Lucene search
K

6389 matches found

F5 Networks
F5 Networks
•added 2023/02/21 6:58 p.m.•28 views

K17407: Datastor kernel vulnerability CVE-2015-7394

Security Advisory Description The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.1.0 through 11.3.0, BIG-IP GTM 11.1.0...

9CVSS7.3AI score0.03892EPSS
Exploits0Affected Software20
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•28 views

K92306170: BIG-IP AFM single endpoint flood/sweep DoS vector security exposure

Security Advisory Description BIG-IP AFM single endpoint sweep and single endpoint flood DoS vector configuration states are unexpectedly disabled after updating/upgrading software to BIG-IP 14.1.0 and later. This issue occurs when all of the following conditions are met: You updated/upgraded you...

6.7AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•28 views

K05342145: Linux kernel vulnerability CVE-2007-6762

Security Advisory Description In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabelcipsov4.c where it is possible to overflow the doidef-tags array. CVE-2007-6762 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Stat...

9.8CVSS9AI score0.02976EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•28 views

K28042514: BIG-IP TMM and DNS profile vulnerability CVE-2022-23017

Security Advisory Description When a virtual server is configured with a DNS profile with the Rapid Response Mode setting enabled and is configured on a BIG-IP system, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23017 Impact System performance can...

7.5CVSS7.5AI score0.0092EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•28 views

K30911244: Advanced WAF, BIG-IP ASM, and NGINX App Protect attack signature check failure

Security Advisory Description The F5 Advanced Web Application Firewall Advanced WAF, BIG-IP ASM, and NGINX App Protect attack signature check may fail to detect and block certain HTTP requests when some signatures are disabled on the security policy and wildcard header. Impact The attack signatur...

6.7AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•28 views

K61705126: BIG-IP APM apd vulnerability CVE-2019-6661

Security Advisory Description When the BIG-IP APM system processes certain requests, the apd/apmd process may consume excessive resources. CVE-2019-6661 Impact BIG-IP APM When this vulnerability is exploited, the BIG-IP APM system may experience excessive resource consumption, which may cause one...

7.5CVSS7.4AI score0.01044EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•28 views

K21423526: Intel CSME and TXE vulnerability CVE-2019-0091

Security Advisory Description Code injection vulnerability in installer for IntelR CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and IntelR TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access. CVE-2019-0091 Impact A locally...

7.8CVSS8.1AI score0.00519EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•28 views

K23124150: GeoIP vulnerability CVE-2018-5521

Security Advisory Description Carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS. CVE-2018-5521 Impact BIG-IP Clients accessing the affected system may be exposed to cross-site scripting XSS attacks. This vulnerability...

6.1CVSS6AI score0.00923EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:52 p.m.•28 views

K16870: logrotate vulnerability CVE-2011-1154

Security Advisory Description The shredfile function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a...

6.9CVSS7.2AI score0.00412EPSS
Exploits1Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•28 views

K15838353: BIG-IP Edge Client for Windows vulnerability CVE-2020-5892

Security Advisory Description The BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory. CVE-2020-5892 Impact An attacker with sufficient local privileges on a client machine running Windows may be able to...

6.7CVSS6.3AI score0.00306EPSS
Exploits0Affected Software3
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•28 views

K63497634: BIG-IP FPS XSS vulnerability CVE-2021-22979

Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility when Fraud Protection Service is provisioned, which allows an attacker to execute JavaScript in the context of the current logged-in user...

6.1CVSS6.4AI score0.00583EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•28 views

K28003839: tmsh utility vulnerability CVE-2018-15322

Security Advisory Description A BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service DoS when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action...

6.5CVSS6.6AI score0.01134EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:46 p.m.•28 views

K26710120: Intel microprocessors vulnerability CVE-2019-0162

Security Advisory Description Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2019-0162 Impact There is no impact; F5 products are not affected by this vulnerability. Security...

3.8CVSS4.1AI score0.00931EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:46 p.m.•28 views

K15878: bzip2 vulnerability CVE-2010-0405

Security Advisory Description Description Integer overflow in the BZ2decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted compressed file...

5.1CVSS6.5AI score0.03297EPSS
Exploits0Affected Software10
F5 Networks
F5 Networks
•added 2023/02/21 6:45 p.m.•28 views

K08654551: GnuPG vulnerability CVE-2019-13050

Security Advisory Description Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause ...

7.5CVSS7.2AI score0.02663EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•28 views

K04518313: BIG-IP APM network access VPN vulnerability CVE-2020-27724

Security Advisory Description In BIG-IP APM, on systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic over the tunnel. CVE-2020-27724 Impact This vulnerability may cause the Traffic Management Microkernel...

6.5CVSS6.3AI score0.00887EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•28 views

K69154630: BIG-IP Edge Client for Windows vulnerability CVE-2020-5898

Security Advisory Description The BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to a \\.\urvpndrv device causing the Windows kernel to crash. CVE-2020-5898...

5.5CVSS5.4AI score0.00261EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•28 views

K94105051: TMM vulnerability CVE-2018-5537

Security Advisory Description A remote attacker may be able to disrupt services on the BIG-IP if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end. CVE-2018-5537 Impact The BIG-IP system m...

5.3CVSS5.5AI score0.01194EPSS
Exploits0Affected Software10
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•28 views

K19807532: BIND vulnerability CVE-2020-8619

Security Advisory Description The asterisk character "" is allowed in DNS zone files, where it is most commonly present as a wildcard at a terminal node of the Domain Name System graph. However, the RFCs do not require and BIND does not enforce that an asterisk character be present only at a...

4.9CVSS6.3AI score0.02088EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•28 views

K73522927: BIG-IP Appliance mode vulnerability CVE-2019-6633

Security Advisory Description When the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource Administrator roles can bypass Appliance mode restrictions. CVE-2019-6633 Impact This vulnerability allows the attacker to exploit the system with high-level...

4.4CVSS4.9AI score0.00347EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•28 views

K17331: PCRE library vulnerability CVE-2015-5073

Security Advisory Description Heap-based buffer overflow in the findfixedlength function in pcrecompile.c in PCRE before 8.38 allows remote attackers to cause a denial of service crash or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted...

9.1CVSS8.8AI score0.07673EPSS
Exploits1Affected Software22
F5 Networks
F5 Networks
•added 2023/02/21 6:32 p.m.•28 views

K64346530: Multiple Intel CPU vulnerabilities

Security Advisory Description CVE-2019-11168 Insufficient session validation in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. CVE-2019-11170 Authentication bypass in Intel...

9.8CVSS6.8AI score0.01561EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:29 p.m.•28 views

K15875: cURL vulnerability CVE-2013-1944

Security Advisory Description The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. CVE-2013-1944 Impact Allows unauthorized...

5CVSS8.4AI score0.04986EPSS
Exploits1Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 6:11 p.m.•28 views

K15729: Associative array vulnerability CVE-2014-3631

Security Advisory Description The assocarraygc function in the associative-array implementation in lib/assocarray.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service NULL pointer dereference and system crash or...

7.2CVSS6.6AI score0.00963EPSS
Exploits4
F5 Networks
F5 Networks
•added 2023/02/21 6:11 p.m.•28 views

K12253: PHP vulnerability CVE-2010-2225

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

7.5CVSS9.8AI score0.05342EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:8 p.m.•28 views

K15970: GnuTLS 3.x vulnerability CVE-2014-8564

Security Advisory Description The gnutlseccansix963export function in gnutlsecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service out-of-bounds write via a crafted 1 Elliptic Curve Cryptography ECC certificate or 2...

5CVSS6.5AI score0.03281EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:7 p.m.•28 views

K37611417: Intel Driver vulnerability CVE-2020-12307

Security Advisory Description Improper permissions in some IntelR High Definition Audio drivers before version 9.21.00.4561 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2020-12307 Impact There is no impact; F5 products are not affected by thi...

7.8CVSS7.6AI score0.00311EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:7 p.m.•28 views

K49827114: BIG-IP Edge Client for macOS vulnerability CVE-2019-6668

Security Advisory Description BIG-IP Edge Client for macOS may allow unprivileged users to access files owned by the root account. CVE-2019-6668 Impact BIG-IP Edge Client may allow an unprivileged user on the affected macOS device to get ownership of files owned by the root account on the local...

5.5CVSS5.4AI score0.00287EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2023/02/16 8:14 p.m.•28 views

K000132635: OpenSSL vulnerability CVE-2022-4450

Security Advisory Description The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers...

7.5CVSS7.7AI score0.20444EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/01 1:5 p.m.•28 views

K20717585: BIG-IP APM OAuth vulnerability CVE-2023-22341

Security Advisory Description When the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel TMM to terminate: An OAuth Server that references an OAuth Provider An OAuth profile with the Authorization Endpoint set to '/'...

7.5CVSS7.6AI score0.00626EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/01/30 6:44 a.m.•28 views

K000132333: Python vulnerability CVE-2019-9674

Security Advisory Description Lib/zipfile. py in Python through 3.7.2 allows remote attackers to cause a denial of service resource consumption via a ZIP bomb. CVE-2019-9674 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

7.5CVSS7.1AI score0.05535EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/01/26 7:54 p.m.•28 views

K000132263: OpenJDK vulnerability CVE-2023-21843

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Sound. Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 a...

3.7CVSS4.8AI score0.01357EPSS
Exploits0
F5 Networks
F5 Networks
•added 2022/12/31 1:29 a.m.•28 views

K14334: BIG-IP Analytics generates predictable session cookies CVE-2013-7408

Security Advisory Description F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value. CVE-2013-7408 This may become apparent when running vulnerability scans such as Qualys against a...

