CVSS: 5.5EPSS: 0%CPEs: 70EXPL: 0CVE-2019-6663
https://notcve.org/view.php?id=CVE-2019-6663
15 Nov 2019 — The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning (DNS Rebinding) attack. BIG-IP versiones 15.0.0 hasta 15.0.1, 14.0.0 hasta 14.1.2.2, 13.1.0 hasta 13.1.3.1, 12.1.0 hasta 12.1.5 y 11.5.1 hasta 11.6.5.1, BIG-IQ versión 7.0. 0, versiones 6.0.0 hasta 6.1.0 y versiones 5.2.0 hasta 5.4.0, iWorkflow versión 2.3.0 y la utilid... • https://support.f5.com/csp/article/K76052144 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1589EXPL: 0CVE-2018-12207 – hw: Machine Check Error on Page Size Change (IFU)
https://notcve.org/view.php?id=CVE-2018-12207
12 Nov 2019 — Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. Una invalidación inapropiada de las actualizaciones de la tabla de páginas por parte de un sistema operativo invitado virtual para múltiples procesadores Intel® puede habilitar a un usuario autenticado para permitir potencialmente una denegación de servicio del sistema host por medio de u... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html • CWE-20: Improper Input Validation CWE-226: Sensitive Information in Resource Not Removed Before Reuse •
CVSS: 7.5EPSS: 0%CPEs: 83EXPL: 0CVE-2018-14468 – tcpdump: Buffer over-read in mfr_print() function in print-fr.c
https://notcve.org/view.php?id=CVE-2018-14468
01 Oct 2019 — The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). El analizador FRF.16 en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en print-fr.c:mfr_print(). An out-of-bounds read vulnerability was discovered in tcpdump while printing FRF.16 packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application. Re... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 83EXPL: 1CVE-2018-14880 – tcpdump: Buffer over-read in ospf6_print_lshdr() function in print-ospf6.c
https://notcve.org/view.php?id=CVE-2018-14880
01 Oct 2019 — The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). El analizador OSPFv3 en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en la función print-ospf6.c:ospf6_print_lshdr(). An out-of-bounds read vulnerability was discovered in tcpdump while printing OSPFv3 packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the f... • https://github.com/Trinadh465/external_tcpdump_CVE-2018-14880 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-6656
https://notcve.org/view.php?id=CVE-2019-6656
25 Sep 2019 — BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated independently from BIG-IP software. Client version 7.1.8 (7180.2019.508.705) and later has the fix. BIG-IP APM Edge Client versiones anteriores a 7.1.8 (718... • https://support.f5.com/csp/article/K23876153 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 83EXPL: 0CVE-2019-6651
https://notcve.org/view.php?id=CVE-2019-6651
25 Sep 2019 — In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request. En BIG-IP versiones 15.0.0, 14.1.0 hasta 14.1.0.6, 14.0.0 hasta 14.0.0.5, 13.0.0 hasta 13.1.1.5, 12.1.0 hasta 12.1.4.1, 11.5.1 hasta 11.6.4, BIG-IQ versiones 7.0.0, 6.0.0 hasta 6.1.0, 5.2.0 hasta 5.4.0, iWorkflow v... • https://support.f5.com/csp/article/K89509323 • CWE-203: Observable Discrepancy •
CVSS: 9.1EPSS: 0%CPEs: 92EXPL: 0CVE-2019-6649
https://notcve.org/view.php?id=CVE-2019-6649
20 Sep 2019 — F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings. F5 BIG-IP versiones 15.0.0, 14.1.0 hasta 14.1.0.6, 14.0.0 hasta 14.0.0.5, 13.0.0 hasta 13.1.1.5, 12.1.0 hasta 12.1.4.1, 11.6.0 hasta 11.6.4 y 11.5.1 hasta 11.5.9 y Enterprise Manager versión 3.1.1, pueden exponer información confidencial... • https://support.f5.com/csp/article/K05123525 •
CVSS: 9.1EPSS: 1%CPEs: 81EXPL: 2CVE-2019-10744 – nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties
https://notcve.org/view.php?id=CVE-2019-10744
25 Jul 2019 — Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. Las versiones de lodash inferiores a 4.17.12, son vulnerables a la Contaminación de Prototipo. La función defaultsDeep podría ser engañada para agregar o modificar las propiedades de Object.prototype usando una carga útil de constructor. A Prototype Pollution vulnerability was found in lodash. • https://github.com/ossf-cve-benchmark/CVE-2019-10744 • CWE-20: Improper Input Validation CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.0EPSS: 0%CPEs: 69EXPL: 0CVE-2019-6642
https://notcve.org/view.php?id=CVE-2019-6642
01 Jul 2019 — In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp. En BIG-IP versiones 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.... • https://support.f5.com/csp/article/K40378764 •
CVSS: 5.9EPSS: 0%CPEs: 109EXPL: 0CVE-2019-6471 – A race condition when discarding malformed packets can cause BIND to exit with an assertion failure
https://notcve.org/view.php?id=CVE-2019-6471
20 Jun 2019 — A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1. Una condición de carrera que puede presentarse al descartar paquetes malformados puede provocar la salida de B... • https://kb.isc.org/docs/cve-2019-6471 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-617: Reachable Assertion •