Lucene search
K

6392 matches found

F5 Networks
F5 Networks
•added 2023/02/21 8:2 p.m.•79 views

K32037442: Intel In-Band Manageability software vulnerabilities CVE-2021-0193, CVE-2021-0194, and CVE-2021-33108

Security Advisory Description CVE-2021-0193 Improper authentication in the IntelR In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access. CVE-2021-0194 Improper access control in the IntelR In-Band...

7.2CVSS7AI score0.00933EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•79 views

K10771536: MySQL vulnerabilities CVE-2017-3309, CVE-2017-3453, and CVE-2019-2974

Security Advisory Description CVE-2017-3309 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged...

7.7CVSS6.3AI score0.03726EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•79 views

K20623215: Apache mod_cache_socache vulnerability CVE-2018-1303

Security Advisory Description A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache...

7.5CVSS7.8AI score0.70783EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•79 views

K75543432: PHP vulnerability CVE-2017-11628

Security Advisory Description In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zendinidoop function in Zend/zendiniparser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications th...

7.8CVSS8.3AI score0.03365EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 7:56 p.m.•79 views

K11312491: Intel AMT SDK, Intel SCS, or Intel MEBx vulnerability CVE-2021-33107

Security Advisory Description Insufficiently protected credentials in USB provisioning for IntelR AMT SDK before version 16.0.3, IntelR SCS before version 12.2 and IntelR MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially...

4.6CVSS4.4AI score0.00251EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:59 p.m.•79 views

K3144: Apache mod_alias buffer overflow vulnerability CAN-2003-0542

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

7.2CVSS7.6AI score0.1273EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•79 views

K31300402: Virtual Machine Manager L1 Terminal Fault vulnerability CVE-2018-3646

Security Advisory Description Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a...

5.6CVSS7.8AI score0.08101EPSS
Exploits0Affected Software19
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•79 views

K55423848: CGI.pm and CGI::Simple vulnerabilities CVE-2010-2761 and CVE-2010-4410

Security Advisory Description CVE-2010-2761 The multipartinit function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers a...

4.3CVSS9.1AI score0.02713EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•79 views

K10515241: Linux kernel vulnerabilities CVE-2016-1583 and CVE-2016-2143

Security Advisory Description CVE-2016-1583 The ecryptfsprivilegedopen function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service stack memory consumption via vectors involving crafted mmap calls for /proc pathnames, leadi...

7.8CVSS7AI score0.01393EPSS
Exploits2
F5 Networks
F5 Networks
•added 2023/02/21 6:52 p.m.•79 views

K31603170: Linux kernel vulnerability CVE-2016-7097

Security Advisory Description The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. CVE-2016-7097...

4.4CVSS6.1AI score0.00377EPSS
Exploits0Affected Software23
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•79 views

K33828251: Apache Spark vulnerability CVE-2022-33891

Security Advisory Description The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...

8.8CVSS9.3AI score0.92984EPSS
Exploits12
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•79 views

K25046752: Traffic Intelligence feeds vulnerability CVE-2022-34865

Security Advisory Description Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. CVE-2022-34865 Impact An attacker with a network position that allows them to intercept network traffic may be able to read and/or modify...

9.1CVSS8.8AI score0.00379EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•79 views

K61164061: PHP vulnerability CVE-2017-9227

Security Advisory Description An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbcenclen during regular expression searching. Invalid handling of reg-dmin in forwardsearchrange could...

9.8CVSS7.2AI score0.06265EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:32 p.m.•79 views

K32798641: MySQL vulnerabilities CVE-2019-2627, CVE-2019-2628, CVE-2019-2630, CVE-2019-2631, and CVE-2019-2632

Security Advisory Description CVE-2019-2627 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high...

7.5CVSS5.7AI score0.03694EPSS
Exploits0
F5 Networks
F5 Networks
•added 2016/06/24 12:0 a.m.•79 views

SOL93174402 - Apache Struts 2 vulnerability CVE-2016-3090

Vulnerability Recommended Actions None Supplemental Information Apache S2-027 Note: The previous link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge. SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a...