7.5CVSS6.8AI score0.02043EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
•added 2022/12/30 10:51 p.m.•28 views

K05975972: BIG-IP self IP vulnerability CVE-2020-5923

Security Advisory Description Self-IP port-lockdown bypass by way of IPv6 link-local addresses. CVE-2020-5923 Impact Port lockdowns may be bypassable on accessible self IP addresses on an ipv6 link-local address. Security Advisory Status F5 Product Development has assigned ID 832885 BIG-IP and ID...

5.4CVSS5.8AI score0.00496EPSS
Exploits0Affected Software12
F5 Networks
F5 Networks
•added 2016/11/21 12:0 a.m.•28 views

SOL21856463 - MySQL vulnerability CVE-2016-8289

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

4.7CVSS2.7AI score0.00336EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2016/11/21 12:0 a.m.•28 views

SOL14342624 - MySQL vulnerability CVE-2016-5633

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

4.9CVSS2.7AI score0.02471EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2015/11/02 12:0 a.m.•28 views

SOL17525 - NTP vulnerability CVE-2015-7853

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

9.8CVSS1.9AI score0.11781EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2015/08/26 12:0 a.m.•28 views

SOL17170 - Java vulnerability CVE-2015-4736

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

9.3CVSS1.8AI score0.04455EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2015/07/06 12:0 a.m.•28 views

SOL16861 - BIG-IQ remote authentication vulnerability CVE-2015-4637

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

4.3CVSS2.6AI score0.01141EPSS
Exploits0References7
F5 Networks
F5 Networks
•added 2014/09/04 12:0 a.m.•28 views

SOL15548 - Rsync sender.c vulnerability CVE-2007-4091

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

6.8CVSS3.3AI score0.03345EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2014/07/16 12:0 a.m.•28 views

SOL15395 - OpenSSL vulnerability CVE-2012-0027

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...

5CVSS3.2AI score0.04992EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2012/11/29 12:0 a.m.•28 views

SOL14046 - FirePass input validation vulnerability

Vulnerability Recommended Actions To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. F5 strongly recommends that you install HF-70-7 for FirePass 7.0.0 to address this vulnerability. Acknowledgements F5 wou...

2.3AI score
Exploits0References7Affected Software1
F5 Networks
F5 Networks
•added 2007/05/16 12:0 a.m.•28 views

SOL3277 - mod_ssl and ssl_log vulnerability VU#303448

Information about this advisory is available at the following location: F5 Product Development tracked this issue and it was fixed in BIG-IP and 3-DNS version 4.5.11 and 4.6.2. For instructions about downloading software from F5, refer to SOL167: Downloading software from F5. A VU303448 patch has...

2.9AI score
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2007/02/22 12:0 a.m.•28 views

SOL7147 - Execution of UNIX shell commands from the URL in the Admin UI

A URL that is accessible from the Device Management Maintenance Troubleshooting Tools page can be modified to inject UNIX shell commands, which are then executed with user-level privileges. Only FirePass Administrators with permission to access this URL can perform this action. Standard FirePass...

2.4AI score
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2006/10/10 12:0 a.m.•28 views

SOL6701 - Possible logon through native RSA SecurID authentication without valid passcode

An issue with the FirePass controller could permit logins without valid RSA SecurID passcodes. Under heavy load conditions, the FirePass controller can enter into a state where an invalid password in the form of the SecurID passcode is accepted if the username is a valid user in a master group...

2AI score
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2026/05/25 1:54 p.m.•27 views

K000161415: Craft CMS vulnerability CVE-2025-32432

Security Advisory Description Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is ...

10CVSS7.7AI score0.99803EPSS
Exploits14
F5 Networks
F5 Networks
•added 2026/05/13 12:0 p.m.•27 views

K000160876: Appliance mode iControl REST vulnerability CVE-2026-42930

Security Advisory Description When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions on a BIG-IP system. CVE-2026-42930 Impact An authenticated attacker with local system access and the Administrator role may be...

8.7CVSS5.8AI score0.0048EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
•added 2025/09/29 9:28 p.m.•27 views

K000156683: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2014-9828 coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. CVE-2014-9829 coders/sun.c in ImageMagick allows remote attackers to cause a denial of service out-of-bounds access via a crafted sun file...

9.8CVSS7.2AI score0.03734EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/05/14 4:19 p.m.•27 views

K000151329: MySQL vulnerabilities CVE-2025-30704, CVE-2025-30705, and CVE-2025-30706

Security Advisory Description CVE-2025-30704 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Components Services. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows high privileged attacker wit...

7.5CVSS5.5AI score0.00821EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/01/28 8:49 a.m.•27 views

K000149511: Oracle Java vulnerability CVE-2025-21502

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK:...

4.8CVSS5.3AI score0.00971EPSS
Exploits0
Total number of security vulnerabilities5000