F5 Networks BIG-IP : BIG-IP ASM and BIG-IP AFM/BIG-IP Analytics vulnerability (K23520761)

On F5 BIG-IP 13.1.0 - 13.1.0.3, when ASM and one or more of these modules AFM/AVR are provisioned, the Traffic Management Microkernel TMM may restart while processing DNS requests when thevirtual server is configured with a DNS profile and the Protocol setting is set to TCP . CVE-2018-5505 Note :...

F5 Networks BIG-IP : BIG-IP ASM data processing vulnerability (K38243073)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.3 / 12.1.3.2 / 13.1.0. It is, therefore, affected by a vulnerability as referenced in the K38243073 advisory. - On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, the BIG-IP ASM bd daemon may...

F5 Networks BIG-IP : BIG-IP ASM vulnerability (K12403422)

When the BIG-IP ASM system processes HTTP requests, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. CVE-2018-5541 Impact BIG-IP When this vulnerability is exploited, the BIG-IP ASM system may experience a denial of service DoS. BIG-IP systems th...

Netwide Assembler Null Pointer Dereference Vulnerability

Netwide Assembler NASM is a Linux-based assembler that creates binaries and writes bootloaders. A null pointer dereference vulnerability exists in the asm/labels.c file in NASM, which can be exploited to cause a denial of service null pointer backreference with the help of a specially crafted fil...

CVE-2018-16517

CVE-2018-16517 affects NASM: a NULL pointer dereference in asm/labels.c can allow a denial of service via a crafted input file. The vulnerability is documented in multiple advisories and Nessus plugins, and is addressed by NASM 2.14.02+/later patches in several distributions (e.g., openSUSE/SUSE ...

CVE-2018-1000667

NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption crashed of nasm when handling a crafted file due to function assemblefileinname, dependptr at asm/nasm.c:482. vulnerability in function assemblefileinname, dependptr at asm/nasm.c:482. that can result in...

Memory corruption

NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption crashed of nasm when handling a crafted file due to function assemblefileinname, dependptr at asm/nasm.c:482. vulnerability in function assemblefileinname, dependptr at asm/nasm.c:482. that can result in...

CVE-2018-1000667

CVE-2018-1000667 is referenced in connected content as a memory corruption (crash) in Netwide Assembler (NASM) when handling a crafted file. Specifically, the issue is described in the function assemble_file(inname, depend_ptr) at asm/nasm.c:482, affecting NASM 2.14rc15 and earlier. The vulnerabi...

CVE-2018-5541

When F5 BIG-IP ASM 13.0.0-13.1.0.1, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.5.1-11.5.6 is processing HTTP requests, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process...

CVE-2018-5539

Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, 11.5.1-11.5.6, or 11.2.1, when processing CSRF protections, the BIG-IP ASM bd process may restart and produce a core file...

CVE-2018-5539

Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, 11.5.1-11.5.6, or 11.2.1, when processing CSRF protections, the BIG-IP ASM bd process may restart and produce a core file...

Cross site request forgery (csrf)

Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, 11.5.1-11.5.6, or 11.2.1, when processing CSRF protections, the BIG-IP ASM bd process may restart and produce a core file...

Code injection

When F5 BIG-IP ASM 13.0.0-13.1.0.1, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.5.1-11.5.6 is processing HTTP requests, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process...

CVE-2018-5539

Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, 11.5.1-11.5.6, or 11.2.1, when processing CSRF protections, the BIG-IP ASM bd process may restart and produce a core file...

CVE-2018-5541

When F5 BIG-IP ASM 13.0.0-13.1.0.1, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.5.1-11.5.6 is processing HTTP requests, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process...

CVE-2018-5539

The CVE affects F5 BIG-IP ASM. Conditions when processing CSRF protections may cause the bd process to restart and write a core file, leaving the ASM unable to process traffic. Affected versions include 13.0.0–13.1.0.7, 12.1.0–12.1.3.5, 11.6.0–11.6.3.1, 11.5.1–11.5.6, and 11.2.1. Remediation per ...

CVE-2018-5541

CVE-2018-5541 affects F5 BIG-IP ASM (BD process) where processing HTTP requests with an unusually large number of parameters can cause excessive CPU usage, leading to a DoS. Affected versions include BIG-IP ASM 13.0.0–13.1.0.1, 12.1.0–12.1.3.5, 11.6.0–11.6.3.1, and 11.5.1–11.5.6. Mitigation is to...

CVE-2018-5526

Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral DOS BADOS protection may fail during an attack...

Design/Logic Flaw

Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral DOS BADOS protection may fail during an attack...

CVE-2018-5526

The vulnerability CVE-2018-5526 affects F5 BIG-IP ASM (Application Security Manager) where Behavioral DoS (BADoS) protection may fail under attack. Affected releases include BIG-IP ASM 13.1.0 through 13.1.0.5; the advisory indicates fixes were introduced in 13.1.0.6 (and related updates) and list...