VARIoT IoT vulnerabilities database
| VAR-201912-1052 | CVE-2019-19967 | Connect Box EuroDOCSIS Vulnerability in the transmission of important information in clear text on devices |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI. Connect Box EuroDOCSIS The device contains a vulnerability in transmitting sensitive information in the clear.Information may be obtained. The vulnerability stems from the fact that the password in the POST request received by the program on port 80 is in plain text
| VAR-201912-1044 | CVE-2019-19956 | Red Hat Security Advisory 2021-2021-01 |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. Summary:
Openshift Serverless 1.10.2 is now available. Solution:
See the documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/
4.5/html/serverless_applications/index
4. Bugs fixed (https://bugzilla.redhat.com/):
1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve
1918761 - CVE-2021-3115 golang: cmd/go: packages using cgo can cause arbitrary code execution at build time
5. Red Hat
OpenShift Container Storage is a highly scalable, production-grade
persistent storage for stateful applications running in the Red Hat
OpenShift Container Platform. In addition to persistent storage, Red Hat
OpenShift Container Storage provisions a multicloud data management service
with an S3 compatible API. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1806266 - Require an extension to the cephfs subvolume commands, that can return metadata regarding a subvolume
1813506 - Dockerfile not compatible with docker and buildah
1817438 - OSDs not distributed uniformly across OCS nodes on a 9-node AWS IPI setup
1817850 - [BAREMETAL] rook-ceph-operator does not reconcile when osd deployment is deleted when performed node replacement
1827157 - OSD hitting default CPU limit on AWS i3en.2xlarge instances limiting performance
1829055 - [RFE] add insecureEdgeTerminationPolicy: Redirect to noobaa mgmt route (http to https)
1833153 - add a variable for sleep time of rook operator between checks of downed OSD+Node.
1836299 - NooBaa Operator deploys with HPA that fires maxreplicas alerts by default
1842254 - [NooBaa] Compression stats do not add up when compression id disabled
1845976 - OCS 4.5 Independent mode: must-gather commands fails to collect ceph command outputs from external cluster
1849771 - [RFE] Account created by OBC should have same permissions as bucket owner
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1854500 - [tracker-rhcs bug 1838931] mgr/volumes: add command to return metadata of a subvolume snapshot
1854501 - [Tracker-rhcs bug 1848494 ]pybind/mgr/volumes: Add the ability to keep snapshots of subvolumes independent of the source subvolume
1854503 - [tracker-rhcs-bug 1848503] cephfs: Provide alternatives to increase the total cephfs subvolume snapshot counts to greater than the current 400 across a Cephfs volume
1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS
1858195 - [GSS] registry pod stuck in ContainerCreating due to pvc from cephfs storage class fail to mount
1859183 - PV expansion is failing in retry loop in pre-existing PV after upgrade to OCS 4.5 (i.e. if the PV spec does not contain expansion params)
1859229 - Rook should delete extra MON PVCs in case first reconcile takes too long and rook skips "b" and "c" (spawned from Bug 1840084#c14)
1859478 - OCS 4.6 : Upon deployment, CSI Pods in CLBO with error - flag provided but not defined: -metadatastorage
1860022 - OCS 4.6 Deployment: LBP CSV and pod should not be deployed since ob/obc CRDs are owned from OCS 4.5 onwards
1860034 - OCS 4.6 Deployment in ocs-ci : Toolbox pod in ContainerCreationError due to key admin-secret not found
1860670 - OCS 4.5 Uninstall External: Openshift-storage namespace in Terminating state as CephObjectStoreUser had finalizers remaining
1860848 - Add validation for rgw-pool-prefix in the ceph-external-cluster-details-exporter script
1861780 - [Tracker BZ1866386][IBM s390x] Mount Failed for CEPH while running couple of OCS test cases.
1865938 - CSIDrivers missing in OCS 4.6
1867024 - [ocs-operator] operator v4.6.0-519.ci is in Installing state
1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs
1868060 - [External Cluster] Noobaa-default-backingstore PV in released state upon OCS 4.5 uninstall (Secret not found)
1868703 - [rbd] After volume expansion, the new size is not reflected on the pod
1869411 - capture full crash information from ceph
1870061 - [RHEL][IBM] OCS un-install should make the devices raw
1870338 - OCS 4.6 must-gather : ocs-must-gather-xxx-helper pod in ContainerCreationError (couldn't find key admin-secret)
1870631 - OCS 4.6 Deployment : RGW pods went into 'CrashLoopBackOff' state on Z Platform
1872119 - Updates don't work on StorageClass which will keep PV expansion disabled for upgraded cluster
1872696 - [ROKS][RFE]NooBaa Configure IBM COS as default backing store
1873864 - Noobaa: On an baremetal RHCOS cluster, some backingstores are stuck in PROGRESSING state with INVALID_ENDPOINT TemporaryError
1874606 - CVE-2020-7720 nodejs-node-forge: prototype pollution via the util.setPath function
1875476 - Change noobaa logo in the noobaa UI
1877339 - Incorrect use of logr
1877371 - NooBaa UI warning message on Deploy Kubernetes Pool process - typo and shown number is incorrect
1878153 - OCS 4.6 must-gather: collect node information under cluster_scoped_resources/oc_output directory
1878714 - [FIPS enabled] BadDigest error on file upload to noobaa bucket
1878853 - [External Mode] ceph-external-cluster-details-exporter.py does not tolerate TLS enabled RGW
1879008 - ocs-osd-removal job fails because it can't find admin-secret in rook-ceph-mon secret
1879072 - Deployment with encryption at rest is failing to bring up OSD pods
1879919 - [External] Upgrade mechanism from OCS 4.5 to OCS 4.6 needs to be fixed
1880255 - Collect rbd info and subvolume info and snapshot info command output
1881028 - CVE-2020-8237 nodejs-json-bigint: Prototype pollution via `__proto__` assignment could result in DoS
1881071 - [External] Upgrade mechanism from OCS 4.5 to OCS 4.6 needs to be fixed
1882397 - MCG decompression problem with snappy on s390x arch
1883253 - CSV doesn't contain values required for UI to enable minimal deployment and cluster encryption
1883398 - Update csi sidecar containers in rook
1883767 - Using placement strategies in cluster-service.yaml causes ocs-operator to crash
1883810 - [External mode] RGW metrics is not available after OCS upgrade from 4.5 to 4.6
1883927 - Deployment with encryption at rest is failing to bring up OSD pods
1885175 - Handle disappeared underlying device for encrypted OSD
1885428 - panic seen in rook-ceph during uninstall - "close of closed channel"
1885648 - [Tracker for https://bugzilla.redhat.com/show_bug.cgi?id=1885700] FSTYPE for localvolumeset devices shows up as ext2 after uninstall
1885971 - ocs-storagecluster-cephobjectstore doesn't report true state of RGW
1886308 - Default VolumeSnapshot Classes not created in External Mode
1886348 - osd removal job failed with status "Error"
1886551 - Clone creation failed after timeout of 5 hours of Azure platrom for 3 CephFS PVCs ( PVC sizes: 1, 25 and 100 GB)
1886709 - [External] RGW storageclass disappears after upgrade from OCS 4.5 to 4.6
1886859 - OCS 4.6: Uninstall stuck indefinitely if any Ceph pods are in Pending state before uninstall
1886873 - [OCS 4.6 External/Internal Uninstall] - Storage Cluster deletion stuck indefinitely, "failed to delete object store", remaining users: [noobaa-ceph-objectstore-user]
1888583 - [External] When deployment is attempted without specifying the monitoring-endpoint while generating JSON, the CSV is stuck in installing state
1888593 - [External] Add validation for monitoring-endpoint and port in the exporter script
1888614 - [External] Unreachable monitoring-endpoint used during deployment causes ocs-operator to crash
1889441 - Traceback error message while running OCS 4.6 must-gather
1889683 - [GSS] Noobaa Problem when setting public access to a bucket
1889866 - Post node power off/on, an unused MON PVC still stays back in the cluster
1890183 - [External] ocs-operator logs are filled with "failed to reconcile metrics exporter"
1890638 - must-gather helper pod should be deleted after collecting ceph crash info
1890971 - [External] RGW metrics are not available if anything else except 9283 is provided as the monitoring-endpoint-port
1891856 - ocs-metrics-exporter pod should have tolerations for OCS taint
1892206 - [GSS] Ceph image/version mismatch
1892234 - clone #95 creation failed for CephFS PVC ( 10 GB PVC size) during multiple clones creation test
