CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-15310
https://notcve.org/view.php?id=CVE-2018-15310
13 Sep 2018 — A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP software version in rewritten pages. Una vulnerabilidad en el acceso al portal de BIG-IP APM 11.5.1-11.5.7, 11.6.0-11.6.3 y 12.1.0-12.1.3 revela la versión de software de BIG-IP en las páginas reescritas. • https://support.f5.com/csp/article/K40625021 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-5549
https://notcve.org/view.php?id=CVE-2018-5549
13 Sep 2018 — On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and 13.1.0-13.1.0.3, APMD may core when processing SAML Assertion or response containing certain elements. En BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0 y 13.1.0-13.1.0.3, APMD podría entrar en "core" al procesar una aserción SAML o una respuesta que contiene ciertos elementos. • http://www.securityfocus.com/bid/105345 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2018-5546
https://notcve.org/view.php?id=CVE-2018-5546
17 Aug 2018 — The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host. Los componentes svpn y policyserver del cliente F5 BIG-IP APM en versiones anteriores a la 7.1.7.1 para Linu... • http://www.securitytracker.com/id/1041510 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 1%CPEs: 152EXPL: 0CVE-2018-5391 – The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets
https://notcve.org/view.php?id=CVE-2018-5391
14 Aug 2018 — The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. El kernel de Linux en versio... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 13%CPEs: 127EXPL: 0CVE-2018-5390 – Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service
https://notcve.org/view.php?id=CVE-2018-5390
06 Aug 2018 — Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. El kernel de Linux en versiones 4.9 y siguientes pueden forzarse a realizar llamadas muy caras a tcp_collapse_ofo_queue() y tcp_prune_ofo_queue() para cada paquete entrante, lo que puede conducir a una denegación de servicio. A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP pac... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2018-5544
https://notcve.org/view.php?id=CVE-2018-5544
31 Jul 2018 — When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain pages (pages with a logon agent or a confirm box), the BIG-IP APM may disclose configuration information such as partition and agent names via URI parameters. Cuando F5 BIG-IP APM 13.0.0-13.1.1 o 12.1.0-12.1.3 renderiza ciertas páginas (páginas con un agente logon o una caja de confirmación), BIG-IP APM podría divulgar información de configuración como los nombres de partición y de agente mediante parámetros del URI. • http://www.securityfocus.com/bid/104932 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2018-5530
https://notcve.org/view.php?id=CVE-2018-5530
25 Jul 2018 — F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb". Los servidores virtuales F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5 o 11.6.0-11.6.3.1 con perfiles HTTP/2 habilitados son vulnerables a "HPACK Bomb". • http://www.securityfocus.com/bid/104908 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.4EPSS: 0%CPEs: 52EXPL: 0CVE-2018-5531
https://notcve.org/view.php?id=CVE-2018-5531
25 Jul 2018 — Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6, adjacent network attackers can cause a denial of service for VCMP guest and host systems. Attack must be sourced from adjacent network (layer 2). Mediante métodos sin revelar, en on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1 o 11.2.1-11.5.6, los atacantes de red adyacentes pueden provocar una denegación de servicio (DoS) para los sistemas invitado y host VCMP. El ataque debe origin... • https://support.f5.com/csp/article/K64721111 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2018-5536
https://notcve.org/view.php?id=CVE-2018-5536
25 Jul 2018 — A remote attacker via undisclosed measures, may be able to exploit an F5 BIG-IP APM 13.0.0-13.1.0.7 or 12.1.0-12.1.3.5 virtual server configured with an APM per-request policy object and cause a memory leak in the APM module. Mediante métodos sin revelar, un atacante remoto podría ser capaz de explotar un servidor virtual F5 BIG-IP APM 13.0.0-13.1.0.7 o 12.1.0-12.1.3.5 con un objeto de política per-request APM y provocar una fuga de memoria en el módulo APM. • http://www.securityfocus.com/bid/104922 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.3EPSS: 0%CPEs: 40EXPL: 0CVE-2018-5537
https://notcve.org/view.php?id=CVE-2018-5537
25 Jul 2018 — A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end. Un atacante remoto podría ser capaz de interrumpir los servicios en F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1 o 11.2.1-11.5.6 si el servidor virtual TMM está configurado con un perfil HTML o Rewrite. ... • https://support.f5.com/csp/article/K94105051 • CWE-20: Improper Input Validation •