Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2019
CVE-2019-15923
An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-09-04
CVE-2019-15924
An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-09-04
CVE-2019-15917
An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.
CVSS Score
7.0
EPSS Score
0.001
Published
2019-09-04
CVE-2019-6643
On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured with a DHCPv6 profile may be able to cause the TMM process to produce a core file.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-09-04
CVE-2019-6646
On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-09-04
CVE-2019-6644
Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.
CVSS Score
9.4
EPSS Score
0.008
Published
2019-09-04
CVE-2019-6647
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when processing authentication attempts for control-plane users MCPD leaks a small amount of memory. Under rare conditions attackers with access to the management interface could eventually deplete memory on the system.
CVSS Score
5.3
EPSS Score
0.005
Published
2019-09-04
CVE-2019-6648
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.
CVSS Score
4.4
EPSS Score
0.001
Published
2019-09-04
CVE-2019-13975
eGain Chat 15.0.3 allows HTML Injection.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-04
CVE-2019-13976
eGain Chat 15.0.3 allows unrestricted file upload.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-09-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved