Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2019
CVE-2019-6671
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, under certain conditions tmm may leak memory when processing packet fragments, leading to resource starvation.
CVSS Score
7.5
EPSS Score
0.009
Published
2019-11-27
CVE-2019-6672
On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded.
CVSS Score
7.5
EPSS Score
0.009
Published
2019-11-27
CVE-2019-6673
On versions 15.0.0-15.0.1 and 14.0.0-14.1.2, when the BIG-IP is configured in HTTP/2 Full Proxy mode, specifically crafted requests may cause a disruption of service provided by the Traffic Management Microkernel (TMM).
CVSS Score
7.5
EPSS Score
0.009
Published
2019-11-27
CVE-2011-2515
PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-11-27
CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
CVSS Score
9.8
EPSS Score
0.942
Published
2019-11-27
CVE-2011-2717
The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-11-27
CVE-2019-15705
An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-11-27
CVE-2019-6674
On F5 SSL Orchestrator 15.0.0-15.0.1 and 14.0.0-14.1.2, TMM may crash when processing SSLO data in a service-chaining configuration.
CVSS Score
7.5
EPSS Score
0.009
Published
2019-11-27
CVE-2019-19366
A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-11-27
CVE-2019-19367
A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-11-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved