Show filters
273 Total Results
Displaying 141-150 of 273
Sort by:
Attacker Value
Unknown

CVE-2018-15311

Disclosure Date: October 10, 2018 (last updated November 27, 2024)
When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload (LRO) feature enabled, TMM may crash, leading to a failover event. This vulnerability is not exposed unless LRO is enabled, so most affected customers will be on 13.1.x. LRO has been available since 11.4.0 but is not enabled by default until 13.1.0.
0
0
Attacker Value
Unknown

CVE-2018-5391

Disclosure Date: September 06, 2018 (last updated November 08, 2023)
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-5390

Disclosure Date: August 06, 2018 (last updated November 08, 2023)
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-8032

Disclosure Date: August 02, 2018 (last updated November 08, 2023)
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2018-5542

Disclosure Date: July 25, 2018 (last updated November 27, 2024)
F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server.
0
0
Attacker Value
Unknown

CVE-2018-5537

Disclosure Date: July 25, 2018 (last updated November 27, 2024)
A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end.
0
0
Attacker Value
Unknown

CVE-2018-5531

Disclosure Date: July 25, 2018 (last updated November 27, 2024)
Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6, adjacent network attackers can cause a denial of service for VCMP guest and host systems. Attack must be sourced from adjacent network (layer 2).
0
0
Attacker Value
Unknown

CVE-2018-5530

Disclosure Date: July 25, 2018 (last updated November 27, 2024)
F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb".
0
0
Attacker Value
Unknown

CVE-2018-5535

Disclosure Date: July 19, 2018 (last updated November 27, 2024)
On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of Service.
0
0
Attacker Value
Unknown

CVE-2018-5534

Disclosure Date: July 19, 2018 (last updated November 27, 2024)
Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic.
0
0
View More Topics  < Previous  Next >