CVSS: 7.5EPSS: 0%CPEs: 88EXPL: 0CVE-2017-6132
https://notcve.org/view.php?id=CVE-2017-6132
21 Dec 2017 — In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM y Websafe, en versiones de software 13.0.0, de la 12.0.0 a la 12.1.2, de la 11.6.0 a la 11.6.1 y de la 11.5.0 a ... • http://www.securityfocus.com/bid/102333 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 104EXPL: 0CVE-2017-6164
https://notcve.org/view.php?id=CVE-2017-6164
21 Dec 2017 — In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, ... • http://www.securitytracker.com/id/1040054 • CWE-20: Improper Input Validation •
CVSS: 7.6EPSS: 0%CPEs: 11EXPL: 0CVE-2017-0301
https://notcve.org/view.php?id=CVE-2017-0301
21 Dec 2017 — In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources, however the application resources and backend servers are unaffected. En F5 BIG-IP APM, en sus versiones 1.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 y 12.1.2, las peticiones de acceso al portal BIG-IP APM no dev... • http://www.securitytracker.com/id/1040040 •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2017-6135
https://notcve.org/view.php?id=CVE-2017-6135
21 Dec 2017 — In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM y WebSafe en su versión 13.0.0, una fuga de memoria lenta producida por paquetes IPv4 e IPv6 no revelados enviados al puerto de gestión de BIG-IP o a su... • http://www.securitytracker.com/id/1040050 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.5EPSS: 0%CPEs: 20EXPL: 0CVE-2017-6167
https://notcve.org/view.php?id=CVE-2017-6167
21 Dec 2017 — In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM y WebSafe, en versiones 13.0.0 y de la 12.1.0 a la 12.1.2, las condiciones de carrera en iControl REST pueden conducir a la ejecución de comandos con niveles de privilegios diferentes a los... • http://www.securitytracker.com/id/1040053 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 176EXPL: 0CVE-2017-6140
https://notcve.org/view.php?id=CVE-2017-6140
21 Dec 2017 — On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services. En los productos BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800 y los ... • http://www.securitytracker.com/id/1040042 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2017-6133
https://notcve.org/view.php?id=CVE-2017-6133
21 Dec 2017 — In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM y WebSafe, en versiones 13.0.0 y de la 12.1.0 a la 12.1.2, las peticiones HTTP no reveladas podrían provocar una denegación de servicio (DoS). • http://www.securityfocus.com/bid/102467 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2017-6138
https://notcve.org/view.php?id=CVE-2017-6138
21 Dec 2017 — In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM y ... • http://www.securitytracker.com/id/1040051 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 11EXPL: 0CVE-2017-6166
https://notcve.org/view.php?id=CVE-2017-6166
22 Nov 2017 — In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device. En el software BIG-IP LTM, AAM, AFM, An... • http://www.securityfocus.com/bid/102264 • CWE-415: Double Free •
CVSS: 7.4EPSS: 0%CPEs: 27EXPL: 0CVE-2017-6168
https://notcve.org/view.php?id=CVE-2017-6168
17 Nov 2017 — On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack... • http://www.securityfocus.com/bid/101901 • CWE-203: Observable Discrepancy •