Lucene search
K
F5Iworkflow

17 matches found

CVE
CVE
added 2019/07/25 11:43 p.m.915 views

CVE-2019-10744

CVE-2019-10744 affects lodash versions lower than 4.17.12 and enables Prototype Pollution via defaultsDeep, by injecting a constructor payload to modify Object.prototype. IBM X-Force lists a base3.1 score of 9.1 (CRITICAL) and confirms the prototype pollution impact. Remediation: upgrade lodash t...

9.1CVSS8.9AI score0.05006EPSS
CVE
CVE
added 2019/06/18 11:34 p.m.654 views

CVE-2019-11479

The CVE-2019-11479 family (SACK/MSS issues on the Linux kernel) stems from a hard-coded MSS of 48 bytes, enabling remote DoS via fragmented TCP handling. Public docs list CVE-2019-11477 (SACK Panic), CVE-2019-11478 (SACK Slowness/Excess Resource Usage), and CVE-2019-11479 (Low MSS) with kernel-wi...

7.5CVSS7.3AI score0.9166EPSS
CVE
CVE
added 2019/10/09 2:17 p.m.522 views

CVE-2018-5743

CVE-2018-5743 affects BIND in multiple releases (notably 9.9.0–9.14.0, including some 9.11/9.13 branches). The flaw allows the named process to exceed its configured limit on simultaneous TCP connections, risking exhaustion of file descriptors and potentially affecting associated log/zone file ma...

7.5CVSS7.7AI score0.06404EPSS
CVE
CVE
added 2018/09/25 9:0 p.m.462 views

CVE-2018-14634

CVE-2018-14634 is a Linux kernel integer overflow vulnerability in create_elf_tables(). An unprivileged local user with access to a SUID (or otherwise privileged) binary could escalate privileges. Documented vulnerable kernel families include 2.6.x, 3.10.x, and 4.14.x. Mitigations/recognitions ex...

7.8CVSS7.3AI score0.14806EPSS
In wild
CVE
CVE
added 2019/10/09 2:17 p.m.398 views

CVE-2019-6471

CVE-2019-6471 is a race-condition vulnerability in ISC BIND where discarding malformed packets can trigger a REQUIRE assertion failure in dispatch.c, causing named to exit and produce a DoS. Affected versions include BIND 9.11.0–9.11.7, 9.12.0–9.12.4-P1, 9.14.0–9.14.2, all 9.13 development releas...

5.9CVSS5.8AI score0.03271EPSS
CVE
CVE
added 2019/10/03 3:27 p.m.294 views

CVE-2018-14468

tcpdump before 4.9.3 contains a buffer over-read in the FRF.16 parser (print-fr.c:mfr_print()). Upgrading to tcpdump 4.9.3 (or later) is the remediation mentioned in the accompanying advisories for affected platforms.

7.5CVSS8.6AI score0.03985EPSS
CVE
CVE
added 2019/10/03 3:35 p.m.278 views

CVE-2018-14880

tcpdump has a confirmed vulnerability CVE-2018-14880 in the OSPFv3 parser: a buffer over-read in ospf6_print_lshdr() inside print-ospf6.c, affecting tcpdump before version 4.9.3. Connected advisories (e.g., AlmaLinux ALSA-2020:4760, Debian DSA-4547-1, DLA-1955-1) reference this CVE and span multi...

7.5CVSS8.6AI score0.05342EPSS
CVE
CVE
added 2019/07/01 8:21 p.m.153 views

CVE-2019-6642

CVE-2019-6642 affects F5 BIG-IP family (and related: BIG-IQ, iWorkflow, Enterprise Manager) with authenticated users able to upload files (e.g., via scp) and abuse the TMOS Shell (tmsh) to escalate to a root shell. The flaw arises from tmsh allowing execution of a secondary program via tools like...

9CVSS8.8AI score0.01821EPSS
CVE
CVE
added 2020/01/08 12:29 a.m.144 views

CVE-2014-5209

The CVE-2014-5209 issue affects NTP 4.2.7p25 private (mode 6/7) messages via GET_RESTRICT, enabling information disclosure of sensitive data. Impact is limited to partial confidentiality; no exploit details are provided in the sources. No patched version is listed in the initial docs; a practical...

