-2018-5533
https://notcve.org/view.php?id=CVE-2018-5533
19 Jul 2018 — Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. Bajo ciertas condiciones en F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1 o 11.5.0-11.5.6, TMM podría realizar un "core" al procesar tráfico SSL forward proxy. • http://www.securitytracker.com/id/1041342 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2018-5534
https://notcve.org/view.php?id=CVE-2018-5534
19 Jul 2018 — Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. Bajo ciertas condiciones en F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1 o 11.5.0-11.5.6, TMM podría realizar un "core" al procesar tráfico SSL forward proxy. • http://www.securitytracker.com/id/1041343 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 52EXPL: 0CVE-2018-5535
https://notcve.org/view.php?id=CVE-2018-5535
19 Jul 2018 — On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of Service. En F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3 o 11.5.1-11.6.3, las respuestas HTTP específicamente manipuladas, al ser procesadas por un servidor virtual con un perfil QoE asociado que tiene el vídeo ha... • http://www.securitytracker.com/id/1041344 • CWE-20: Improper Input Validation •