CVE-2018-15312
https://notcve.org/view.php?id=CVE-2018-15312
On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an authenticated user to execute JavaScript for the currently logged-in user. En F5 BIG-IP 13.0.0-13.1.1.1 y 12.1.0-12.1.3.6, existe una vulnerabilidad Cross-Site Scripting (XSS) reflejado en una página sin revelar de la utilidad de configuración de BIG-IP que permite que un usuario sin configurar ejecute JavaScript para el usuario autenticado actual. • http://www.securitytracker.com/id/1041932 https://support.f5.com/csp/article/K44462254 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-15315
https://notcve.org/view.php?id=CVE-2018-15315
On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a reflected Cross Site Scripting (XSS) vulnerability in an undisclosed Configuration Utility page. En F5 BIG-IP 13.0.0-13.1.1.1 y 12.1.0-12.1.3.6, hay una vulnerabilidad Cross-Site Scripting (XSS) reflejado en una página Configuration Utility sin revelar. • http://www.securitytracker.com/id/1041935 https://support.f5.com/csp/article/K41704442 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-15311
https://notcve.org/view.php?id=CVE-2018-15311
When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload (LRO) feature enabled, TMM may crash, leading to a failover event. This vulnerability is not exposed unless LRO is enabled, so most affected customers will be on 13.1.x. LRO has been available since 11.4.0 but is not enabled by default until 13.1.0. Cuando F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2 o 11.5.1-11.5.6 está procesando tráfico TCP especialmente manipulado con la característica Large Receive Offload (LRO) habilitada, TMM podría cerrarse inesperadamente, conduciendo a un evento "failover". Esta vulnerabilidad no está expuesta a menos que LRO esté habilitado, por lo que la mayor parte de clientes afectados estarán en las versiones 13.1.x. • https://support.f5.com/csp/article/K07550539 •
CVE-2016-7475
https://notcve.org/view.php?id=CVE-2016-7475
Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles. En algunas circunstancias en BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1 o 11.4.0-11.5.4 HF1, Traffic Management Microkernel (TMM) podría no limpiar correctamente las conexiones de red de miembros del grupo al emplear los perfiles del servidor virtual SPDY o HTTP/2. • https://support.f5.com/csp/article/K01587042 • CWE-20: Improper Input Validation •
CVE-2018-5391 – The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets
https://notcve.org/view.php?id=CVE-2018-5391
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. El kernel de Linux en versiones a partir de la 3.9 es vulnerable a un ataque de denegación de servicio (DoS) con tasas bajas de paquetes especialmente modificados que apuntan hacia el reensamblado de fragmentos de IP. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 http://www.securityfocus.com/bid/105108 http://www.securitytracker.com/id/1041476 http://www.securitytracker.com/id/1041637 https://access.redhat.co • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •