Lucene search
K

6392 matches found

F5 Networks
F5 Networks
•added 2023/02/21 6:31 p.m.•73 views

K40293611: Oracle Java SE vulnerability CVE-2022-21349

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerabili...

5.3CVSS5.6AI score0.03306EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:26 p.m.•73 views

K73705133: Bash vulnerability CVE-2016-7543

Security Advisory Description Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. CVE-2016-7543 Impact BIG-IP, F5 iWorkflow, BIG-IQ, and Enterprise Manager Impact is minimal for BIG-IP, iWorkflow, BIG-IQ, and...

8.4CVSS7.3AI score0.00576EPSS
Exploits0Affected Software23
F5 Networks
F5 Networks
•added 2023/02/21 6:8 p.m.•73 views

K17503: PHP vulnerabilities CVE-2015-7803 and CVE-2015-7804

Security Advisory Description CVE-2015-7803 A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. CVE-2015-7804 An uninitialized pointer use flaw was found in the pharmakedirstream function of PHP's Ph...

6.8CVSS8.4AI score0.10288EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/01/25 4:16 a.m.•73 views

K000132230: Java SE vulnerability CVE-2023-21835

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily...

5.3CVSS5.3AI score0.01836EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/01/12 4:58 a.m.•73 views

K52322100: Authenticated F5 BIG-IP Guided Configuration integrity check in Appliance mode vulnerability CVE-2022-25946

Security Advisory Description When running in Appliance mode, an authenticated attacker with Administrator role privileges may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. CVE-2022-25946 Impact In Appliance mode, an authenticate...

8.7CVSS6.4AI score0.00382EPSS
Exploits0Affected Software3
F5 Networks
F5 Networks
•added 2016/11/18 12:0 a.m.•73 views

SOL52430518 - PHP vulnerability CVE-2016-6289

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.8CVSS1.9AI score0.03792EPSS
Exploits1References7
F5 Networks
F5 Networks
•added 2016/07/05 12:0 a.m.•73 views

SOL35239571 - PHP vulnerability CVE-2015-3329

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

7.5CVSS2.5AI score0.38434EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2016/04/13 12:0 a.m.•73 views

SOL74954302 - PHP vulnerability CVE-2016-2554

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

10CVSS2.5AI score0.10997EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2016/02/22 12:0 a.m.•73 views

SOL71245322 - NTP vulnerability CVE-2015-8138

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.3CVSS1.9AI score0.06255EPSS
Exploits2References4
F5 Networks
F5 Networks
•added 2015/09/28 12:0 a.m.•73 views

SOL17315 - SNMP vulnerability CVE-2014-3565

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

5CVSS0.9AI score0.04619EPSS
Exploits1References12
F5 Networks
F5 Networks
•added 2015/09/09 12:0 a.m.•73 views

SOL17242 - Linux kernel SCTP vulnerability CVE-2015-1421

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. The BIG-IP/BIG-IQ/Enterprise Manager software contains vulnerable code SCTP kernel module, but the code is not enabled by...

10CVSS0.09828EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2015/08/24 12:0 a.m.•73 views

SOL17136 - Java and JRockit vulnerabilities CVE-2015-0478 and CVE-2015-0488

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

5CVSS2.4AI score0.04204EPSS
Exploits0References3
F5 Networks
F5 Networks
•added 2015/07/10 12:0 a.m.•73 views

SOL16946 - Boost memory allocator vulnerability CVE-2012-2677

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

5CVSS2.8AI score0.03889EPSS
Exploits1References8
F5 Networks
F5 Networks
•added 2014/12/08 12:0 a.m.•73 views

SOL15899 - Multiple Apache vulnerabilities CVE-2012-4558, CVE-2012-0883, CVE-2011-3348, and CVE-2010-1452

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...

6.9CVSS1.8AI score0.22913EPSS
Exploits8References5
F5 Networks
F5 Networks
•added 2014/06/05 12:0 a.m.•73 views

SOL15320 - Apache vulnerability CVE-2014-0098

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. ARX To mitigate th...

5CVSS2AI score0.25999EPSS
Exploits2References5
F5 Networks
F5 Networks
•added 2012/07/10 12:0 a.m.•73 views

SOL13719 - Samba vulnerability CVE-2012-1182

Vulnerability Recommended Actions None Supplemental Information CVE-2012-1182 Note: The previous link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge. SOL9970: Subscribing to email notifications regarding F5 products SOL9957:...

10CVSS8.8AI score0.74034EPSS
Exploits9References4
F5 Networks
F5 Networks
•added 2012/04/04 12:0 a.m.•73 views

SOL13519 - Multiple PHP vulnerabilities

Vulnerability Recommended Actions To mitigate this vulnerability, expose the administrative interface only on trusted networks and limit login access to trusted users. Impact of action: None. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957:...

10CVSS1.6AI score0.83911EPSS
Exploits27References4
F5 Networks
F5 Networks
•added 2024/03/12 9:15 p.m.•72 views

K000138895: BIND vulnerability CVE-2023-5679

Security Advisory Description A bad interaction between DNS64 and serve-stale may cause named to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through...

7.5CVSS7.6AI score0.01231EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 8:0 p.m.•72 views

K97324400: OpenSSL vulnerability CVE-2019-1563

Security Advisory Description In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypt...

4.3CVSS6.6AI score0.03838EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 8:0 p.m.•72 views

K73422160: OpenSSL vulnerability CVE-2019-1547

Security Advisory Description Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible th...

4.7CVSS6.5AI score0.01188EPSS
Exploits0Affected Software3
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•72 views

K22141757: Artifex Ghostscript vulnerabilities CVE-2018-18284, CVE-2018-15910, CVE-2018-15911, and CVE-2018-16513

Security Advisory Description CVE-2018-18284 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. CVE-2018-15910 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a...

8.6CVSS7AI score0.16288EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•72 views

K63404203: Oracle Java SE vulnerability CVE-2018-11212

Security Advisory Description An issue was discovered in libjpeg 9a. The allocsarray function in jmemmgr.c allows remote attackers to cause a denial of service divide-by-zero error via a crafted file. CVE-2018-11212 Impact Traffix SDC An attacker can exploit this vulnerability to cause a denial o...

6.5CVSS7.1AI score0.05074EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:36 p.m.•72 views

K16531: Linux kernel vulnerability CVE-2014-4027

Security Advisory Description The rdbuilddevicespace function in drivers/target/targetcorerd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdiskmcp memory by leveraging access to a SCSI...

2.3CVSS5.6AI score0.0065EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:2 p.m.•72 views

K01043241: Linux kernel vulnerability CVE-2017-17448

Security Advisory Description net/netfilter/nfnetlinkcthelper.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnlcthelperlist data structure is shared...

7.8CVSS6.3AI score0.00372EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•72 views

K07020416: Linux kernel vulnerability CVE-2017-18344

Security Advisory Description The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function called when /proc/$PID/timers is read. This...

5.5CVSS6.5AI score0.03228EPSS
Exploits8Affected Software15
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•72 views

K52510511: Advanced WAF/ASM buffer-overflow vulnerability CVE-2021-22992

Security Advisory Description A malicious HTTP response to an Advanced WAF/ASM virtual server with Login Page configured in its policy may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may allow remote code execution RCE, leading to complete system compromise...

9.8CVSS8.5AI score0.72711EPSS
Exploits1Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•72 views

K75133288: Linux kernel vulnerability CVE-2021-33909

Security Advisory Description fs/seqfile.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. CVE-2021-33909 Impact...

7.8CVSS7.1AI score0.09729EPSS
Exploits6
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•72 views

K61294700: Linux kernel vulnerability CVE-2020-27777

Security Advisory Description A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down usually due to Secure Boot guest system running on top of PowerVM or KVM hypervisors pseries platform a root like local user could use this flaw to further...

7.2CVSS6.5AI score0.00501EPSS
Exploits1Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•72 views

K43638305: BIG-IP TMUI XSS vulnerability CVE-2020-5903

Security Advisory Description A Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. CVE-2020-5903 Impact An attacker can exploit this vulnerability to run JavaScript in the context of the currently logged-in user. In the case of an...

6.1CVSS6AI score0.02233EPSS
Exploits1Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•72 views

K65460334: Expat XML parser vulnerability CVE-2012-6702

Security Advisory Description Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. CVE-2012-6702 Impact An attacker m...

5.9CVSS6.8AI score0.02371EPSS
Exploits0Affected Software20
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•72 views

K83043359: Apache HTTPD vulnerability CVE-2017-3169

Security Advisory Description In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port. CVE-2017-3169 Impact When the vulnerability is exploited, the Apachehttpd...

9.8CVSS7.4AI score0.19953EPSS
Exploits0Affected Software15
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•72 views

K23702520: Linux kernel Vulnerability CVE-2020-25672

Security Advisory Description A memory leak vulnerability was found in Linux kernel in llcpsockconnect CVE-2020-25672 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for...

7.5CVSS6.2AI score0.03259EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•72 views

K15518610: Multiple OpenJDK vulnerabilities

Security Advisory Description CVE-2016-5546 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable...

9CVSS8AI score0.32839EPSS
Exploits4
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•72 views

K22322802: Grafana vulnerability CVE-2021-39226

Security Advisory Description Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the...

9.8CVSS7.7AI score0.99888EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 5:29 p.m.•72 views

K31026324: Linux kernel vulnerabilities CVE-2015-2925, CVE-2015-5307, and CVE-2015-8104

Security Advisory Description CVE-2015-2925 The prependpath function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a...