1893624 - Must Gather is not collecting the tar file from NooBaa diagnose
1893691 - OCS4.6 must_gather failes to complete in 600sec
1893714 - Bad response for upload an object with encryption
1895402 - Mon pods didn't get upgraded in 720 second timeout from OCS 4.5 upgrade to 4.6
1896298 - [RFE] Monitoring for Namespace buckets and resources
1896831 - Clone#452 for RBD PVC ( PVC size 1 GB) failed to be created for 600 secs
1898521 - [CephFS] Deleting cephfsplugin pod along with app pods will make PV remain in Released state after deleting the PVC
1902627 - must-gather should wait for debug pods to be in ready state
1904171 - RGW Service is unavailable for a short period during upgrade to OCS 4.6
5. Solution:
For information on upgrading Ansible Tower, reference the Ansible Tower
Upgrade and Migration Guide:
https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/
index.html
4. Bugs fixed (https://bugzilla.redhat.com/):
1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page
1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution
1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection
1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape
5.
The compliance-operator image updates are now available for OpenShift
Container Platform 4.6.
This advisory provides the following updates among others:
* Enhances profile parsing time.
* Fixes excessive resource consumption from the Operator.
* Fixes default content image.
* Fixes outdated remediation handling. Solution:
For OpenShift Container Platform 4.6 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel
ease-notes.html
Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.6/updating/updating-cluster
- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
1918990 - ComplianceSuite scans use quay content image for initContainer
1919135 - [OCP v46] The autoApplyRemediation pauses the machineConfigPool if there is outdated complianceRemediation object present
1919846 - After remediation applied, the compliancecheckresults still reports Failed status for some rules
1920999 - Compliance operator is not displayed when disconnected mode is selected in the OpenShift Web-Console.
Bug Fix(es):
* Aggregator pod tries to parse ConfigMaps without results (BZ#1899479)
* The compliancesuite object returns error with ocp4-cis tailored profile
(BZ#1902251)
* The compliancesuite does not trigger when there are multiple rhcos4
profiles added in scansettingbinding object (BZ#1902634)
* [OCP v46] Not all remediations get applied through machineConfig although
the status of all rules shows Applied in ComplianceRemediations object
(BZ#1907414)
* The profile parser pod deployment and associated profiles should get
removed after upgrade the compliance operator (BZ#1908991)
* Applying the "rhcos4-moderate" compliance profile leads to Ignition error
"something else exists at that path" (BZ#1909081)
* [OCP v46] Always update the default profilebundles on Compliance operator
startup (BZ#1909122)
3. Bugs fixed (https://bugzilla.redhat.com/):
1899479 - Aggregator pod tries to parse ConfigMaps without results
1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service
1902251 - The compliancesuite object returns error with ocp4-cis tailored profile
1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object
1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object
1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator
1909081 - Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path"
1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup
5. Description:
Red Hat OpenShift Do (odo) is a simple CLI tool for developers to create,
build, and deploy applications on OpenShift. The odo tool is completely
client-based and requires no server within the OpenShift cluster for
deployment. It detects changes to local code and deploys it to the cluster
automatically, giving instant feedback to validate changes in real-time. It
supports multiple programming languages and frameworks. Bugs fixed (https://bugzilla.redhat.com/):
1832983 - Release of 1.1.3 odo-init-image
5. This software, such as Apache HTTP Server, is
common to multiple JBoss middleware products, and is packaged under Red Hat
JBoss Core Services to allow for faster distribution of updates, and for a
more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages
that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack
Apache Server 2.4.37 Service Pack 2 and includes bug fixes and
enhancements. Solution:
Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.
The References section of this erratum contains a download link for the
update. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/):
1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare
1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade
1723723 - CVE-2018-20843 expat: large number of colons in input makes parser consume high amount of resources, leading to DoS
1752592 - CVE-2019-15903 expat: heap-based buffer over-read via crafted XML input
1788856 - CVE-2019-19956 libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash
1799734 - CVE-2019-20388 libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c
1799786 - CVE-2020-7595 libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations
1820772 - CVE-2020-1934 httpd: mod_proxy_ftp use of uninitialized value
1844929 - CVE-2020-11080 nghttp2: overly large SETTINGS frames can lead to DoS
5. JIRA issues fixed (https://issues.jboss.org/):
JBCS-941 - Upgrade mod_cluster native to 1.3.13
6. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: libxml2 security update
Advisory ID: RHSA-2020:4479-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4479
Issue date: 2020-11-03
CVE Names: CVE-2019-19956 CVE-2019-20388 CVE-2020-7595
====================================================================
1. Summary:
An update for libxml2 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
The libxml2 library is a development toolbox providing the implementation
of various XML standards.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.3 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The desktop must be restarted (log out, then log back in) for this update
to take effect.
5. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
aarch64:
libxml2-debuginfo-2.9.7-8.el8.aarch64.rpm
libxml2-debugsource-2.9.7-8.el8.aarch64.rpm
libxml2-devel-2.9.7-8.el8.aarch64.rpm
python3-libxml2-debuginfo-2.9.7-8.el8.aarch64.rpm
ppc64le:
libxml2-debuginfo-2.9.7-8.el8.ppc64le.rpm
libxml2-debugsource-2.9.7-8.el8.ppc64le.rpm
libxml2-devel-2.9.7-8.el8.ppc64le.rpm
python3-libxml2-debuginfo-2.9.7-8.el8.ppc64le.rpm
s390x:
libxml2-debuginfo-2.9.7-8.el8.s390x.rpm
libxml2-debugsource-2.9.7-8.el8.s390x.rpm
libxml2-devel-2.9.7-8.el8.s390x.rpm
python3-libxml2-debuginfo-2.9.7-8.el8.s390x.rpm
x86_64:
libxml2-debuginfo-2.9.7-8.el8.i686.rpm
libxml2-debuginfo-2.9.7-8.el8.x86_64.rpm
libxml2-debugsource-2.9.7-8.el8.i686.rpm
libxml2-debugsource-2.9.7-8.el8.x86_64.rpm
libxml2-devel-2.9.7-8.el8.i686.rpm
libxml2-devel-2.9.7-8.el8.x86_64.rpm
python3-libxml2-debuginfo-2.9.7-8.el8.i686.rpm
python3-libxml2-debuginfo-2.9.7-8.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
libxml2-2.9.7-8.el8.src.rpm
aarch64:
libxml2-2.9.7-8.el8.aarch64.rpm
libxml2-debuginfo-2.9.7-8.el8.aarch64.rpm
libxml2-debugsource-2.9.7-8.el8.aarch64.rpm
python3-libxml2-2.9.7-8.el8.aarch64.rpm
python3-libxml2-debuginfo-2.9.7-8.el8.aarch64.rpm
ppc64le:
libxml2-2.9.7-8.el8.ppc64le.rpm
libxml2-debuginfo-2.9.7-8.el8.ppc64le.rpm
libxml2-debugsource-2.9.7-8.el8.ppc64le.rpm
python3-libxml2-2.9.7-8.el8.ppc64le.rpm
python3-libxml2-debuginfo-2.9.7-8.el8.ppc64le.rpm
s390x:
libxml2-2.9.7-8.el8.s390x.rpm
libxml2-debuginfo-2.9.7-8.el8.s390x.rpm
libxml2-debugsource-2.9.7-8.el8.s390x.rpm
python3-libxml2-2.9.7-8.el8.s390x.rpm
python3-libxml2-debuginfo-2.9.7-8.el8.s390x.rpm
x86_64:
libxml2-2.9.7-8.el8.i686.rpm
libxml2-2.9.7-8.el8.x86_64.rpm
libxml2-debuginfo-2.9.7-8.el8.i686.rpm
libxml2-debuginfo-2.9.7-8.el8.x86_64.rpm
libxml2-debugsource-2.9.7-8.el8.i686.rpm
libxml2-debugsource-2.9.7-8.el8.x86_64.rpm
python3-libxml2-2.9.7-8.el8.x86_64.rpm
python3-libxml2-debuginfo-2.9.7-8.el8.i686.rpm
python3-libxml2-debuginfo-2.9.7-8.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-19956
https://access.redhat.com/security/cve/CVE-2019-20388
https://access.redhat.com/security/cve/CVE-2020-7595
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX6I21tzjgjWX9erEAQjPWQ/9HUwbjkw/cY8D3Rd6eR/cQbQjwrpJdOHJ
YIZQ3ZgphMhXXNMZmPfFTI2cwLkirN7uH73KtT3+LOsepnzhyhRghQgRUaLYFXgl
OMUCjzevES36P3bY9N2rk6xvfU4pnpeWb94t6sEiJuWdCDIs52UY41ODOnGVJorw
mxYe8rtP3FAAicPOG/OEWFiTZxH3inn2TbWixRHH1eG7ySvjbQfbfjA4e5zoY84K
EizU1IVu9rJfgnwfknKDote31LjHzvbw5SsCyAHlMz6f4Z7UhHefOlVAyB6XHFjF
rN5ADjtF1B5wjxtYSGmnfNxsrdtDyOC5T31EA2EC5qyQ6XBL9GUix8BPmK0fPXxI
BXXNYmwSXsIaeAwq6d5LbSBNI5ntU6tDyZ7lvDNkEgI4sRxIBZ84IVeDbLcgOwJv
OA/M0eg2o7uKiNF0DV4ZVHCVHeH5LoaBhrq/0B21FkM9JxRX8vEwhavkR9oVW331
yFlmYiZpOQkD6P0omCtwED4jmCg9hdRCfXCbUbYpmpWoK9Plp3hY/v2RfUEMROYV
R+o8hCb1wbiyIPLVvsuVppM/rUUfuQ6sd9FwwsbjgdeCrx+++wCX/NwlzIPwtT4F
Gnj1SaXE0/5Ilyb3Tqq1QYcLe7YfVk/0Iip9V+t4HPyWRVOFFYexqjXZCNt2L8JS
NiiH7H8gSOo\xba8C
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-202001-1854 | CVE-2019-17146 | D-Link DCS-960L Input validation vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L v1.07.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the SOAPAction request header, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8458. D-Link DCS-960L Contains an input validation vulnerability. Zero Day Initiative Does not address this vulnerability ZDI-CAN-8458 Was numbered.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. D-Link DCS-960L is a webcam product from Taiwan D-Link.
The HNAP service in D-Link DCS-960L has a security vulnerability
| VAR-201912-1531 | CVE-2019-19151 | plural F5 Networks Vulnerability related to privilege management in products |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed. plural F5 Networks The product contains a privilege management vulnerability.Information may be obtained. F5 BIG-IP and so on are all products of F5 Company in the United States. F5 BIG-IP is an application delivery platform that integrates functions such as network traffic management, application security management, and load balancing. F5 Enterprise Manager is a tool that provides visibility into the entire BIG-IP application delivery infrastructure and optimizes application performance. F5 BIG-IQ is a software-based cloud management solution. Security flaws exist in several F5 products
| VAR-201912-0096 | CVE-2019-6679 | BIG-IP Link interpretation vulnerability |
CVSS V2: 3.6 CVSS V3: 3.3 Severity: LOW |
On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. This allows authenticated users with SCP access to overwrite certain configuration files that would otherwise be restricted. BIG-IP Contains a link interpretation vulnerability.Information may be tampered with. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. The following products and versions are affected: F5 BIG-IP 15.0.0 to 15.0.1, 14.1.0.2 to 14.1.2.2, 14.0.0.5 to 14.0.1, 13.1.1.5 to 13.1.3.1 , 12.1.4.1 to 12.1.5, 11.6.4 to 11.6.5, 11.5.9 to 11.5.10
| VAR-201912-0097 | CVE-2019-6680 | BIG-IP Input validation vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5, while processing traffic through a standard virtual server that targets a FastL4 virtual server (VIP on VIP), hardware appliances may stop responding. BIG-IP Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. An attacker could exploit this vulnerability to cause the hardware device to stop responding. The following products and versions are affected: F5 BIG-IP from version 15.0.0 to version 15.0.1, version 14.1.0 to version 14.1.2, version 14.0.0 to version 14.0.1, version 13.1.0 to version 13.1.3.2 , 12.1.0 to 12.1.5, 11.5.2 to 11.6.5
| VAR-201912-0100 | CVE-2019-6683 | BIG-IP Vulnerable to resource exhaustion |
CVSS V2: 4.3 CVSS V3: 7.5 Severity: HIGH |