5.3CVSS5.2AI score0.02471EPSS
CVE
CVE
added 2019/11/15 8:40 p.m.91 views

CVE-2019-6663

The CVE-2019-6663 entry covers BIG-IP, BIG-IQ, Enterprise Manager, and F5 iWorkflow configuration utility exposure to an Anti DNS Pinning (DNS Rebinding) attack. The root cause is insufficient verification of the Host field in HTTP requests, allowing an attacker controlling DNS to bind a maliciou...

5.5CVSS5.4AI score0.00649EPSS
CVE
CVE
added 2019/11/27 9:57 p.m.70 views

CVE-2019-6665

CVE-2019-6665 affects BIG-IP ASM (15.0.0–15.0.1, 14.1.0–14.1.2, 14.0.0–14.0.1, 13.1.0–13.1.3.1), BIG-IQ 5.2.0–5.4.0 and 6.x, Enterprise Manager 3.1.1, and F5 iWorkflow 2.3.0. An attacker able to access the device communications between the BIG-IP ASM Central Policy Builder and BIG-IQ/Enterprise M...

9.4CVSS9.1AI score0.0113EPSS
CVE
CVE
added 2018/10/31 2:0 p.m.69 views

CVE-2018-15322

The CVE-2018-15322 affects BIG-IP family with tmsh access where repeatedly saving edits via the tmsh edit cli preference command can exhaust /var partition storage, causing DoS. Affected: BIG-IP (versions 14.0.0–14.0.0.2, 13.0.0–13.1.0.7, 12.1.0–12.1.3.5, 11.6.0–11.6.3.2, 11.2.1–11.5.6); BIG-IQ C...

6.5CVSS6.5AI score0.01134EPSS
CVE
CVE
added 2020/02/06 3:40 p.m.68 views

CVE-2020-5854

The CVE-2020-5854 issue affects BIG-IP TMM when using the connector profile, causing a core on specific connection sequences and temporary traffic processing failure post-restart, with device group failover risk. According to the F5 K50046200 advisory, vulnerable versions are BIG-IP TMM 11.6.0–11...

5.9CVSS5.7AI score0.00808EPSS
CVE
CVE
added 2019/09/25 5:39 p.m.67 views

CVE-2019-6651

CVE-2019-6651 affects F5 BIG-IP family and related products (BIG-IQ, iWorkflow, Enterprise Manager) via the REST framework in the Configuration utility login page. The vulnerability arises from processing a modified request, leading to inconsistent HTTP responses that could aid an attacker. Affec...

5.3CVSS5.3AI score0.01102EPSS
CVE
CVE
added 2018/10/31 2:0 p.m.66 views

CVE-2018-15321

CVE-2018-15321 affects BIG-IP products when Appliance mode is licensed and Admin/Resource Administrator roles have or are granted TMSH access. The issue allows high-privilege attackers to bypass Appliance mode restrictions and overwrite critical system files via TMSH, bypassing security controls....

5.5CVSS5.1AI score0.00896EPSS
CVE
CVE
added 2019/12/23 6:3 p.m.64 views

CVE-2019-19151

CVE-2019-19151 affects F5 BIG-IP family (TMOS) and related tools: authenticated TMOS Shell users can access file-system objects disallowed by tmsh. Affected: BIG-IP releases 11.5.2–11.6.5.1, 12.1.0–12.1.5, 13.1.0–13.1.3.2, 14.0.0–14.1.2.3, 15.0.0–15.1.0; BIG-IQ 5.x–7.x; iWorkflow 2.3.0; Enterpris...

5.5CVSS5.3AI score0.003EPSS
CVE
CVE
added 2018/12/12 2:0 p.m.54 views

CVE-2018-15328

CVE-2018-15328 affects BIG-IP family, BIG-IQ, iWorkflow, and Enterprise Manager where SNMPv3 passphrases and trap destinations are not encrypted by the Secure Vault and are written in clear text to configuration files. Affected: BIG-IP components across 14.x (fix: 14.1.0), 13.x (13.0.0–13.1.1; “w...

7.5CVSS7.6AI score0.02306EPSS