CVSS: 7.5EPSS: 0%CPEs: 52EXPL: 0CVE-2018-5535
https://notcve.org/view.php?id=CVE-2018-5535
19 Jul 2018 — On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of Service. En F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3 o 11.5.1-11.6.3, las respuestas HTTP específicamente manipuladas, al ser procesadas por un servidor virtual con un perfil QoE asociado que tiene el vídeo ha... • http://www.securitytracker.com/id/1041344 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 92EXPL: 1CVE-2018-13405 – Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass
https://notcve.org/view.php?id=CVE-2018-13405
06 Jul 2018 — The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non... • https://www.exploit-db.com/exploits/45033 • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-5527
https://notcve.org/view.php?id=CVE-2018-5527
27 Jun 2018 — On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel (tmm) to leak memory. As a result, system memory usage increases over time, which may eventually cause a decrease in performance or a system reboot due to memory exhaustion. En BIG-IP 13.1.0-13.1.0.7, un atacante remoto que emplea métodos no revelados contra servidores virt... • http://www.securitytracker.com/id/1041196 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2018-5513
https://notcve.org/view.php?id=CVE-2018-5513
01 Jun 2018 — On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue. En F5 BIG-IP, 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5 o en la versión 11.2.1, un handshake TLS mal formado hace que TMM se cierre inesperadamente, lo que conduce a ... • http://www.securitytracker.com/id/1041017 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 79EXPL: 0CVE-2018-5523
https://notcve.org/view.php?id=CVE-2018-5523
01 Jun 2018 — On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. En F5 BIG-IP, de la versión 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5 o 11.2.1 y Enterprise Manager 3.1.1, cuando los usuarios administrativos a... • http://www.securitytracker.com/id/1041022 •
CVSS: 5.3EPSS: 0%CPEs: 78EXPL: 0CVE-2017-6153
https://notcve.org/view.php?id=CVE-2017-6153
01 Jun 2018 — Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack. Las características en el sistema F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5 o 11.2.1 que emplean directamente la funcionalidad inflate, mediante un iRule o mediante el código inflate del módulo PEM están sujetos... • http://www.securitytracker.com/id/1041024 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-5512
https://notcve.org/view.php?id=CVE-2018-5512
02 May 2018 — On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN cookies are enabled (default settings), undisclosed traffic patterns may cause TMM to restart. En F5 BIG-IP 13.1.0-13.1.0.5, cuando las cookies Large Receive Offload (LRO) y SYN están habilitadas (configuración por defecto), los patrones de tráfico no revelados pueden hacer que TMM se reinicie. • http://www.securityfocus.com/bid/104095 •
CVSS: 4.7EPSS: 0%CPEs: 44EXPL: 0CVE-2018-5516
https://notcve.org/view.php?id=CVE-2018-5516
02 May 2018 — On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed. En F5 BIG-IP 13.0.0-13.1.0.5... • http://www.securitytracker.com/id/1040799 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2018-5514
https://notcve.org/view.php?id=CVE-2018-5514
02 May 2018 — On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue. En F5 BIG-IP 13.1.0-13.1.0.5, los frames de petición HTTP/2 maliciosamente manipulados pueden conducir a una denegación de servicio (DoS). Hay una exposición del plano de datos para los servidores virtuales cuando el perfil HTTP2 está habilitado. • http://www.securityfocus.com/bid/104097 • CWE-20: Improper Input Validation •
CVSS: 6.3EPSS: 0%CPEs: 13EXPL: 0CVE-2018-5515
https://notcve.org/view.php?id=CVE-2018-5515
02 May 2018 — On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event. En F5 BIG-IP 13.0.0-13.1.0.5, el uso de respuestas de autenticación RADIUS de un servidor RADIUS con direcciones IPv6 podría hacer que TMM se cerrase inesperadamente, lo que conduce a un evento de conmutación por error. • http://www.securityfocus.com/bid/104099 • CWE-20: Improper Input Validation •