On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IP virtual servers with Loose Initiation enabled on a FastL4 profile may be subject to excessive flow usage under undisclosed conditions. BIG-IP Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. Security vulnerabilities exist in F5 BIG-IP versions 15.0.0 through 15.0.1, 14.1.0 through 14.1.2, and 14.0.0 through 14.0.1. An attacker can exploit this vulnerability to cause the TMM to restart, making it unable to process traffic
| VAR-201912-0101 | CVE-2019-6684 | BIG-IP Input validation vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, under certain conditions, a multi-bladed BIG-IP Virtual Clustered Multiprocessing (vCMP) may drop broadcast packets when they are rebroadcast to the vCMP guest secondary blades. An attacker can leverage the fragmented broadcast IP packets to perform any type of fragmentation-based attack. BIG-IP Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. The following products and versions are affected: F5 BIG-IP 15.0.0 to 15.0.1.1, 14.0.0 to 14.1.2.2, 13.1.0 to 13.1.3.1, 12.1.0 to 12.1.5 , version 11.5.2 to version 11.6.5.1
| VAR-201912-0102 | CVE-2019-6685 | BIG-IP Vulnerability in Permission Management |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution. BIG-IP Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
| VAR-201912-0105 | CVE-2019-6688 | BIG-IP and BIG-IQ Vulnerable to information disclosure |
CVSS V2: 4.0 CVSS V3: 4.3 Severity: MEDIUM |
On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5 and BIG-IQ versions 6.0.0-6.1.0 and 5.2.0-5.4.0, a user is able to obtain the secret that was being used to encrypt a BIG-IP UCS backup file while sending SNMP query to the BIG-IP or BIG-IQ system, however the user can not access to the UCS files. BIG-IP and BIG-IQ Contains an information disclosure vulnerability.Information may be obtained. Both F5 BIG-IP and F5 BIG-IQ Centralized Management are products of F5 Corporation in the United States. F5 BIG-IP is an application delivery platform that integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IQ Centralized Management is a software-based cloud management solution. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments. A security vulnerability exists in F5 BIG-IP and BIG-IQ Centralized Management. An attacker could exploit this vulnerability to obtain sensitive information. The following products and versions are affected: F5 BIG-IP 15.0.0 to 15.0.1, 14.1.0 to 14.1.2, 14.0.0 to 14.0.1, 13.1.0 to 13.1.3 , 12.1.0 to 12.1.5, 11.5.2 to 11.6.5; BIG-IQ Centralized Management 6.0.0 to 6.1.0, 5.2.0 to 5.4.0
| VAR-201912-0093 | CVE-2019-6676 | BIG-IP Virtual Edition Input validation vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
On versions 15.0.0-15.0.1, 14.0.0-14.1.2.2, and 13.1.0-13.1.3.1, TMM may restart on BIG-IP Virtual Edition (VE) when using virtio direct descriptors and packets 2 KB or larger. BIG-IP Virtual Edition (VE) Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. Security vulnerabilities exist in F5 BIG-IP versions 15.0.0 to 15.0.1, 14.0.0 to 14.1.2.2, and 13.1.0 to 13.1.3.1. Attackers can exploit this vulnerability to cause TMM to restart
| VAR-201912-0094 | CVE-2019-6677 | plural BIG-IP Vulnerability related to input validation in products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, under certain conditions when using custom TCP congestion control settings in a TCP profile, TMM stops processing traffic when processed by an iRule. plural BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. An attacker could exploit this vulnerability to cause the TMM to stop processing traffic. The following products and versions are affected: F5 BIG-IP 15.0.0 to 15.0.1, 14.1.0 to 14.1.2, 14.0.0 to 14.0.1, 13.1.0 to 13.1.3.1 , version 12.1.0 to version 12.1.5
| VAR-201912-0095 | CVE-2019-6678 | plural BIG-IP Vulnerability related to input validation in products |
CVSS V2: 4.3 CVSS V3: 5.3 Severity: MEDIUM |
