CVE-2018-5743 – Limiting simultaneous TCP clients was ineffective
https://notcve.org/view.php?id=CVE-2018-5743
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. • https://kb.isc.org/docs/cve-2018-5743 https://support.f5.com/csp/article/K74009656?utm_source=f5support&%3Butm_medium=RSS https://www.synology.com/security/advisory/Synology_SA_19_20 https://access.redhat.com/security/cve/CVE-2018-5743 https://bugzilla.redhat.com/show_bug.cgi?id=1702541 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2019-6609
https://notcve.org/view.php?id=CVE-2019-6609
Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1 HF2-12.1.4, the secureKeyCapable attribute was not set which causes secure vault to not use the F5 hardware support to store the unit key. Instead the unit key is stored in plaintext on disk as would be the case for Z100 systems. Additionally this causes the unit key to be stored in UCS files taken on these platforms. • https://support.f5.com/csp/article/K18535734 • CWE-522: Insufficiently Protected Credentials •
CVE-2019-6608
https://notcve.org/view.php?id=CVE-2019-6608
On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, the snmpd daemon may leak memory on a multi-blade BIG-IP vCMP guest when processing authorized SNMP requests. En BIG-IP, 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1 y 14.0.0-14.0.0.2, bajo ciertas circunstancias, el demonio snmpd podría divulgar memoria en un invitado BIG-IP vCMP con varios blades al procesar peticiones SNMP autorizadas. • https://support.f5.com/csp/article/K12139752 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-6606
https://notcve.org/view.php?id=CVE-2019-6606
On BIG-IP 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, when processing certain SNMP requests with a request-id of 0, the snmpd process may leak a small amount of memory. EN BIG-IP, en versiones 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3 y 14.0.0-14.0.0.2, al procesar determinadas peticiones SNMP con un "request-id" de 0, el proceso snmpd puede divulgar una pequeña cantidad de memoria. • http://www.securityfocus.com/bid/107636 https://support.f5.com/csp/article/K35209601 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-6604
https://notcve.org/view.php?id=CVE-2019-6604
On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, hardware systems with a High-Speed Bridge and using non-default Layer 2 forwarding configurations may experience a lockup of the High-Speed Bridge. En BIG-IP, en versiones 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1 y 14.0.0-14.0.0.2, en determinadas circunstancias, los sistemas de hardware con un puente de velocidad alta que utilizan configuraciones de reenvío de la capa 2 no establecidas por defecto podrían experimentar el bloqueo de dicho puente. • https://support.f5.com/csp/article/K26455071 •