diff --git a/2017/6xxx/CVE-2017-6143.json b/2017/6xxx/CVE-2017-6143.json index 701d7a8a057..384a5df8a1d 100644 --- a/2017/6xxx/CVE-2017-6143.json +++ b/2017/6xxx/CVE-2017-6143.json @@ -41,7 +41,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server's identity is not properly validated in BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.2, or 11.5.0-11.5.5." + "value" : "X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server's identity is not properly validated in F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.2, or 11.5.0-11.5.5." } ] }, @@ -60,6 +60,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K11464209", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K11464209" } ] diff --git a/2017/6xxx/CVE-2017-6148.json b/2017/6xxx/CVE-2017-6148.json index 66d2fe5e81d..69db1c019bd 100644 --- a/2017/6xxx/CVE-2017-6148.json +++ b/2017/6xxx/CVE-2017-6148.json @@ -44,7 +44,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Responses to SOCKS proxy requests made through BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server. The control plane is not impacted by this vulnerability." + "value" : "Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server. The control plane is not impacted by this vulnerability." } ] }, @@ -63,6 +63,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K55225440", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K55225440" } ] diff --git a/2017/6xxx/CVE-2017-6155.json b/2017/6xxx/CVE-2017-6155.json index f89e3dcee65..28764feead1 100644 --- a/2017/6xxx/CVE-2017-6155.json +++ b/2017/6xxx/CVE-2017-6155.json @@ -47,7 +47,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "On BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure." + "value" : "On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure." } ] }, @@ -66,6 +66,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K10930474", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K10930474" } ] diff --git a/2017/6xxx/CVE-2017-6156.json b/2017/6xxx/CVE-2017-6156.json index 57ddb0d1114..38e0977be32 100644 --- a/2017/6xxx/CVE-2017-6156.json +++ b/2017/6xxx/CVE-2017-6156.json @@ -44,7 +44,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "When the BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary credentials to negotiate the phase 1 of the IPSec exchange to exploit this vulnerability; in many environment this limits the attack surface to other endpoints under the same administration." + "value" : "When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary credentials to negotiate the phase 1 of the IPSec exchange to exploit this vulnerability; in many environment this limits the attack surface to other endpoints under the same administration." } ] }, @@ -63,6 +63,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K05263202", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K05263202" } ] diff --git a/2017/6xxx/CVE-2017-6158.json b/2017/6xxx/CVE-2017-6158.json index 52fb29266ac..e3258c69d35 100644 --- a/2017/6xxx/CVE-2017-6158.json +++ b/2017/6xxx/CVE-2017-6158.json @@ -44,7 +44,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "In BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 there is a vulnerability in TMM related to handling of invalid IP addresses" + "value" : "In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 there is a vulnerability in TMM related to handling of invalid IP addresses." } ] }, @@ -63,6 +63,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K19361245", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K19361245" } ] diff --git a/2018/10xxx/CVE-2018-10066.json b/2018/10xxx/CVE-2018-10066.json index a57293d5e49..16bd12d896d 100644 --- a/2018/10xxx/CVE-2018-10066.json +++ b/2018/10xxx/CVE-2018-10066.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-10066", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network (for example, at site-to-site tunnels)." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://janis-streib.de/2018/04/11/mikrotik-openvpn-security", + "refsource" : "MISC", + "url" : "https://janis-streib.de/2018/04/11/mikrotik-openvpn-security" } ] } diff --git a/2018/10xxx/CVE-2018-10087.json b/2018/10xxx/CVE-2018-10087.json new file mode 100644 index 00000000000..e36c21c96a6 --- /dev/null +++ b/2018/10xxx/CVE-2018-10087.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10087", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd83c161fbcc5d8be637ab159c0de015cbff5ba4", + "refsource" : "MISC", + "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd83c161fbcc5d8be637ab159c0de015cbff5ba4" + }, + { + "name" : "https://github.com/torvalds/linux/commit/dd83c161fbcc5d8be637ab159c0de015cbff5ba4", + "refsource" : "MISC", + "url" : "https://github.com/torvalds/linux/commit/dd83c161fbcc5d8be637ab159c0de015cbff5ba4" + }, + { + "name" : "https://news.ycombinator.com/item?id=2972021", + "refsource" : "MISC", + "url" : "https://news.ycombinator.com/item?id=2972021" + } + ] + } +} diff --git a/2018/5xxx/CVE-2018-5506.json b/2018/5xxx/CVE-2018-5506.json index 871205aafae..8e6073802db 100644 --- a/2018/5xxx/CVE-2018-5506.json +++ b/2018/5xxx/CVE-2018-5506.json @@ -47,7 +47,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "In BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager (EM) and managed BIG-IP devices." + "value" : "In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager (EM) and managed BIG-IP devices." } ] }, @@ -66,6 +66,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K65355492", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K65355492" } ] diff --git a/2018/5xxx/CVE-2018-5507.json b/2018/5xxx/CVE-2018-5507.json index 1ff5801cb7b..8cc8d7ea80f 100644 --- a/2018/5xxx/CVE-2018-5507.json +++ b/2018/5xxx/CVE-2018-5507.json @@ -44,7 +44,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "On BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU." + "value" : "On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU." } ] }, @@ -63,6 +63,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K52521791", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K52521791" } ] diff --git a/2018/5xxx/CVE-2018-5508.json b/2018/5xxx/CVE-2018-5508.json index d0159e9f113..f400233fac5 100644 --- a/2018/5xxx/CVE-2018-5508.json +++ b/2018/5xxx/CVE-2018-5508.json @@ -47,7 +47,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "On BIG-IP PEM versions 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.5.1-11.5.5, or 11.2.1, under certain conditions, TMM may crash when processing compressed data though a Virtual Server with an associated PEM profile using the content insertion option." + "value" : "On F5 BIG-IP PEM versions 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.5.1-11.5.5, or 11.2.1, under certain conditions, TMM may crash when processing compressed data though a Virtual Server with an associated PEM profile using the content insertion option." } ] }, @@ -66,6 +66,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K10329515", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K10329515" } ] diff --git a/2018/5xxx/CVE-2018-5510.json b/2018/5xxx/CVE-2018-5510.json index bd9be074718..181d29959aa 100644 --- a/2018/5xxx/CVE-2018-5510.json +++ b/2018/5xxx/CVE-2018-5510.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "On BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management Microkernel (TMM) may restart when processing a specific sequence of packets on IPv6 virtual servers." + "value" : "On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management Microkernel (TMM) may restart when processing a specific sequence of packets on IPv6 virtual servers." } ] }, @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K77671456", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K77671456" } ] diff --git a/2018/5xxx/CVE-2018-5511.json b/2018/5xxx/CVE-2018-5511.json index e1b6026d98b..06bc080af65 100644 --- a/2018/5xxx/CVE-2018-5511.json +++ b/2018/5xxx/CVE-2018-5511.json @@ -38,7 +38,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "On BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced." + "value" : "On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced." } ] }, @@ -57,6 +57,8 @@ "references" : { "reference_data" : [ { + "name" : "https://support.f5.com/csp/article/K30500703", + "refsource" : "CONFIRM", "url" : "https://support.f5.com/csp/article/K30500703" } ] diff --git a/2018/6xxx/CVE-2018-6958.json b/2018/6xxx/CVE-2018-6958.json index d8c9d0e1def..5a67c3f05b1 100644 --- a/2018/6xxx/CVE-2018-6958.json +++ b/2018/6xxx/CVE-2018-6958.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "http://www.vmware.com/security/advisories/VMSA-2018-0009.html", + "refsource" : "CONFIRM", "url" : "http://www.vmware.com/security/advisories/VMSA-2018-0009.html" } ] diff --git a/2018/6xxx/CVE-2018-6959.json b/2018/6xxx/CVE-2018-6959.json index 5e2ba8ef787..e8e7594e042 100644 --- a/2018/6xxx/CVE-2018-6959.json +++ b/2018/6xxx/CVE-2018-6959.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "http://www.vmware.com/security/advisories/VMSA-2018-0009.html", + "refsource" : "CONFIRM", "url" : "http://www.vmware.com/security/advisories/VMSA-2018-0009.html" } ]