CVE-2018-14468
- EPSS 3.99%
- Veröffentlicht 03.10.2019 16:15:11
- Zuletzt bearbeitet 03.12.2025 21:15:49
The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
CVE-2019-6651
- EPSS 1.1%
- Veröffentlicht 25.09.2019 18:15:13
- Zuletzt bearbeitet 21.11.2024 04:46:53
In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best securi...
CVE-2019-6652
- EPSS 0.59%
- Veröffentlicht 25.09.2019 18:15:13
- Zuletzt bearbeitet 21.11.2024 04:46:53
In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any form of Transport Layer Security (TLS).
CVE-2019-6653
- EPSS 0.63%
- Veröffentlicht 25.09.2019 18:15:13
- Zuletzt bearbeitet 21.11.2024 04:46:53
There is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0 or 5.2.0-5.4.0 system. The attack can be stored by users granted the Device Manager and Administrator roles.
CVE-2019-10744
- EPSS 5.01%
- Veröffentlicht 26.07.2019 00:15:11
- Zuletzt bearbeitet 21.11.2024 04:19:50
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
CVE-2019-6621
- EPSS 1.97%
- Veröffentlicht 02.07.2019 21:15:11
- Zuletzt bearbeitet 21.11.2024 04:46:49
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ 7.0.0-7.1.0.2, 6.0.0-6.1.0, and 5.1.0-5.4.0, an undisclosed iControl REST worker is vulnerable to command injection by an admi...
CVE-2019-6620
- EPSS 1.84%
- Veröffentlicht 02.07.2019 21:15:11
- Zuletzt bearbeitet 21.11.2024 04:46:49
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4 and BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, an undisclosed iControl REST worker vulnerable to command injection for an Administrator user.
- EPSS 1.82%
- Veröffentlicht 01.07.2019 21:15:11
- Zuletzt bearbeitet 21.11.2024 04:46:52
In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can...
CVE-2019-11479
- EPSS 91.66%
- Veröffentlicht 19.06.2019 00:15:12
- Zuletzt bearbeitet 21.11.2024 04:21:09
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial ...
CVE-2019-1559
- EPSS 17.14%
- Veröffentlicht 27.02.2019 23:29:00
- Zuletzt bearbeitet 21.11.2024 04:36:48
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid...