CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11838
https://notcve.org/view.php?id=CVE-2019-11838
09 May 2019 — njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling. njs hasta la versión 0.3.1, usado en NGINX, tiene un desbordamiento de búfer basado en memoria dinámica (heap) en Array.prototype.splice después de un cambio de tamaño, relacionado con njs_array_prototype_splice en njs/njs_array.c, debido al mal manejo del tamaño de njs_array_expand. • https://github.com/nginx/njs/issues/153 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11837
https://notcve.org/view.php?id=CVE-2019-11837
09 May 2019 — njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c. njs hasta la versión 0.3.1, usado en NGINX, tiene un fallo de segmentación en String.prototype.toBytes para argumentos negativos, relacionado con nxt_utf8_next en nxt/nxt_utf8.h y njs_string_offset en njs/njs_string.c. • https://github.com/nginx/njs/issues/155 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 1CVE-2019-5021
https://notcve.org/view.php?id=CVE-2019-5021
08 May 2019 — Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user. Algunas versiones de las imágenes de Officia... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00004.html • CWE-258: Empty Password in Configuration File •
CVSS: 9.3EPSS: 0%CPEs: 22EXPL: 0CVE-2018-20836 – kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free
https://notcve.org/view.php?id=CVE-2018-20836
07 May 2019 — An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. Fue descubierto un fallo en el kernel de Linux anterior a 4.20. Hay una condición de carrera en smp_task_timedout() y smp_task_done() en drivers/scsi/libsas/sas_expander.c, permitiendo el uso después de liberación de memoria. A flaw was found in the Linux kernel’s implementation of the SAS expander subsystem, where a... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2019-6619
https://notcve.org/view.php?id=CVE-2019-6619
03 May 2019 — On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel (TMM) may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation (ALPN) enabled and it processes traffic where the ALPN extension size is zero. En BIG-IP versiones desde 14.0.0.0 hasta la 14.1.0.1.1.4, desde la 13.0.0 hasta la 13.1.1.1.4, y desde la 12.1.0 hasta la 12.1.4, el Traffic Management Microkernel (TMM) puede reiniciarse cuando un servidor virtual tiene un perfi... • http://www.securityfocus.com/bid/108190 •
CVSS: 4.9EPSS: 0%CPEs: 65EXPL: 0CVE-2019-6618
https://notcve.org/view.php?id=CVE-2019-6618
03 May 2019 — On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, users with the Resource Administrator role can modify sensitive portions of the filesystem if provided Advanced Shell Access, such as editing /etc/passwd. This allows modifications to user objects and is contrary to our definition for the Resource Administrator (RA) role restrictions. En BIG-IP versiones desde la 14.0.0.0 hasta la 14.1.0.1, desde la 13.0.0 hasta la 13.1.1.1.4, desde la 12.1.0 hasta la 12.1.4, desd... • https://support.f5.com/csp/article/K07702240 •
CVSS: 6.5EPSS: 0%CPEs: 65EXPL: 0CVE-2019-6617
https://notcve.org/view.php?id=CVE-2019-6617
03 May 2019 — On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. This is contrary to our definition for the Resource Administrator (RA) role restrictions. En BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, y 11.5.2-11.5.8, un usuario con el rol de " Resource Administrator" ... • http://www.securityfocus.com/bid/108186 • CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 65EXPL: 0CVE-2019-6616
https://notcve.org/view.php?id=CVE-2019-6616
03 May 2019 — On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance mode. En BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, y 11.5.2-11.5.8, usuarios administrativos con acceso TMSH pueden sobrescribir archivos críticos del sistema BIG-IP, esto puede resultar en omisión de las restriccio... • http://www.securityfocus.com/bid/108298 •
CVSS: 6.5EPSS: 0%CPEs: 39EXPL: 0CVE-2019-6614
https://notcve.org/view.php?id=CVE-2019-6614
03 May 2019 — On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite arbitrary system files. En BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, y 12.1.0-12.1.4, métodos internos empleados para evitar la sobrescritura arbitraria en el "Appliance Mode" no fueron completamente efectivos. Un at... • http://www.securityfocus.com/bid/108297 •
CVSS: 4.9EPSS: 0%CPEs: 65EXPL: 0CVE-2019-6615
https://notcve.org/view.php?id=CVE-2019-6615
03 May 2019 — On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems. En BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, y 11.5.2-11.5.8, los roles de Administrador y "Resource Administrator" podrían explotar el acceso TMSH saltandose las restricciones del "Appliance Mode" en sistemas BIG-IP. • http://www.securityfocus.com/bid/108189 •