CVSS: 6.8EPSS: 0%CPEs: 65EXPL: 0CVE-2019-6604
https://notcve.org/view.php?id=CVE-2019-6604
28 Mar 2019 — On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, hardware systems with a High-Speed Bridge and using non-default Layer 2 forwarding configurations may experience a lockup of the High-Speed Bridge. En BIG-IP, en versiones 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1 y 14.0.0-14.0.0.2, en determinadas circunstancias, los sistemas de hardware con un puente de velocidad alta que utilizan configuraciones de reenvío de la ca... • https://support.f5.com/csp/article/K26455071 •
CVSS: 7.5EPSS: 0%CPEs: 39EXPL: 0CVE-2019-6605
https://notcve.org/view.php?id=CVE-2019-6605
28 Mar 2019 — On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a denial of service. En BIG-IP, en versiones 11.5.1-11.5.8, 11.6.1-11.6.3 y 12.0.x, una secuencia no revelada de paquetes recibidos desde un servidor SSL virtual que son procesados por un SSL cliente asociado o perfil SSL del servidor podría conducir a una denegación de servicio (DoS). • http://www.securityfocus.com/bid/107629 •
CVSS: 7.5EPSS: 0%CPEs: 52EXPL: 0CVE-2019-6603
https://notcve.org/view.php?id=CVE-2019-6603
28 Mar 2019 — In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs. En BP, en versiones 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3 y 13.0.0-13.0.1, los paquetes TCP mal formados enviados a una dirección IP propia o a un servidor virtual FastL4 podrían provocar una interrupción en... • http://www.securityfocus.com/bid/107625 •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2019-6602
https://notcve.org/view.php?id=CVE-2019-6602
28 Mar 2019 — In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request. En BIG-IP, en sus versiones 11.5.1-11.5.8 y 11.6.1-11.6.3, la página de inicio de sesión "Configuration Utility" podría no cumplir con las mejores prácticas al gestionar una petición manipulada. • http://www.securityfocus.com/bid/107626 • CWE-203: Observable Discrepancy •
CVSS: 4.3EPSS: 0%CPEs: 66EXPL: 0CVE-2019-6598
https://notcve.org/view.php?id=CVE-2019-6598
13 Mar 2019 — In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack requires an authenticated user with any role (other than the No Access role). The No Access user role cannot login and does not have the access level to perform the attack. En BIG-IP, 14.0.0-14.0.0.2, 13.0.0-13.1.... • https://support.f5.com/csp/article/K44603900 •
CVSS: 6.1EPSS: 0%CPEs: 65EXPL: 0CVE-2019-6600
https://notcve.org/view.php?id=CVE-2019-6600
13 Mar 2019 — In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the login page. This can lead to a cross-site scripting attack against unauthenticated clients. En BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, o 11.5.1-11.5.8, cuando la autenticación remota está habilitada para usu... • http://www.securityfocus.com/bid/107470 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 53EXPL: 0CVE-2019-6597
https://notcve.org/view.php?id=CVE-2019-6597
13 Mar 2019 — In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. En BIG-IP, 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, o 11.5.1-11.5.8 o Enterprise Manager 3.1.1, cuando los usuarios administrativos autenticados ejecutan comandos en el TMUI (Traffic Ma... • https://support.f5.com/csp/article/K29280193 •
CVSS: 5.9EPSS: 0%CPEs: 91EXPL: 0CVE-2019-6594
https://notcve.org/view.php?id=CVE-2019-6594
26 Feb 2019 — On BIG-IP 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, and 14.0.0-14.0.0.2, Multi-Path TCP (MPTCP) does not protect against multiple zero length DATA_FINs in the reassembly queue, which can lead to an infinite loop in some circumstances. BIG-IP, en sus versiones 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1 y 14.0.0-14.0.0.2, Multi-Path TCP (MPTCP), no protege contra manera correcta contra múltiples DATA_FIN de longitud cero en la cola de reensamblado, lo que podría conducir a un bucle... • https://support.f5.com/csp/article/K91026261 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.9EPSS: 0%CPEs: 39EXPL: 0CVE-2019-6593
https://notcve.org/view.php?id=CVE-2019-6593
26 Feb 2019 — On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle (MITM) attack, despite the attacker not having gained access to the server's private key itself. (CVE-2019-6593 also known as Zombie POODLE and GOLDENDOODLE.) En BIG-IP 11.5.1-11.5.4, 11.6.1 y 12.1.0, un servidor virtual que está configurad... • https://support.f5.com/csp/article/K10065173 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 52EXPL: 0CVE-2018-15333
https://notcve.org/view.php?id=CVE-2018-15333
28 Dec 2018 — On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user with any role, including Guest Role, to have access and download previously generated and available snapshot files on the BIG-IP configuration utility such as QKView and TCPDumps. En versiones 11.2.1. y posteriores, el acceso a los archivos de instantánea sin restricciones permite que un usuario del sistema BIG-IP con cualquier rol, incluyendo Guest, tenga acceso y descargue archivos de captura previamente generad... • http://www.securityfocus.com/bid/106380 • CWE-434: Unrestricted Upload of File with Dangerous Type •