Shodan
Vulnerabilities
Vulnerable Software
F5:  >> Big-Ip Global Traffic Manager  >> 14.1.2.1.0.14.4  Security Vulnerabilities
CVE-2019-10744
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
CVSS Score
9.1
EPSS Score
0.034
Published
2019-07-26
CVE-2019-12295
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.
CVSS Score
7.5
EPSS Score
0.012
Published
2019-05-23
CVE-2019-8331
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CVSS Score
6.1
EPSS Score
0.023
Published
2019-02-20
CVE-2018-5391
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
CVSS Score
7.5
EPSS Score
0.017
Published
2018-09-06
CVE-2018-13405
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-07-06
CVE-2012-1493
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.
CVSS Score
7.8
EPSS Score
0.844
Published
2012-07-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved