CVSS: 5.3EPSS: 0%CPEs: 78EXPL: 0CVE-2019-6640
https://notcve.org/view.php?id=CVE-2019-6640
03 Jul 2019 — On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, SNMP exposes sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is inserted into various profile types and accessed using SNMPv2. En BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4 y 11.5.1-11.5 .8, SNMP expone objetos de configuración sensibles sobre canales de transmisión no seguros. Este problema ... • http://www.securityfocus.com/bid/109089 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.4EPSS: 0%CPEs: 78EXPL: 0CVE-2019-6635
https://notcve.org/view.php?id=CVE-2019-6635
03 Jul 2019 — On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, when the BIG-IP system is licensed for Appliance mode, a user with either the Administrator or the Resource Administrator role can bypass Appliance mode restrictions. En BIG-IP versiones 4.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, y 11.5.1-11.5.8, cuando el sistema BIG-IP tiene licencia para el modo Appliance, un usuario con los roles de administrador o admini... • http://www.securityfocus.com/bid/109098 •
CVSS: 4.4EPSS: 0%CPEs: 78EXPL: 0CVE-2019-6633
https://notcve.org/view.php?id=CVE-2019-6633
03 Jul 2019 — On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource Administrator roles can bypass Appliance mode restrictions. En BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, y 11.5.1-11.6.4, cuando el BIG-IP El sistema tiene licencia con el modo de dispositivo, las cuentas de usuario con roles de administrador y administrador de recursos pueden om... • http://www.securityfocus.com/bid/109113 •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2019-6631
https://notcve.org/view.php?id=CVE-2019-6631
03 Jul 2019 — On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs. En BIG-IP 11.5.1-11.6.4, los iRules que realizan la manipulación del encabezado HTTP pueden causar una interrupción en el servicio cuando se procesa el tráfico manejado por un servidor virtual con un perfil HTTP asociado, en circunstancias espe... • http://www.securityfocus.com/bid/109119 •
CVSS: 6.1EPSS: 0%CPEs: 65EXPL: 0CVE-2019-6625
https://notcve.org/view.php?id=CVE-2019-6625
03 Jul 2019 — On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI) also known as the BIG-IP Configuration utility. En BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, y 11.5.1-11.6.4, un Cross-Site reflejado Existe una vulnerabilidad de scripting (XSS) en una página no revelada de la Interfaz de usuario de gestión de trá... • https://support.f5.com/csp/article/K79902360 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 1%CPEs: 52EXPL: 0CVE-2019-6622
https://notcve.org/view.php?id=CVE-2019-6622
02 Jul 2019 — On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, an undisclosed iControl REST worker is vulnerable to command injection by an administrator or resource administrator user. This attack is only exploitable on multi-bladed systems. En BIG-IP versiones 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, y 11.5.1-11.6.4, un iControl REST worker no revelado es vulnerable a la inyección de comandos por parte de un usuario administrador o un usuario ad... • https://support.f5.com/csp/article/K44885536 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.2EPSS: 3%CPEs: 80EXPL: 0CVE-2019-6621
https://notcve.org/view.php?id=CVE-2019-6621
02 Jul 2019 — On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ 7.0.0-7.1.0.2, 6.0.0-6.1.0, and 5.1.0-5.4.0, an undisclosed iControl REST worker is vulnerable to command injection by an admin/resource admin user. This issue impacts both iControl REST and tmsh implementations. En BIG-IP versiones 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, y 11.5.2-11.5.8 y BIG-IQ versiones 7.0.0-7.1.0.2, 6.0.0-6.1.0, y 5.1.0... • https://support.f5.com/csp/article/K20541896 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 1%CPEs: 54EXPL: 0CVE-2019-6620
https://notcve.org/view.php?id=CVE-2019-6620
02 Jul 2019 — On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4 and BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, an undisclosed iControl REST worker vulnerable to command injection for an Administrator user. En BIG-IP versiones 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, y 11.5.1-11.6.4 y BIG-IQ versiones 6.0. 0-6.1.0 y 5.1.0-5.4.0, un iControl REST worker no revelado es vulnerable a la inyección de comandos para un usuario Administrador. • https://support.f5.com/csp/article/K20445457 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 69EXPL: 0CVE-2019-6642
https://notcve.org/view.php?id=CVE-2019-6642
01 Jul 2019 — In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp. En BIG-IP versiones 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.... • https://support.f5.com/csp/article/K40378764 •
CVSS: 8.8EPSS: 1%CPEs: 21EXPL: 0CVE-2019-13135 – ImageMagick: a "use of uninitialized value" vulnerability in the function ReadCUTImage leading to a crash and DoS
https://notcve.org/view.php?id=CVE-2019-13135
01 Jul 2019 — ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c. ImageMagick en versiones anteriores a la 7.0.8-50 tiene una vulnerabilidad de "use of uninitialized value" en la función ReadCUTImage in coders/cut.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •