CVSS: 7.5EPSS: 0%CPEs: 52EXPL: 0CVE-2019-6624
https://notcve.org/view.php?id=CVE-2019-6624
02 Jul 2019 — On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, an undisclosed traffic pattern sent to a BIG-IP UDP virtual server may lead to a denial-of-service (DoS). En BIG-IP versiones 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4 y 12.1.0-12.1.4, un patrón de tráfico no revelado enviado hacia un servidor virtual BIG-IP UDP puede conllevar a una denegación de servicio (DoS). • https://support.f5.com/csp/article/K07127032 •
CVSS: 7.2EPSS: 0%CPEs: 52EXPL: 0CVE-2019-6622
https://notcve.org/view.php?id=CVE-2019-6622
02 Jul 2019 — On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, an undisclosed iControl REST worker is vulnerable to command injection by an administrator or resource administrator user. This attack is only exploitable on multi-bladed systems. En BIG-IP versiones 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, y 11.5.1-11.6.4, un iControl REST worker no revelado es vulnerable a la inyección de comandos por parte de un usuario administrador o un usuario ad... • https://support.f5.com/csp/article/K44885536 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 80EXPL: 0CVE-2019-6621
https://notcve.org/view.php?id=CVE-2019-6621
02 Jul 2019 — On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ 7.0.0-7.1.0.2, 6.0.0-6.1.0, and 5.1.0-5.4.0, an undisclosed iControl REST worker is vulnerable to command injection by an admin/resource admin user. This issue impacts both iControl REST and tmsh implementations. En BIG-IP versiones 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, y 11.5.2-11.5.8 y BIG-IQ versiones 7.0.0-7.1.0.2, 6.0.0-6.1.0, y 5.1.0... • https://support.f5.com/csp/article/K20541896 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 54EXPL: 0CVE-2019-6620
https://notcve.org/view.php?id=CVE-2019-6620
02 Jul 2019 — On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4 and BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, an undisclosed iControl REST worker vulnerable to command injection for an Administrator user. En BIG-IP versiones 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, y 11.5.1-11.6.4 y BIG-IQ versiones 6.0. 0-6.1.0 y 5.1.0-5.4.0, un iControl REST worker no revelado es vulnerable a la inyección de comandos para un usuario Administrador. • https://support.f5.com/csp/article/K20445457 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 69EXPL: 0CVE-2019-6642
https://notcve.org/view.php?id=CVE-2019-6642
01 Jul 2019 — In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp. En BIG-IP versiones 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.... • https://support.f5.com/csp/article/K40378764 •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2019-13135 – ImageMagick: a "use of uninitialized value" vulnerability in the function ReadCUTImage leading to a crash and DoS
https://notcve.org/view.php?id=CVE-2019-13135
01 Jul 2019 — ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c. ImageMagick en versiones anteriores a la 7.0.8-50 tiene una vulnerabilidad de "use of uninitialized value" en la función ReadCUTImage in coders/cut.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5236
https://notcve.org/view.php?id=CVE-2016-5236
01 Jul 2019 — Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe Alert Server, allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature. Las vulnerabilidades de Cross-Site-Scripting (XSS) en F5 WebSafe Dashboard versión 3.9.5 y versiones anteriores, también conocida como F5 WebSafe Alert Server, permiten a los usuarios autenticados privilegiados inyectar scripts web o HTML arbitrarios al crear un nuevo usua... • https://support.f5.com/csp/article/K55922302 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5235
https://notcve.org/view.php?id=CVE-2016-5235
01 Jul 2019 — A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe Dashboard 3.9.x and earlier, aka F5 WebSafe Alert Server, allows an unauthenticated user to inject HTML via a crafted alert. Una vulnerabilidad Cross-Site Scripting (XSS) en las versiones de F5 WebSafe Dashboard 3.9.x y anteriores, también conocido como F5 WebSafe Alert Server, permite a un usuario no autenticado inyectar HTML mediante una alerta manipulada. • https://support.f5.com/csp/article/K48572812 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13067
https://notcve.org/view.php?id=CVE-2019-13067
29 Jun 2019 — njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place. njs hasta versión 0.3.3, usado en NGINX, presenta una lectura excesiva del búfer en la función nxt_utf8_decode en el archivo nxt/nxt_utf8.c. Este problema ocurre después de que la corrección para el CVE-2019-12207 está en su lugar. • https://github.com/nginx/njs/issues/183 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2019-13050 – GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS
https://notcve.org/view.php?id=CVE-2019-13050
29 Jun 2019 — Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack. La interacción entre el código sks-keyserver hasta versión 1.2.0 de la red SKS keyserver, y GnuPG hasta la versión 2.2.16, hace arriesgado tener una línea de configuración... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html • CWE-295: Improper Certificate Validation CWE-297: Improper Validation of Certificate with Host Mismatch •