Lucene search
K

9185 matches found

Ubuntu
Ubuntu
added 2023/02/23 4:9 p.m.74 views

USN-5884-1: Linux kernel (AWS) vulnerabilities

Kirill Tkhai discovered that the XFS file system implementation in the Linux kernel did not calculate size correctly when pre-allocating space in some situations. A local attacker could use this to expose sensitive information. CVE-2021-4155 Lee Jones discovered that a use-after-free vulnerabilit...

7.8CVSS6.9AI score0.02399EPSS
Exploits3
Cvelist
Cvelist
added 2023/02/23 12:0 a.m.24 views

CVE-2023-20012 Cisco Nexus 9300-FX3 Series Fabric Extender for UCS Fabric Interconnects Authentication Bypass Vulnerability

A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender FEX when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementati...

5.3CVSS6AI score0.00295EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/02/22 12:0 a.m.39 views

Rocky Linux 8 : kernel-rt (RLSA-2023:0854)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0854 advisory. - mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. CVE-2022-41222 ...

7.5CVSS7AI score0.21314EPSS
Exploits1References7
F5 Networks
F5 Networks
added 2023/02/21 8:2 p.m.58 views

K30714460: OpenSSL vulnerability CVE-2015-3193

Security Advisory Description The Montgomery squaring implementation in crypto/bn/asm/x8664-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x8664 platform, as used by the BNmodexp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to...

7.5CVSS7.3AI score0.25137EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 8:2 p.m.30 views

K11274054: GNU C Library vulnerability CVE-2018-6551

Security Advisory Description The malloc implementation in the GNU C Library aka glibc or libc6, from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZEMAX and could return a pointer to a heap region that is smaller...

9.8CVSS9.2AI score0.02231EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:55 p.m.23 views

K41192923: Intel CPU vulnerability CVE-2018-3616

Security Advisory Description Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network. CVE-2018-3616 Impact There is no impact; F5 products...

5.9CVSS6.3AI score0.02388EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:5 p.m.39 views

K17248: OpenSSL vulnerability CVE-2010-0742

Security Advisory Description The Cryptographic Message Syntax CMS implementation in crypto/cms/cmsasn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or...

7.5CVSS8.3AI score0.07834EPSS
Exploits2Affected Software9
F5 Networks
F5 Networks
added 2023/02/21 7:5 p.m.36 views

K13598: OpenSSL vulnerability CVE-2012-0884

Security Advisory Description The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data using a Million Message Attack M...

8.4AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:55 p.m.71 views

K18657134: Linux kernel vulnerability CVE-2018-16871

Security Advisory Description A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic t...

7.5CVSS7.2AI score0.02779EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.52 views

K08413011: Linux kernel vulnerability CVE-2019-7221

Security Advisory Description The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. CVE-2019-7221 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases...

7.8CVSS7.2AI score0.00805EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.36 views

K62695363: OpenSSL vulnerability CVE-2018-0733

Security Advisory Description Because of an implementation bug the PA-RISC CRYPTOmemcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than th...

5.9CVSS6.3AI score0.08606EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.33 views

K13255123: glibc vulnerability CVE-2017-18269

Security Advisory Description An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library aka glibc or libc6 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of t...

9.8CVSS7.7AI score0.04831EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:52 p.m.71 views

K59313410: OpenSSL vulnerability CVE-2022-2274

Security Advisory Description The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X8664 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during...

10CVSS8.3AI score0.44881EPSS
Exploits3
F5 Networks
F5 Networks
added 2023/02/21 6:52 p.m.82 views

K16470: Linux kernel vulnerability CVE-2002-0510

Security Advisory Description The UDP implementation in Linux 2.4.x kernels keeps the IP Identification field at 0 for all non-fragmented packets, which could allow remote attackers to determine that a target system is running Linux. CVE-2002-0510 Impact There is no impact; F5 products are not...

5CVSS8.9AI score0.02483EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:50 p.m.30 views

K15388: OpenSSL vulnerability CVE-2011-4108

Security Advisory Description The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. CVE-2011-4108 Impact BIG-IP hosts may be...

4.3CVSS7.7AI score0.15757EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
added 2023/02/21 6:49 p.m.44 views

K93000310: Apache Tomcat vulnerability CVE-2019-0199

Security Advisory Description The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for...

7.5CVSS6.5AI score0.72855EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:48 p.m.73 views

K17313: PHP vulnerability CVE-2014-4721

Security Advisory Description The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF variables, which might allow context-dependent attackers to obtain...

2.6CVSS8.8AI score0.05868EPSS
Exploits1Affected Software12
F5 Networks
F5 Networks
added 2023/02/21 6:45 p.m.33 views

K15565: OpenSSL vulnerability CVE-2014-3512

Security Advisory Description Multiple buffer overflows in crypto/srp/srplib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via an invalid SRP 1 g, 2 A, or 3 B parameter...

7.5CVSS7.9AI score0.7408EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.13 views

K11455641: NGINX LDAP Reference Implementation security exposure

Security Advisory Description NGINX LDAP reference implementation configuration can be modified by sending crafted HTTP requests. Note : nginx-ldap-auth is not an NGINX Product. It is published as a reference implementation of LDAP and describes the mechanics of how the integration works and all ...

6.9AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:27 p.m.34 views

K8331: OpenSSL FIPS Object Module 1.1 vulnerability - CVE-2007-5502

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.4CVSS6.4AI score0.02312EPSS
Exploits0
Rows per page
Query Builder