CVSS: 8.1EPSS: 0%CPEs: 39EXPL: 0CVE-2018-5542
https://notcve.org/view.php?id=CVE-2018-5542
25 Jul 2018 — F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server. Los monitores de salud HTTPS F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6 o 11.2.1-11.6.3.2 no validan la identidad del servidor monitorizado. • https://support.f5.com/csp/article/K05112543 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 52EXPL: 0CVE-2018-5531
https://notcve.org/view.php?id=CVE-2018-5531
25 Jul 2018 — Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6, adjacent network attackers can cause a denial of service for VCMP guest and host systems. Attack must be sourced from adjacent network (layer 2). Mediante métodos sin revelar, en on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1 o 11.2.1-11.5.6, los atacantes de red adyacentes pueden provocar una denegación de servicio (DoS) para los sistemas invitado y host VCMP. El ataque debe origin... • https://support.f5.com/csp/article/K64721111 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2018-5530
https://notcve.org/view.php?id=CVE-2018-5530
25 Jul 2018 — F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb". Los servidores virtuales F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5 o 11.6.0-11.6.3.1 con perfiles HTTP/2 habilitados son vulnerables a "HPACK Bomb". • http://www.securityfocus.com/bid/104908 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 52EXPL: 0CVE-2018-5532
https://notcve.org/view.php?id=CVE-2018-5532
19 Jul 2018 — On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name. En F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1 o 11.2.1-11.5.6, un nombre de dominio cacheado con la DNS Cache de TMM podría ser resuelto por la caché incluso después de que el servidor padre revoque el registro, siempre y cua... • http://www.securitytracker.com/id/1041345 •
CVSS: 7.5EPSS: 0%CPEs: 52EXPL: 0CVE-2018-5533
https://notcve.org/view.php?id=CVE-2018-5533
19 Jul 2018 — Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. Bajo ciertas condiciones en F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1 o 11.5.0-11.5.6, TMM podría realizar un "core" al procesar tráfico SSL forward proxy. • http://www.securitytracker.com/id/1041342 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2018-5534
https://notcve.org/view.php?id=CVE-2018-5534
19 Jul 2018 — Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. Bajo ciertas condiciones en F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1 o 11.5.0-11.5.6, TMM podría realizar un "core" al procesar tráfico SSL forward proxy. • http://www.securitytracker.com/id/1041343 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 52EXPL: 0CVE-2018-5535
https://notcve.org/view.php?id=CVE-2018-5535
19 Jul 2018 — On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of Service. En F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3 o 11.5.1-11.6.3, las respuestas HTTP específicamente manipuladas, al ser procesadas por un servidor virtual con un perfil QoE asociado que tiene el vídeo ha... • http://www.securitytracker.com/id/1041344 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 92EXPL: 1CVE-2018-13405 – Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass
https://notcve.org/view.php?id=CVE-2018-13405
06 Jul 2018 — The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non... • https://www.exploit-db.com/exploits/45033 • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-5527
https://notcve.org/view.php?id=CVE-2018-5527
27 Jun 2018 — On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel (tmm) to leak memory. As a result, system memory usage increases over time, which may eventually cause a decrease in performance or a system reboot due to memory exhaustion. En BIG-IP 13.1.0-13.1.0.7, un atacante remoto que emplea métodos no revelados contra servidores virt... • http://www.securitytracker.com/id/1041196 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2018-5513
https://notcve.org/view.php?id=CVE-2018-5513
01 Jun 2018 — On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue. En F5 BIG-IP, 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5 o en la versión 11.2.1, un handshake TLS mal formado hace que TMM se cierre inesperadamente, lo que conduce a ... • http://www.securitytracker.com/id/1041017 • CWE-20: Improper Input Validation •