Lucene search
+L

184 matches found

f5
f5
added 2023/02/21 6:35 p.m.62 views

K11165942: Linux kernel vulnerability CVE-2018-18710

Security Advisory Description An issue was discovered in the Linux kernel through 4.19. An information leak in cdromioctlselectdisc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is...

5.5CVSS6.2AI score0.00501EPSS
Exploits0
f5
f5
added 2023/02/21 6:35 p.m.39 views

K46401178: BIG-IP Configuration utility vulnerability CVE-2019-6599

Security Advisory Description Improper escaping of values in an undisclosed page of the BIG-IP Configuration utility may result in an improper handling on the JSON response when it is injected by a malicious script through a remote cross-site scripting XSS attack. CVE-2019-6599 Impact BIG-IP and...

6.1CVSS6.2AI score0.0081EPSS
Exploits0
f5
f5
added 2023/02/21 6:35 p.m.51 views

K01713115: BIND vulnerability CVE-2019-6465

Security Advisory Description Controls for zone transfers may not be properly applied to Dynamically Loadable Zones DLZs if the zones are writable Versions affected: BIND 9.9.0 - 9.10.8-P1, 9.11.0 - 9.11.5-P2, 9.12.0 - 9.12.3-P2, and versions 9.9.3-S1 - 9.11.5-S3 of BIND 9 Supported Preview...

5.3CVSS6.5AI score0.037EPSS
Exploits0
f5
f5
added 2023/02/21 6:34 p.m.49 views

K74009656: BIND vulnerability CVE-2018-5743

Security Advisory Description By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was...

7.5CVSS8AI score0.06404EPSS
Exploits0
f5
f5
added 2023/02/21 6:34 p.m.35 views

K55101404: TMM vulnerability CVE-2019-6590

Security Advisory Description Under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic. CVE-2019-6590 Impact BIG-IP This vulnerability may result as a denial-of-service DOS attack on the affected BIG-IP system when the system consumes...

7.1CVSS6AI score0.01473EPSS
Exploits0
f5
f5
added 2023/02/21 6:33 p.m.167 views

K30444545: libxslt vulnerability CVE-2019-11068

Security Advisory Description libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded...

9.8CVSS7.6AI score0.05089EPSS
Exploits0Affected Software14
f5
f5
added 2023/02/21 6:30 p.m.38 views

K16882: OpenLDAP vulnerability CVE-2013-4449

Security Advisory Description Description The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service slapd crash by unbinding immediately after a search request, which triggers rwmconndestroy to free the...

4.3CVSS5.3AI score0.10913EPSS
Exploits1
f5
f5
added 2023/02/21 6:26 p.m.73 views

K73705133: Bash vulnerability CVE-2016-7543

Security Advisory Description Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. CVE-2016-7543 Impact BIG-IP, F5 iWorkflow, BIG-IQ, and Enterprise Manager Impact is minimal for BIG-IP, iWorkflow, BIG-IQ, and...

8.4CVSS7.3AI score0.00576EPSS
Exploits0Affected Software23
f5
f5
added 2023/02/21 6:10 p.m.35 views

K16318: OpenSSL vulnerability CVE-2015-0287

Security Advisory Description The ASN1itemexd2i function in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service invalid wri...

5CVSS6.8AI score0.0837EPSS
Exploits0Affected Software1
f5
f5
added 2023/02/21 6:7 p.m.58 views

K27673650: Linux kernel vulnerability CVE-2018-17972

Security Advisory Description An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel...

5.5CVSS6.6AI score0.0035EPSS
Exploits0
f5
f5
added 2023/02/21 6:7 p.m.83 views

K35040315: glibc vulnerability CVE-2016-10739

Security Advisory Description In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a...

5.3CVSS6.3AI score0.00479EPSS
Exploits0
f5
f5
added 2023/02/08 7:2 p.m.37 views

K000132457: ImageMagick vulnerability CVE-2022-44268

Security Advisory Description ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image e.g., for resize, the resulting image could have embedded the content of an arbitrary. file if the magick binary has permissions to read it. CVE-2022-44268 Impact BIG-IP AAM, Edg...

6.5CVSS7.4AI score0.89855EPSS
Exploits28
f5
f5
added 2023/02/02 3:27 p.m.33 views

K64505405: NTP vulnerability CVE-2016-4956

Security Advisory Description ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service interleaved-mode transition and time change via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. CVE-2016-4956 Impact In...

5.3CVSS6.6AI score0.16351EPSS
Exploits0Affected Software22
f5
f5
added 2023/01/04 12:50 a.m.36 views

K19784568: TMM vulnerability CVE-2016-5023

Security Advisory Description Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 HF4 through HF10, 11.5.3 through 11.5.4, 11.6.0 HF5 through HF7, and 12.0.0, when configured with a TCP profile, allow remote attackers to cause a denial of service Traffic Management Microkernel...

7.5CVSS7.5AI score0.03046EPSS
Exploits0Affected Software14
f5
f5
added 2022/12/31 2:52 a.m.43 views

K48351130: Linux kernel vulnerability CVE-2019-16714

Security Advisory Description In the Linux kernel before 5.2.14, rds6incinfocopy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. CVE-2019-16714 Impact This vulnerability may allow attackers to obtain...

7.5CVSS7.5AI score0.02701EPSS
Exploits0Affected Software1
f5
f5
added 2022/12/31 2:0 a.m.50 views

K11186236: Linux kernel KVM subsystem vulnerability CVE-2019-6974

Security Advisory Description In the Linux kernel before 4.20.8, kvmioctlcreatedevice in virt/kvm/kvmmain.c mishandles reference counting because of a race condition, leading to a use-after-free. CVE-2019-6974 Impact BIG-IP An attacker may use this vulnerability to cause a vCMP guest to crash,...

8.1CVSS6.5AI score0.16523EPSS
Exploits2
cnvd
cnvd
added 2022/05/07 12:0 a.m.31 views

F5 Traffix SDC Cross-Site Scripting Vulnerability

The F5 Traffix Signaling Delivery Controller F5 Traffix SDC is a signaling delivery controller from F5, Inc. It is used to provide operators with total connectivity, unlimited scalability and total control. A cross-site scripting vulnerability exists in F5 Traffix SDC, which can be exploited by a...

4.8CVSS5AI score0.00451EPSS
Exploits0References1
ncsc
ncsc
added 2022/05/06 12:0 a.m.47 views

Vulnerabilities fixed in F5 products

Vulnerabilities have been fixed in products from F5, including BIG-IP and Traffix SDC. The vulnerabilities allow a malicious able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of...

9.8CVSS7.7AI score0.99956EPSS
Exploits63
nvd
nvd
added 2022/05/05 5:15 p.m.23 views

CVE-2022-27880

On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user...

4.8CVSS0.00451EPSS
Exploits0References1
osv
osv
added 2022/05/05 5:15 p.m.4 views

CVE-2022-27880

On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user...

4.8CVSS5.9AI score
Exploits0References1
Rows per page
Query Builder