The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of TMOS

computer threat note CVE-2018-5527

F5 BIG-IP: memory leak via SSL Forward Proxy

Synthesis of the vulnerability

An attacker can create a memory leak via SSL Forward Proxy of F5 BIG-IP, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 27/06/2018.
Identifiers: CVE-2018-5527, K20134942, VIGILANCE-VUL-26560.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can create a memory leak via SSL Forward Proxy of F5 BIG-IP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2018-5528

F5 BIG-IP APM: denial of service via TMM

Synthesis of the vulnerability

An attacker can generate a fatal error via TMM of F5 BIG-IP APM, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 27/06/2018.
Identifiers: CVE-2018-5528, K27044729, VIGILANCE-VUL-26556.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via TMM of F5 BIG-IP APM, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability CVE-2018-3665

Intel Microprocessors: information disclosure via Lazy FP State Restore

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Lazy FP State Restore of Intel Microprocessors, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 14/06/2018.
Identifiers: ADV180016, CERTFR-2018-AVI-290, CERTFR-2018-AVI-292, CERTFR-2018-AVI-295, CERTFR-2018-AVI-296, CERTFR-2018-AVI-299, CERTFR-2018-AVI-301, CERTFR-2018-AVI-308, CERTFR-2018-AVI-312, CERTFR-2018-AVI-319, CERTFR-2018-AVI-321, CERTFR-2018-AVI-330, CERTFR-2018-AVI-584, CTX235745, CVE-2018-3665, DLA-1422-1, DLA-1422-2, DSA-4232-1, FEDORA-2018-d3cb6f113c, FG-IR-18-002, FreeBSD-SA-18:07.lazyfpu, HT208937, ibm10742755, INTEL-SA-00145, JSA10917, K21344224, openSUSE-SU-2018:1773-1, openSUSE-SU-2018:2116-1, openSUSE-SU-2018:2211-1, RHSA-2018:1852-01, RHSA-2018:1944-01, RHSA-2018:2164-01, RHSA-2018:2165-01, RHSA-2019:1170-01, RHSA-2019:1190-01, SUSE-SU-2018:1761-1, SUSE-SU-2018:1762-1, SUSE-SU-2018:1772-1, SUSE-SU-2018:1816-1, SUSE-SU-2018:1821-1, SUSE-SU-2018:1846-1, SUSE-SU-2018:1849-1, SUSE-SU-2018:1855-1, SUSE-SU-2018:1981-1, SUSE-SU-2018:2037-1, SUSE-SU-2018:2056-1, SUSE-SU-2018:2059-1, SUSE-SU-2018:2069-1, SUSE-SU-2018:2081-1, SUSE-SU-2018:2528-1, Synology-SA-18:31, USN-3696-1, USN-3696-2, USN-3698-1, USN-3698-2, VIGILANCE-VUL-26423, XSA-267.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Lazy FP State Restore of Intel Microprocessors, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2018-0732

OpenSSL: denial of service via Large DH Parameter

Synthesis of the vulnerability

An attacker can generate a fatal error via Large DH Parameter of OpenSSL, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 12/06/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-511, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-0732, DLA-1449-1, DSA-4348-1, DSA-4355-1, FEDORA-2019-00c25b9379, ibm10719319, ibm10729805, ibm10738401, ibm10743283, ibm10874728, JSA10919, K21665601, openSUSE-SU-2018:1906-1, openSUSE-SU-2018:2117-1, openSUSE-SU-2018:2129-1, openSUSE-SU-2018:2667-1, openSUSE-SU-2018:2695-1, openSUSE-SU-2018:2816-1, openSUSE-SU-2018:2855-1, openSUSE-SU-2018:3013-1, openSUSE-SU-2018:3015-1, PAN-SA-2018-0015, RHSA-2018:3221-01, SSA:2018-226-01, SUSE-SU-2018:1887-1, SUSE-SU-2018:1968-1, SUSE-SU-2018:2036-1, SUSE-SU-2018:2041-1, SUSE-SU-2018:2207-1, SUSE-SU-2018:2647-1, SUSE-SU-2018:2683-1, SUSE-SU-2018:2812-1, SUSE-SU-2018:2956-1, SUSE-SU-2018:2965-1, SUSE-SU-2019:1553-1, SYMSA1462, TNS-2018-14, TNS-2018-17, TSB17568, USN-3692-1, USN-3692-2, VIGILANCE-VUL-26375.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Large DH Parameter of OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat announce CVE-2018-5526

F5 BIG-IP: denial of service via Behavioral DoS

Synthesis of the vulnerability

An attacker can generate a fatal error via Behavioral DoS of F5 BIG-IP, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 31/05/2018.
Identifiers: CVE-2018-5526, K62201098, VIGILANCE-VUL-26281.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Behavioral DoS of F5 BIG-IP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2018-5522

F5 BIG-IP: denial of service via DIAMETER

Synthesis of the vulnerability

An attacker can send malicious DIAMETER packets to F5 BIG-IP, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 31/05/2018.
Identifiers: CVE-2018-5522, K54130510, VIGILANCE-VUL-26280.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can send malicious DIAMETER packets to F5 BIG-IP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-5524

F5 BIG-IP: denial of service via SSL Profiles

Synthesis of the vulnerability

An attacker can generate a fatal error via SSL Profiles of F5 BIG-IP, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 31/05/2018.
Identifiers: CVE-2018-5524, K53931245, VIGILANCE-VUL-26279.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via SSL Profiles of F5 BIG-IP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security note CVE-2017-6153

F5 BIG-IP: denial of service via Inflate Zip Bomb

Synthesis of the vulnerability

An attacker can generate a fatal error via Inflate Zip Bomb of F5 BIG-IP, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 31/05/2018.
Identifiers: CVE-2017-6153, K52167636, VIGILANCE-VUL-26278.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Inflate Zip Bomb of F5 BIG-IP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness note CVE-2018-5523

F5 BIG-IP: privilege escalation via Configuration Utility

Synthesis of the vulnerability

An attacker can bypass restrictions via Configuration Utility of F5 BIG-IP, in order to escalate his privileges.
Severity: 2/4.
Creation date: 31/05/2018.
Identifiers: CVE-2018-5523, K50254952, VIGILANCE-VUL-26277.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Configuration Utility of F5 BIG-IP, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer threat announce CVE-2018-5513

F5 BIG-IP: denial of service via TLS Handshake

Synthesis of the vulnerability

An attacker can generate a fatal error via TLS Handshake of F5 BIG-IP, in order to trigger a denial of service.
Severity: 3/4.
Creation date: 31/05/2018.
Identifiers: CVE-2018-5513, K46940010, VIGILANCE-VUL-26276.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via TLS Handshake of F5 BIG-IP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about TMOS: