Total
10428 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5517 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs. | |||||
| CVE-2018-5515 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 6.3 MEDIUM | 4.4 MEDIUM |
| On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event. | |||||
| CVE-2018-5514 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue. | |||||
| CVE-2018-5513 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue. | |||||
| CVE-2018-5510 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management Microkernel (TMM) may restart when processing a specific sequence of packets on IPv6 virtual servers. | |||||
| CVE-2018-5509 | 1 F5 | 8 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 5 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. With the fix of this issue, additional configuration validation logic has been added to prevent this configuration from being applied to a virtual server. There is only data plane exposure to this issue with a non-standard configuration. There is no control plane exposure. | |||||
| CVE-2018-5503 | 1 F5 | 1 Big-ip Policy Enforcement Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action. | |||||
| CVE-2018-5499 | 1 Atto | 2 Fibrebridge 7500n, Fibrebridge 7500n Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ATTO FibreBridge 7500N firmware version 2.95 is susceptible to a vulnerability which allows attackers to cause a Denial of Service (DoS). | |||||
| CVE-2018-5498 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 3.5 LOW | 4.4 MEDIUM |
| Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access. | |||||
| CVE-2018-5492 | 1 Netapp | 1 E-series Santricity Os Controller | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| NetApp E-Series SANtricity OS Controller Software 11.30 and later version 11.30.5 is susceptible to unauthenticated remote code execution. | |||||
| CVE-2018-5488 | 1 Netapp | 2 Santricity Storage Manager, Santricity Web Services Proxy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution. | |||||
| CVE-2018-5487 | 2 Linux, Netapp | 2 Linux Kernel, Oncommand Unified Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution. | |||||
| CVE-2018-5474 | 1 Philips | 1 Intellispace Portal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash. | |||||
| CVE-2018-5447 | 1 Nrec | 2 Pcs-9611, Pcs-9611 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An Improper Input Validation issue was discovered in Nari PCS-9611 relay. An improper input validation vulnerability has been identified that affects a service within the software that may allow a remote attacker to arbitrarily read/access system resources and affect the availability of the system. | |||||
| CVE-2018-5441 | 1 Phoenixcontact | 46 Mguard Centerport, Mguard Centerport Firmware, Mguard Core Tx Vpn and 43 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages. | |||||
| CVE-2018-5391 | 7 Canonical, Debian, F5 and 4 more | 73 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 70 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. | |||||
| CVE-2018-5341 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts. | |||||
| CVE-2018-5279 | 1 Malwarebytes | 1 Malwarebytes | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit). | |||||
| CVE-2018-5278 | 1 Malwarebytes | 1 Malwarebytes | 2024-11-21 | 6.1 MEDIUM | 3.3 LOW |
| In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit). | |||||
| CVE-2018-5277 | 1 Malwarebytes | 1 Malwarebytes | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e000. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit). | |||||