10CVSS6AI score0.02501EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
•added 2016/07/11 12:0 a.m.•72 views

SOL11853211 - Multiple Linux kernel vulnerabilities

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

6.2CVSS2.4AI score0.03723EPSS
Exploits10References4
F5 Networks
F5 Networks
•added 2016/05/19 12:0 a.m.•72 views

SOL51920288 - OpenSSL vulnerability CVE-2016-2105

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS1.6AI score0.3965EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2015/08/28 12:0 a.m.•72 views

SOL17173 - OpenJDK vulnerability CVE-2015-4760

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

10CVSS0.9AI score0.07031EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2014/12/04 12:0 a.m.•72 views

SOL15894 - Apache vulnerabilities CVE-2012-4557 and CVE-2012-0021

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

5CVSS3.3AI score0.30809EPSS
Exploits1References5
F5 Networks
F5 Networks
•added 2014/01/15 12:0 a.m.•72 views

SOL14909 - OpenSSL vulnerability CVE-2013-4248

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy...

6.8CVSS3.8AI score0.05741EPSS
Exploits4References3
F5 Networks
F5 Networks
•added 2012/05/17 12:0 a.m.•72 views

SOL13588 - PHP vulnerability CVE-2011-4885

Recommended action BIG-IP To mitigate this vulnerability, expose the administrative interface only on trusted networks and limit login access to trusted users. FirePass For information about hotfix status, contact F5 Technical Support. Supplemental Information CVE-2011-4885 SOL9970: Subscribing t...

5CVSS9.2AI score0.83911EPSS
Exploits15
F5 Networks
F5 Networks
•added 2007/05/16 12:0 a.m.•72 views

SOL6878 - Apache Rewrite module (mod_rewrite) vulnerabilities CVE-2006-3747

This security advisory describes an off-by-one error, which means the bits are shifted to the left or the right by one value, in the LDAP scheme handling of the Apache Rewrite module. The vulnerability within the Apache Rewrite module allows remote attackers to cause a Denial of Service attack or...

7.6CVSS6.8AI score0.96436EPSS
Exploits20
F5 Networks
F5 Networks
•added 2024/05/08 12:58 p.m.•71 views

K000138744: BIG-IP APM browser network access VPN client vulnerability CVE-2024-28883

Security Advisory Description An origin validation vulnerability exists in the BIG-IP APM browser network access VPN client, which may allow an attacker to bypass F5 endpoint inspection. CVE-2024-28883 Impact A remote unauthenticated attacker with a man-in-the-middle MITM position may exploit thi...

7.4CVSS6.8AI score0.00205EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2024/03/22 9:57 p.m.•71 views

K000138990: BIND vulnerability CVE-2023-4408

Security Advisory Description The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting thi...

7.5CVSS6.9AI score0.01327EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 8:0 p.m.•71 views

K18407453: Glib vulnerabilities CVE-2018-10767, CVE-2019-12450, and CVE-2019-19126

Security Advisory Description CVE-2018-10767 There is a stack-based buffer over-read in calling GLib in the function gxpsimagesguesscontenttype of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a ginputstreamread call. A crafted input will lead to a...

9.8CVSS6.6AI score0.02602EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•71 views

K15680: Linux kernel vulnerabilities CVE-2014-3917, CVE-2014-0205 and CVE-2014-4667

Security Advisory Description Description CVE-2014-3917 kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIGAUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service OOPS via...

6.9CVSS7.2AI score0.05926EPSS
Exploits1Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•71 views

K94700053: Intel AMT vulnerability CVE-2017-5689

Security Advisory Description An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology AMT and Intel Standard Manageability ISM. An unprivileged local attacker could provision manageability features gaining...

10CVSS7.4AI score0.92189EPSS
Exploits7
F5 Networks
F5 Networks
•added 2023/02/21 7:56 p.m.•71 views

K46444421: Linux Kernel Vulnerability CVE-2019-9458

Security Advisory Description In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. CVE-2019-9458 Impact There i...

7CVSS6.5AI score0.00171EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:52 p.m.•71 views

K15899: Multiple Apache vulnerabilities CVE-2012-4558, CVE-2012-0883, CVE-2011-3348, and CVE-2010-1452

Security Advisory Description CVE-2010-1452 The 1 modcache and 2 moddav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service process crash via a request that lacks a path. CVE-2011-3348 The modproxyajp module in the Apache HTTP Server before...

6.9CVSS7.5AI score0.22913EPSS
Exploits8Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•71 views

K13993: Cross-site URL redirection attack vulnerability CVE-2009-4017

Security Advisory Description F5 FirePass SSL VPN contains a flaw that allows a remote cross-site redirection attack. This flaw exists because the application does not validate the refreshURL parameter upon submission to the my.activation.cns.php3 script. As a result, a user could create a URL...

5CVSS4.8AI score0.12041EPSS
Exploits0
Total number of security vulnerabilities5000