CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2018-5514
https://notcve.org/view.php?id=CVE-2018-5514
02 May 2018 — On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue. En F5 BIG-IP 13.1.0-13.1.0.5, los frames de petición HTTP/2 maliciosamente manipulados pueden conducir a una denegación de servicio (DoS). Hay una exposición del plano de datos para los servidores virtuales cuando el perfil HTTP2 está habilitado. • http://www.securityfocus.com/bid/104097 • CWE-20: Improper Input Validation •
CVSS: 6.3EPSS: 0%CPEs: 13EXPL: 0CVE-2018-5515
https://notcve.org/view.php?id=CVE-2018-5515
02 May 2018 — On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event. En F5 BIG-IP 13.0.0-13.1.0.5, el uso de respuestas de autenticación RADIUS de un servidor RADIUS con direcciones IPv6 podría hacer que TMM se cerrase inesperadamente, lo que conduce a un evento de conmutación por error. • http://www.securityfocus.com/bid/104099 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 0CVE-2018-5519
https://notcve.org/view.php?id=CVE-2018-5519
02 May 2018 — On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended. En F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3 o 11.2.1-11.6.3.1, los usuarios administrativos pueden explotar la utilidad ssldump por medio de métodos no revelados par... • http://www.securitytracker.com/id/1040803 •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2018-5517
https://notcve.org/view.php?id=CVE-2018-5517
02 May 2018 — On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs. En F5 BIG-IP 13.1.0-13.1.0.5, los paquetes TCP mal formados enviados a una dirección IP propia o a un servidor virtual FastL4 podrían provocar una interrupción en el servicio. El plano de control no se ha visto expuesto a este problema. • http://www.securitytracker.com/id/1040805 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 26EXPL: 0CVE-2018-5518
https://notcve.org/view.php?id=CVE-2018-5518
02 May 2018 — On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in "host-only" or "bridged" mode. VCMP guests which are "isolated" are not impacted by this issue and do not provide mechanism to exploit the vuln... • http://www.securitytracker.com/id/1040797 •
CVSS: 4.4EPSS: 0%CPEs: 39EXPL: 0CVE-2018-5520
https://notcve.org/view.php?id=CVE-2018-5520
02 May 2018 — On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources. En un sistema F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1 o 11.2.1-11.6.3.1 configurado en modo Appliance, TMOS Shell (tmsh) podría permitir que un usuario administrativo emplee la utilidad dig para obtener acceso no autorizado a los recursos del sistema de archivos. • http://www.securitytracker.com/id/1040798 • CWE-863: Incorrect Authorization •
CVSS: 7.2EPSS: 2%CPEs: 30EXPL: 2CVE-2018-5511 – VMware Workstation 14.1.5 / VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-5511
13 Apr 2018 — On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. En F5 BIG-IP, de la versión 13.1.0 a la 13.1.0.3 o en la versión 13.0.0, cuando los usuarios administrativos autenticados ejecutan comandos en el TMUI (Traffic Management User Interface), también llamado utilidad BIG-IP Configuration, podrían no aplicarse la... • https://packetstorm.news/files/id/152213 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5505
https://notcve.org/view.php?id=CVE-2018-5505
22 Mar 2018 — On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both provisioned, TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol setting is set to TCP. Desde la versión 13.0.0 hasta la 13.1.0.3 de F5 BIG-IP, cuando se proporciona tanto ASM como AVR, TMM podría reiniciarse al procesar peticiones DNS cuando el servidor virtual está configurado con un perfil DNS y la opción Protocol está marcada como TCP. • http://www.securityfocus.com/bid/103505 •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2018-5502
https://notcve.org/view.php?id=CVE-2018-5502
22 Mar 2018 — On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure. Desde la versión 13.0.0 hasta la 13.1.0.3 de F5 BIG-IP, los atacantes podrían ser capaces de interrumpir s... • http://www.securitytracker.com/id/1040561 • CWE-295: Improper Certificate Validation •
CVSS: 9.3EPSS: 0%CPEs: 25EXPL: 0CVE-2018-5504
https://notcve.org/view.php?id=CVE-2018-5504
22 Mar 2018 — In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1. En algunas circunstancias, el TMM (Traffic Management Microkernel) no gestiona correctamente algunas peticiones/respuestas Websockets mal formadas. Esto permite que atacantes remotos provoquen u... • http://www.securitytracker.com/id/1040558 •