CVE-2016-7475
- EPSS 1.32%
- Veröffentlicht 08.10.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 02:58:04
Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles.
CVE-2018-14634
- EPSS 14.81%
- Veröffentlicht 25.09.2018 21:29:00
- Zuletzt bearbeitet 27.01.2026 15:55:15
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6...
CVE-2018-15310
- EPSS 0.87%
- Veröffentlicht 13.09.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:50:31
A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP software version in rewritten pages.
CVE-2018-5548
- EPSS 1.45%
- Veröffentlicht 13.09.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 04:09:02
On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks...
CVE-2018-5549
- EPSS 1.78%
- Veröffentlicht 13.09.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 04:09:03
On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and 13.1.0-13.1.0.3, APMD may core when processing SAML Assertion or response containing certain elements.
CVE-2018-5391
- EPSS 24.58%
- Veröffentlicht 06.09.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:08:43
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments...
CVE-2018-5546
- EPSS 0.45%
- Veröffentlicht 17.08.2018 12:29:00
- Zuletzt bearbeitet 21.11.2024 04:09:02
The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A maliciou...
CVE-2018-5390
- EPSS 73.54%
- Veröffentlicht 06.08.2018 20:29:01
- Zuletzt bearbeitet 21.11.2024 04:08:43
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
CVE-2018-5544
- EPSS 2.47%
- Veröffentlicht 31.07.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 04:09:02
When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain pages (pages with a logon agent or a confirm box), the BIG-IP APM may disclose configuration information such as partition and agent names via URI parameters.
CVE-2018-5530
- EPSS 1.78%
- Veröffentlicht 25.07.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 04:09:00
F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb".