CVSS: 6.5EPSS: 0%CPEs: 71EXPL: 0CVE-2018-15322
https://notcve.org/view.php?id=CVE-2018-15322
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action utilises storage space on the /var partition and when performed repeatedly causes the /var partition to be full. En BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2 o 11.2.1-11.5.6; BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 o 4.6.0; BIG-IQ Cloud and Orchestration 1.0.0; iWorkflow 2.0.1-2.3.0 o Enterprise Manager 3.1.1, un usuario BIG-IP con acceso tmsh podría provocar que el sistema BIG-IP experimente una denegación de servicio (DoS) cuando este usuario emplea la utilidad tmsh para ejecutar el comando de preferencias edit cli y guarda los cambios repetidamente en otro nombre de archivo. Esta acción emplea almacenamiento de la partición /var y, cuando se realiza repetidamente, provoca que la partición /var se llene. • https://support.f5.com/csp/article/K28003839 •
CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 0CVE-2018-15315
https://notcve.org/view.php?id=CVE-2018-15315
On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a reflected Cross Site Scripting (XSS) vulnerability in an undisclosed Configuration Utility page. En F5 BIG-IP 13.0.0-13.1.1.1 y 12.1.0-12.1.3.6, hay una vulnerabilidad Cross-Site Scripting (XSS) reflejado en una página Configuration Utility sin revelar. • http://www.securitytracker.com/id/1041935 https://support.f5.com/csp/article/K41704442 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 0CVE-2018-15312
https://notcve.org/view.php?id=CVE-2018-15312
On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an authenticated user to execute JavaScript for the currently logged-in user. En F5 BIG-IP 13.0.0-13.1.1.1 y 12.1.0-12.1.3.6, existe una vulnerabilidad Cross-Site Scripting (XSS) reflejado en una página sin revelar de la utilidad de configuración de BIG-IP que permite que un usuario sin configurar ejecute JavaScript para el usuario autenticado actual. • http://www.securitytracker.com/id/1041932 https://support.f5.com/csp/article/K44462254 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 52EXPL: 0CVE-2018-15311
https://notcve.org/view.php?id=CVE-2018-15311
When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload (LRO) feature enabled, TMM may crash, leading to a failover event. This vulnerability is not exposed unless LRO is enabled, so most affected customers will be on 13.1.x. LRO has been available since 11.4.0 but is not enabled by default until 13.1.0. Cuando F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2 o 11.5.1-11.5.6 está procesando tráfico TCP especialmente manipulado con la característica Large Receive Offload (LRO) habilitada, TMM podría cerrarse inesperadamente, conduciendo a un evento "failover". Esta vulnerabilidad no está expuesta a menos que LRO esté habilitado, por lo que la mayor parte de clientes afectados estarán en las versiones 13.1.x. • https://support.f5.com/csp/article/K07550539 •
CVSS: 7.8EPSS: 1%CPEs: 152EXPL: 0CVE-2018-5391 – The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets
https://notcve.org/view.php?id=CVE-2018-5391
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. El kernel de Linux en versiones a partir de la 3.9 es vulnerable a un ataque de denegación de servicio (DoS) con tasas bajas de paquetes especialmente modificados que apuntan hacia el reensamblado de fragmentos de IP. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 http://www.securityfocus.com/bid/105108 http://www.securitytracker.com/id/1041476 http://www.securitytracker.com/id/1041637 https://access.redhat.co • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •