Lucene search
K

6392 matches found

F5 Networks
F5 Networks
added 2023/02/21 7:53 p.m.106 views

K73926196: PHPMailer vulnerability CVE-2016-10045

Security Advisory Description The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in...

9.8CVSS8.4AI score0.98038EPSS
Exploits19Affected Software3
F5 Networks
F5 Networks
added 2023/02/21 7:45 p.m.106 views

K15273: Apache vulnerability CVE-2012-0053

Security Advisory Description protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long o...

4.3CVSS6.8AI score0.82756EPSS
Exploits4Affected Software13
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.106 views

K73217235: pppd vulnerability CVE-2020-8597

Security Advisory Description eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions. CVE-2020-8597 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...

9.8CVSS9.1AI score0.19582EPSS
Exploits3
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.106 views

K04831884: MySQL vulnerabilities CVE-2019-2800, CVE-2019-2801, CVE-2019-2802, CVE-2019-2803, and CVE-2019-2805

Security Advisory Description CVE-2019-2800 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

7.1CVSS5.7AI score0.0377EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:52 p.m.106 views

K15254040: Linux kernel vulnerability CVE-2018-1130

Security Advisory Description Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccpwritexmit function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. CVE-2018-1130 Impact There is no...

5.5CVSS6.2AI score0.00495EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.106 views

K01709026: PHP vulnerabilities CVE-2017-7890 and CVE-2017-9226

Security Advisory Description CVE-2017-7890 The GIF decoding function gdImageCreateFromGifCtx in gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized...

9.8CVSS7AI score0.07511EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:20 p.m.106 views

K56138200: PHP vulnerability CVE-2016-3078

Security Advisory Description Multiple integer overflows in phpzip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted call to 1 getFromIndex or 2...

9.8CVSS9.8AI score0.56132EPSS
Exploits5
F5 Networks
F5 Networks
added 2007/09/16 12:0 a.m.106 views

SOL7859 - Multiple PHP vulnerabilities

PHP has been cited with multiple vulnerabilities. For information about these vulnerabilities, refer to the National Vulnerabilities Database. Information about these advisories is available at the following locations: CVE-2007-1846 SQL injection vulnerability in index.php in the MyAds 2.04jp and...

7.8CVSS0.5AI score0.40435EPSS
Exploits11
F5 Networks
F5 Networks
added 2023/02/21 7:54 p.m.105 views

K27112954: Linux kernel vulnerability CVE-2019-15292

Security Advisory Description An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalkprocexit, related to net/appletalk/atalkproc.c, net/appletalk/ddp.c, and net/appletalk/sysctlnetatalk.c. CVE-2019-15292 Impact There is no impact; F5 products are not affected...

10CVSS6AI score0.02588EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 7:0 p.m.105 views

K51975973: Eclipse Jetty vulnerability CVE-2021-34428

Security Advisory Description For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can...

3.6CVSS6.5AI score0.00963EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.105 views

K64292204: OpenSSH vulnerability CVE-2016-10010

Security Advisory Description sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. CVE-2016-10010 Impact In the default configuration,...

7CVSS7.9AI score0.0424EPSS
Exploits2
F5 Networks
F5 Networks
added 2023/02/21 6:46 p.m.105 views

K14492558: PHP vulnerability CVE-2021-21708

Security Advisory Description In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTERVALIDATEFLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result ...

9.8CVSS8AI score0.03002EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.105 views

K72118410: Linux kernel vulnerability CVE-2021-29154

Security Advisory Description BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpfjitcomp.c and arch/x86/net/bpfjitcomp32.c. CVE-2021-29154 Impact...

7.8CVSS6.8AI score0.00931EPSS
Exploits0
F5 Networks
F5 Networks
added 2022/12/29 1:30 a.m.105 views

K41440465: BIG-IP TMM vulnerability CVE-2022-26071

Security Advisory Description A flaw in the way reply ICMP packets are limited in the Traffic Management Microkernel TMM allows an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. CVE-2022-26071 Impact A...

7.5CVSS7.4AI score0.01002EPSS
Exploits0Affected Software15
F5 Networks
F5 Networks
added 2017/12/20 9:45 p.m.105 views

Apache vulnerability CVE-2017-6146

F5 Product Development has assigned ID 572272 BIG-IP and ID 663962 Enterprise Manager to this vulnerability. To determine if your product and version have been evaluated for this vulnerability, refer to the Applies to see versions box. To determine if your release is known to be vulnerable, the...

1.5AI score
Exploits0
F5 Networks
F5 Networks
added 2016/04/13 12:0 a.m.105 views

SOL91100352 - Mozilla NSS vulnerability CVE-2016-1950

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

8.8CVSS2.4AI score0.04192EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2023/02/21 7:59 p.m.104 views

K17133899: Multiple Treck TCP/IP stack vulnerabilities

Security Advisory Description CVE-2020-11896 The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling. CVE-2020-11897 The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets. CVE-2020-11898 The Treck TCP/IP stack...

10CVSS6.5AI score0.36965EPSS
Exploits21
F5 Networks
F5 Networks
added 2023/02/21 7:52 p.m.104 views

K05717484: PhpAdmin vulnerability CVE-2005-3299

Security Advisory Description PHP file inclusion vulnerability in grabglobals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $redirect parameter, possibly involving the subform array. CVE-2005-3299 Impact There is no impact; F5 products are not...

5CVSS9AI score0.15919EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.104 views

K35453761: cURL and libcurl vulnerability CVE-2017-2628

Security Advisory Description cURL, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVEGSSAPI define was meanwhile substituted by USEHTTPNEGOTIATE. This issue was introduced in RH...

9.8CVSS7.9AI score0.0401EPSS
Exploits0Affected Software19
F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.104 views

K02912734: Intel CPU vulnerability CVE-2019-11135

Security Advisory Description TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2019-11135 Impact There is no impact; F5 products are not affected by...

6.5CVSS6.9AI score0.03133EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.104 views

K97457339: Linux kernel vulnerabilities CVE-2017-1000370 and CVE-2017-1000371

Security Advisory Description CVE-2017-1000370 The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execveed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above...

7.8CVSS6.2AI score0.02428EPSS
Exploits9
F5 Networks
F5 Networks
added 2016/11/04 12:0 a.m.104 views

SOL01276005 - OpenSSL vulnerability CVE-2016-2182

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

9.8CVSS2.1AI score0.44218EPSS
Exploits1References5
F5 Networks
F5 Networks
added 2015/09/08 12:0 a.m.104 views

SOL17244 - Linux kernel vulnerability CVE-2015-1593

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. In BIG-IP 10.x, some platforms are running 32-bit Linux kernel and some platforms are running 64-bit, depending on their...

5CVSS0.2AI score0.03814EPSS
Exploits1References5
F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.103 views

K06372014: PHP vulnerability CVE-2019-9023

Security Advisory Description An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur...

9.8CVSS7.6AI score0.09317EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.103 views

K97120268: Apache Log4j SQL injection vulnerability CVE-2022-23305

Security Advisory Description By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL...

9.8CVSS8.5AI score0.66537EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:47 p.m.103 views

K31902105: OpenSSH vulnerability CVE-2016-20012

Security Advisory Description DISPUTED OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination...

5.3CVSS6.6AI score0.05326EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.103 views

K52349521: OpenSSL vulnerability CVE-2016-2842

Security Advisory Description The doaproutch function in crypto/bio/bprint.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service out-of-bounds write or memory consumption or...

10CVSS8.4AI score0.53655EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/01/24 10:1 p.m.103 views

K52341555: Samba vulnerability CVE-2022-3592

Security Advisory Description A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix...

6.5CVSS5.8AI score0.02431EPSS
Exploits0
F5 Networks
F5 Networks
added 2016/03/09 12:0 a.m.103 views

SOL62012529 - BIND vulnerability CVE-2016-1286

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

8.6CVSS1.3AI score0.621EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2007/05/16 12:0 a.m.103 views

SOL6669 - Apache HTTP Expect header handling

The vulnerability exists in the Apache web server, which is used by FirePass. Apache will not sanitize the contents of the HTTP Expect header when receiving an HTTP request. Instead, the contents of the Expect header will be returned in a successful HTTP response. This permits executable code suc...

4.3CVSS6.3AI score0.94926EPSS
Exploits7
F5 Networks
F5 Networks
added 2023/02/21 7:55 p.m.102 views

K88126845: BIG-IP APM web pages may be indexed by search engines

Security Advisory Description This issue occurs when all of the following conditions are met: Users connect to the BIG-IP APM system through the internet. The BIG-IP APM system is reachable by search engines. Impact BIG-IP APM web pages may be enumerated and other data may be disclosed. Symptoms ...

6.6AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:0 p.m.102 views

K43429502: OpenSSL RSA key generation vulnerability CVE-2018-0737

Security Advisory Description The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL...

5.9CVSS6.1AI score0.12046EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.102 views

K62444703: Multiple MySQL vulnerabilities CVE-2022-21455 and CVE-2022-21509

Security Advisory Description CVE-2022-21455 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

5.5CVSS5.5AI score0.01271EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:30 p.m.102 views

K16090: BIG-IP Automatic Update Check and ASM Automatic Signature Update man-in-the-middle vulnerability CVE-2014-9326

Security Advisory Description The automatic signature update functionality in the 1 Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the 2 Call Home feature in ASM 10.0.0...

4.3CVSS6.8AI score0.00823EPSS
Exploits0Affected Software9
F5 Networks
F5 Networks
added 2023/02/21 6:12 p.m.102 views

K7859: Multiple PHP vulnerabilities

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

7.8CVSS8.6AI score0.40435EPSS
Exploits11
F5 Networks
F5 Networks
added 2023/02/21 6:7 p.m.102 views

K52559937: Overview of NGINX vulnerabilities (May 2021)

Security Advisory Description On May 25, 2021, NGINX announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your NGINX systems. The details of each issue can be found in the associated Security Advisory...

7.8CVSS7.1AI score0.53461EPSS
Exploits10
F5 Networks
F5 Networks
added 2023/02/21 5:34 p.m.102 views

K74954302: PHP vulnerability CVE-2016-2554

Security Advisory Description Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted TAR archive. CVE-2016-2554...

10CVSS9.3AI score0.10997EPSS
Exploits1
F5 Networks
F5 Networks
added 2022/12/16 7:36 p.m.102 views

K16847: Apache vulnerabilities CVE-2014-8109, CVE-2014-3581, CVE-2014-3583

Security Advisory Description Description CVE-2014-8109 modlua.c in the modlua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which...

5CVSS6.2AI score0.22016EPSS
Exploits0
F5 Networks
F5 Networks
added 2016/11/10 12:0 a.m.102 views

SOL87416818 - TMM vulnerability CVE-2016-7476

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS2.7AI score0.02432EPSS
Exploits0References6
F5 Networks
F5 Networks
added 2024/02/17 12:27 a.m.101 views

K000138643: OpenSSH vulnerability CVE-2023-51767

Security Advisory Description OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks for authentication bypass because the integer value of authenticated in mmanswerauthpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat...

7CVSS7AI score0.00661EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:59 p.m.101 views

K32380005: Linux kernel vulnerability CVE-2019-18282

Security Advisory Description The flowdissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash instead ...

5.3CVSS6.8AI score0.02605EPSS
Exploits0Affected Software16
F5 Networks
F5 Networks
added 2023/02/21 6:52 p.m.101 views

K53825211: PHP vulnerability CVE-2019-9637

Security Advisory Description An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus...

7.5CVSS7.2AI score0.07347EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:46 p.m.101 views

K64709522: Multiple Zip Slip vulnerabilities

Security Advisory Description CVE-2018-1002200 plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

6.5CVSS5.9AI score0.15359EPSS
Exploits8
F5 Networks
F5 Networks
added 2016/07/18 12:0 a.m.101 views

SOL71436934 - Apache httpd vulnerability CVE-2016-4979

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

7.5CVSS1.8AI score0.18802EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2009/11/15 12:0 a.m.101 views

SOL10772 - Linux NULL pointer dereference vulnerability - CVE-2009-2692

Information about this advisory is available at the following location: Note: As a result of a typo, this advisory was also referred to as CVE-2009-2962. Be advised that CVE-2009-2962 was removed as a duplicate of CVE-2009-2692. For information, refer to https://vulners.com/cve/CVE-2009-2962. Th...

7.8CVSS7.8AI score0.14633EPSS
Exploits18
F5 Networks
F5 Networks
added 2005/07/21 12:0 a.m.101 views

SOL4616 - BSD telnet environment vulnerability CAN-2005-0488

Was this resource helpful in solving your issue? Yes - this resource was helpful No - this resource was not helpful I don‘t know yet NOTE: Please do not provide personal information. Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:...

5CVSS1.5AI score0.16815EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.100 views

K55834441: Netty vulnerability CVE-2021-21295

Security Advisory Description Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables...

5.9CVSS6.8AI score0.18891EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:52 p.m.100 views

K6881: SSHv1 vulnerabilities CVE-2006-4924

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

7.8CVSS6.8AI score0.34666EPSS
Exploits1
F5 Networks
F5 Networks
added 2014/12/11 12:0 a.m.100 views

SOL15903 - Multiple PHP vulnerabilities

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

7.5CVSS3.1AI score0.62649EPSS
Exploits22References5
F5 Networks
F5 Networks
added 2013/05/30 12:0 a.m.100 views

SOL14434 - OpenSSH vulnerability CVE-2006-5794

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

7.5CVSS2.6AI score0.02681EPSS
Exploits0References4
Total number of security vulnerabilities5000