CVSS: 7.5EPSS: 0%CPEs: 52EXPL: 0CVE-2018-5535
https://notcve.org/view.php?id=CVE-2018-5535
19 Jul 2018 — On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of Service. En F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3 o 11.5.1-11.6.3, las respuestas HTTP específicamente manipuladas, al ser procesadas por un servidor virtual con un perfil QoE asociado que tiene el vídeo ha... • http://www.securitytracker.com/id/1041344 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2018-5534
https://notcve.org/view.php?id=CVE-2018-5534
19 Jul 2018 — Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. Bajo ciertas condiciones en F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1 o 11.5.0-11.5.6, TMM podría realizar un "core" al procesar tráfico SSL forward proxy. • http://www.securitytracker.com/id/1041343 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 92EXPL: 1CVE-2018-13405 – Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass
https://notcve.org/view.php?id=CVE-2018-13405
06 Jul 2018 — The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non... • https://www.exploit-db.com/exploits/45033 • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-5527
https://notcve.org/view.php?id=CVE-2018-5527
27 Jun 2018 — On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel (tmm) to leak memory. As a result, system memory usage increases over time, which may eventually cause a decrease in performance or a system reboot due to memory exhaustion. En BIG-IP 13.1.0-13.1.0.7, un atacante remoto que emplea métodos no revelados contra servidores virt... • http://www.securitytracker.com/id/1041196 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2018-5513
https://notcve.org/view.php?id=CVE-2018-5513
01 Jun 2018 — On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue. En F5 BIG-IP, 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5 o en la versión 11.2.1, un handshake TLS mal formado hace que TMM se cierre inesperadamente, lo que conduce a ... • http://www.securitytracker.com/id/1041017 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 79EXPL: 0CVE-2018-5523
https://notcve.org/view.php?id=CVE-2018-5523
01 Jun 2018 — On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. En F5 BIG-IP, de la versión 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5 o 11.2.1 y Enterprise Manager 3.1.1, cuando los usuarios administrativos a... • http://www.securitytracker.com/id/1041022 •
CVSS: 4.3EPSS: 0%CPEs: 53EXPL: 0CVE-2018-5525
https://notcve.org/view.php?id=CVE-2018-5525
01 Jun 2018 — A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data. Existe una vulnerabilidad de archivos locales en la utilidad de configuración de F5 BIG-IP en las versiones 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5 o 11.2.1 que solo incluye datos proporcion... • http://www.securitytracker.com/id/1041018 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 78EXPL: 0CVE-2017-6153
https://notcve.org/view.php?id=CVE-2017-6153
01 Jun 2018 — Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack. Las características en el sistema F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5 o 11.2.1 que emplean directamente la funcionalidad inflate, mediante un iRule o mediante el código inflate del módulo PEM están sujetos... • http://www.securitytracker.com/id/1041024 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-5512
https://notcve.org/view.php?id=CVE-2018-5512
02 May 2018 — On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN cookies are enabled (default settings), undisclosed traffic patterns may cause TMM to restart. En F5 BIG-IP 13.1.0-13.1.0.5, cuando las cookies Large Receive Offload (LRO) y SYN están habilitadas (configuración por defecto), los patrones de tráfico no revelados pueden hacer que TMM se reinicie. • http://www.securityfocus.com/bid/104095 •
CVSS: 4.7EPSS: 0%CPEs: 44EXPL: 0CVE-2018-5516
https://notcve.org/view.php?id=CVE-2018-5516
02 May 2018 — On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed. En F5 BIG-IP 13.0.0-13.1.0.5... • http://www.securitytracker.com/id/1040799 • CWE-732: Incorrect Permission Assignment for Critical Resource •