On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, the TMM process may restart when the packet filter feature is enabled. plural BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. Attackers can exploit this vulnerability to cause TMM to restart, making it unable to process traffic temporarily. The following products and versions are affected: F5 BIG-IP 15.0.0 to 15.0.1, 14.1.0 to 14.1.2, 14.0.0 to 14.0.1, 13.1.0 to 13.1.3
| VAR-201912-0092 | CVE-2019-6147 | Forcepoint NGFW Security Management Center Vulnerable to incorrect type conversion |
CVSS V2: 4.3 CVSS V3: 5.9 Severity: MEDIUM |
Forcepoint NGFW Security Management Center (SMC) versions lower than 6.5.12 or 6.7.1 have a rare issue that in specific circumstances can corrupt the internal configuration database. When the database is corrupted, the SMC might produce an incorrect IPsec configuration for the Forcepoint Next Generation Firewall (NGFW), possibly resulting in settings that are weaker than expected. All SMC versions lower than 6.5.12 or 6.7.1 are vulnerable. Forcepoint NGFW Security Management Center (SMC) Contains an invalid type conversion vulnerability.Information may be altered
| VAR-201912-1556 | CVE-2019-19150 | BIG-IP APM Vulnerable to information disclosure from log files |
CVSS V2: 3.5 CVSS V3: 4.9 Severity: MEDIUM |
On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled. BIG-IP APM Contains a vulnerability related to information disclosure from log files.Information may be obtained. F5 BIG-IP APM is a set of access and security solutions from F5 Corporation of the United States. The product provides unified access to business-critical applications and networks. A security vulnerability exists in F5 BIG-IP APM versions 15.0.0 through 15.0.1, 14.1.0 through 14.1.2, and 14.0.0 through 14.0.1 due to the fact that authenticated administrators could access The client-session-id stored in the log file. An attacker could exploit this vulnerability to access client-session-id
| VAR-201912-0836 | CVE-2019-7489 | SonicWall Email Security Appliance vulnerabilities |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier. SonicWall Email Security The appliance contains an unspecified vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker could exploit this vulnerability with a specially crafted request to execute arbitrary code on the system
| VAR-201912-0835 | CVE-2019-7488 | SonicWall Email Security Appliance vulnerable to password requests |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier
| VAR-201912-0475 | CVE-2019-8463 | Check Point Endpoint Security Client Link interpretation vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations
| VAR-201912-0142 | CVE-2019-3431 | ZTE ZXCLOUD GoldenData VAP Vulnerability related to information leakage from cache in products |
CVSS V2: 5.0 CVSS V3: 9.8 Severity: CRITICAL |
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access. ZTE ZXCLOUD GoldenData VAP The product contains a vulnerability related to information disclosure from the cache.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZTE ZXCLOUD GoldenData VAP is a set of big data solutions of China ZTE Corporation (ZTE). An attacker could exploit this vulnerability to obtain sensitive information by sniffing the network
| VAR-201912-0141 | CVE-2019-3430 | ZTE ZXCLOUD GoldenData VAP Information disclosure vulnerability in products |
CVSS V2: 4.0 CVSS V3: 4.9 Severity: MEDIUM |
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability. Attackers could use this vulnerability to collect data information and damage the system. ZTE ZXCLOUD GoldenData VAP is a set of big data solutions of China ZTE Corporation (ZTE). This vulnerability stems from configuration errors in network systems or products during operation