8.8CVSS1.2AI score0.05663EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2016/02/16 12:0 a.m.•79 views

SOL63519101 - Multiple QEMU vulnerabilities

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

9.3CVSS1.5AI score0.13288EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2016/01/28 12:0 a.m.•79 views

SOL64009378 - OpenSSL vulnerability CVE-2016-0701

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

3.7CVSS2.7AI score0.83645EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2015/07/10 12:0 a.m.•79 views

SOL16948 - Apache Tomcat vulnerability CVE-2007-1858

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

2.6CVSS3.6AI score0.18254EPSS
Exploits0References6
F5 Networks
F5 Networks
•added 2015/04/23 12:0 a.m.•79 views

SOL16505 - NTP vulnerability CVE-2015-1798

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

1.8CVSS1.3AI score0.02219EPSS
Exploits0References8
F5 Networks
F5 Networks
•added 2015/04/14 12:0 a.m.•79 views

SOL16427 - Linux kernel vulnerability CVE-2013-7421

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

2.1CVSS1.3AI score0.00716EPSS
Exploits1References3
F5 Networks
F5 Networks
•added 2014/12/23 12:0 a.m.•79 views

SOL15936 - NTP vulnerability CVE-2014-9295

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

7.5CVSS0.7AI score0.7809EPSS
Exploits1References5
F5 Networks
F5 Networks
•added 2014/12/19 12:0 a.m.•79 views

SOL15927 - BIND vulnerability CVE-2014-8500

The LTM and GTM modules are not vulnerable by default. To be vulnerable, recursion must be manually enabled in the BIND named.conf file. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to...

7.8CVSS1AI score0.65683EPSS
Exploits0References3
F5 Networks
F5 Networks
•added 2014/08/07 12:0 a.m.•79 views

SOL15441 - PHP vulnerability CVE-2011-1148

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

7.5CVSS2.6AI score0.04736EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2014/01/16 12:0 a.m.•79 views

SOL14930 - PHP vulnerability CVE-2011-4718

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents...

6.8CVSS3.6AI score0.036EPSS
Exploits0References2
F5 Networks
F5 Networks
•added 2012/04/04 12:0 a.m.•79 views

SOL13518 - Multiple PHP vulnerabilities

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy...

10CVSS3AI score0.99998EPSS
Exploits77References3
F5 Networks
F5 Networks
•added 2007/10/04 12:0 a.m.•79 views

SOL6916 - Case change in URL host name circumvents Accessibility Scope

It is possible to bypass the Deny list configured in the Accessibility Scope section located on the Portal Access : Web Applications : Master Group Settings page using a URL whose hostname portion differs in case upper vs. lower from the URL pattern in the Deny list. After logging in to the...

1.3AI score
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2007/05/16 12:0 a.m.•79 views

SOL5860 - GSSAPI authentication vulnerability in OpenSSH - CAN-2005-2798

CAN-2005-2798: GSSAPI authentication vulnerability in OpenSSH Information about this advisory is available at the following location:...

5CVSS0.9AI score0.02299EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/05/08 1:47 p.m.•78 views

K000139404: Quarterly Security Notification (May 2024)

Security Advisory Description On May 8, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...

8CVSS7.5AI score0.07163EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/04/22 5:56 p.m.•78 views

K000139361: Moby Buildkit vulnerabilities CVE-2024-23651,CVE-2024-23652, and CVE-2024-23653

Security Advisory Description CVE-2024-23651 BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead ...

10CVSS6.7AI score0.02983EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:39 p.m.•78 views

K49233165: Apache Groovy vulnerability CVE-2015-3253

Security Advisory Description The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. CVE-2015-3253 Impact This vulnerability could allow a remote...

9.8CVSS9.6AI score0.42983EPSS
Exploits4Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:5 p.m.•78 views

K17267: XSS vulnerability in Apache CVE-2002-0840

Security Advisory Description Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the...

6.8CVSS6.4AI score0.94006EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:0 p.m.•78 views

K6736: OpenSSH vulnerabilities CAN-2006-5051, CAN-2006-4924

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

9.3CVSS7.3AI score0.44963EPSS
Exploits8
F5 Networks
F5 Networks
•added 2023/02/21 6:59 p.m.•78 views

K36212405: Apache Cassandra vulnerability CVE-2020-13946

Security Advisory Description In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and...

5.9CVSS6.9AI score0.02951EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•78 views

K61561040: PHP vulnerability CVE-2018-10547

Security Advisory Description An issue was discovered in ext/phar/pharobject.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerabilit...

6.1CVSS7.1AI score0.0363EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•78 views

K84900646: Linux kernel vulnerability CVE-2020-14385

Security Advisory Description A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise...

5.5CVSS6.2AI score0.00416EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•78 views

K63415246: Multiple Java vulnerabilities CVE-2021-35560, CVE-2021-35561, CVE-2021-35564, CVE-2021-35567, CVE-2021-35586

Security Advisory Description CVE-2021-35560 Vulnerability in the Java SE product of Oracle Java SE component: Deployment. The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

7.5CVSS6.1AI score0.06468EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•78 views

K23729200: Multiple GNU Binutils vulnerabilities

Security Advisory Description CVE-2017-9038 GNU Binutils 2.28 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted ELF file, related to the bytegetlittleendian function in elfcomm.c, the getunwindsectionword function in readelf.c, an...

7.8CVSS7.1AI score0.02129EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•78 views

K49622415: Apache Tomcat vulnerability CVE-2022-25762

Security Advisory Description If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been...

8.6CVSS8.1AI score0.08033EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:32 p.m.•78 views

K43709560: Apache Tomcat vulnerability CVE-2020-1935

Security Advisory Description In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat w...

5.8CVSS8AI score0.09386EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:28 p.m.•78 views

K17458: Linux kernel vulnerability CVE-2015-1805

Security Advisory Description The 1 piperead and 2 pipewrite implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed copytouserinatomic and copyfromuserinatomic calls, which allows local users to cause a denial of service system crash or...

7.2CVSS7.3AI score0.01395EPSS
Exploits3Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 5:39 p.m.•78 views

K20911042: OpenSSH vulnerability CVE-2015-8325

Security Advisory Description The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the...

7.8CVSS7.3AI score0.00627EPSS
Exploits0Affected Software21
F5 Networks
F5 Networks
•added 2015/08/24 12:0 a.m.•78 views

SOL17132 - Linux kernel vulnerability CVE-2014-8133

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. This vulnerability affects only 32-bit based systems. To determine if your BIG-IP device is a 32-bit based system, you ca...

2.1CVSS0.6AI score0.00583EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2014/11/19 12:0 a.m.•78 views

SOL15852 - Linux kernel vulnerability CVE-2014-3122

The trytounmapcluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service system crash by triggering a memory-usage pattern that requires removal of page-table mappings. CVE-2014-3122...

4.9CVSS6AI score0.00545EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2014/06/02 12:0 a.m.•78 views

SOL15299 - Linux kernel vulnerability CVE-2013-2888

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate the ri...

6.2CVSS2.7AI score0.00477EPSS
Exploits0References13
F5 Networks
F5 Networks
•added 2013/05/30 12:0 a.m.•78 views

SOL14433 - PHP SOAP vulnerability CVE-2013-1643

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy...

5CVSS3.2AI score0.10136EPSS
Exploits0References3
F5 Networks
F5 Networks
•added 2024/05/20 9:10 p.m.•77 views

K000139691: Expat vulnerability CVE-2016-9063

Security Advisory Description An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox 50.CVE-2016-9063 Impact Attackers may be able to trigger buffer overflows which can be used to execute arbitrary code. Security Advisory Status F5 Product...

9.8CVSS8.9AI score0.05742EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:54 p.m.•77 views

K04082144: Apache HTTP Server vulnerability CVE-2021-41773, CVE-2021-42013

Security Advisory Description A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protect...

9.8CVSS8.9AI score0.99992EPSS
Exploits175
F5 Networks
F5 Networks
•added 2023/02/21 7:2 p.m.•77 views

K01362377: Ghostscript vulnerability CVE-2017-8291

Security Advisory Description Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile %pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017...

7.8CVSS7AI score0.96968EPSS
Exploits7
F5 Networks
F5 Networks
•added 2023/02/21 7:0 p.m.•77 views

K43030517: Linux kernel BPF vulnerability CVE-2019-7308

Security Advisory Description kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks...

5.6CVSS6.2AI score0.00543EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:59 p.m.•77 views

K10107360: Apache Tomcat vulnerability CVE-2019-12418

Security Advisory Description When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a...

7CVSS7.2AI score0.01221EPSS
Exploits0
Total number of security vulnerabilities5000