Lucene search
K

6392 matches found

F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•71 views

K13993: Cross-site URL redirection attack vulnerability CVE-2009-4017

Security Advisory Description F5 FirePass SSL VPN contains a flaw that allows a remote cross-site redirection attack. This flaw exists because the application does not validate the refreshURL parameter upon submission to the my.activation.cns.php3 script. As a result, a user could create a URL...

5CVSS4.8AI score0.12041EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:59 p.m.•71 views

K95343321: Linux kernel vulnerability CVE-2018-5390

Security Advisory Description Linux kernel versions 4.9+ can be forced to make very expensive calls to tcpcollapseofoqueue and tcppruneofoqueue for every incoming packet which can lead to a denial of service. CVE-2018-5390 also known as SegmentSmack Impact For products with vulnerable versions,...

7.8CVSS6.8AI score0.7354EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:55 p.m.•71 views

K18657134: Linux kernel vulnerability CVE-2018-16871

Security Advisory Description A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic t...

7.5CVSS7.2AI score0.02779EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:55 p.m.•71 views

K37661551: Unbound DNS Cache vulnerabilities CVE-2020-12662 and CVE-2020-12663

Security Advisory Description CVE-2020-12662 Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. CVE-2020-12663 Unbound before 1.10.1 has an infinite loop via malformed DNS answer...

7.5CVSS6.7AI score0.03588EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•71 views

K04454621: Linux kernel vulnerability CVE-2020-25671

Security Advisory Description A vulnerability was found in Linux Kernel, where a refcount leak in llcpsockconnect causing use-after-free which might lead to privilege escalations. CVE-2020-25671 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Statu...

7.8CVSS6.3AI score0.00511EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•71 views

K41309988: FreeIPA vulnerability CVE-2016-5404

Security Advisory Description The certrevoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission. CVE-2016-5404 Impact There is no impact; F5 product...

6.5CVSS6.1AI score0.02585EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•72 views

K34303485: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091

Security Advisory Description Microarchitectural Data Sampling Uncacheable Memory MDSUM: Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2019-11091...

5.6CVSS7.3AI score0.00607EPSS
Exploits0Affected Software17
F5 Networks
F5 Networks
•added 2023/02/21 6:52 p.m.•71 views

K59313410: OpenSSL vulnerability CVE-2022-2274

Security Advisory Description The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X8664 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during...

10CVSS8.3AI score0.44881EPSS
Exploits3
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•71 views

K16909: BIND vulnerability CVE-2015-5477

Security Advisory Description An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit. CVE-2015-5477 Impact A remote attacker may be able...

7.8CVSS7.2AI score0.91284EPSS
Exploits12Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•71 views

K37526132: OpenSSL vulnerability CVE-2017-3731

Security Advisory Description If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when...

7.5CVSS7.9AI score0.57595EPSS
Exploits1Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•72 views

K11853211: Multiple Linux kernel vulnerabilities

Security Advisory Description CVE-2015-1339 Memory leak in the cusechannelrelease function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service memory consumption or possibly have unspecified other impact by opening /dev/cuse many times. CVE-2016-2384...

6.2CVSS6.5AI score0.03723EPSS
Exploits10
F5 Networks
F5 Networks
•added 2023/02/21 6:46 p.m.•71 views

K04481502: Ghostscript vulnerability CVE-2021-3781

Security Advisory Description A trivial sandbox enabled with the -dSAFER option escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the...

9.9CVSS9.3AI score0.83913EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•71 views

K15168792: Apache Struts 2 vulnerability CVE-2016-4438

Security Advisory Description The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression. CVE-2016-4438 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

9.8CVSS9.4AI score0.17171EPSS
Exploits2
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•71 views

K41320158: Apache vulnerability CVE-2021-26690

Security Advisory Description Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by modsession can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service CVE-2021-26690 Impact There is no impact; F5 products are not affected by this...

7.5CVSS7.5AI score0.65067EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•71 views

K51100910: rpcbind vulnerabilities CVE-2017-8779 and CVE-2017-8804

Security Advisory Description CVE-2017-8779 rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service memory...

7.8CVSS7.3AI score0.81921EPSS
Exploits4
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•71 views

K40508224: Perl vulnerability CVE-2020-10878

Security Advisory Description Perl before 5.30.3 has an integer overflow related to mishandling of a "PLregkindOPn == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. CVE-2020-10878 Impact An attacker may be able to...

8.6CVSS7.4AI score0.04879EPSS
Exploits0Affected Software17
F5 Networks
F5 Networks
•added 2016/10/24 12:0 a.m.•71 views

SOL90492697 - OpenSSL vulnerability CVE-2016-6306

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.9CVSS1.8AI score0.41683EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2016/03/22 12:0 a.m.•71 views

SOL30971148 - Apache Tomcat 6.x vulnerabilities CVE-2015-5174, CVE-2015-5345, CVE-2016-0706, and CVE-2016-0714

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

8.8CVSS3.3AI score0.1838EPSS
Exploits0References8
F5 Networks
F5 Networks
•added 2016/02/08 12:0 a.m.•71 views

SOL05428062 - pcregrep in PCRE vulnerability CVE-2015-8393

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS2AI score0.04371EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2016/01/28 12:0 a.m.•71 views

SOL33209124 - OpenSSL vulnerability CVE-2015-3197

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.9CVSS2.1AI score0.10731EPSS
Exploits2References4
F5 Networks
F5 Networks
•added 2015/10/09 12:0 a.m.•71 views

SOL17382 - OpenSSL vulnerability CVE-2010-4252

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

7.5CVSS2.1AI score0.08076EPSS
Exploits1References5
F5 Networks
F5 Networks
•added 2014/09/26 12:0 a.m.•71 views

SOL15623 - GnuTLS vulnerability CVE-2009-5138

Recommended Action For affected ARX systems, F5 recommends that you expose the management interface only on trusted networks. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602:...

5.8CVSS2.3AI score0.01814EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2007/05/16 12:0 a.m.•71 views

SOL2379 - Klima-Pokorny-Rosa attack on RSA vulnerability CAN-2003-0131

F5 Product Development tracked this issue and it was fixed in BIG-IP and 3-DNS versions 4.5.11 and 4.6.2...

7.5CVSS5AI score0.0628EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/04/01 4:14 p.m.•70 views

K000139141: liblzma vulnerability CVE-2024-3094

Security Advisory Description Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used t...

10CVSS9.3AI score0.85974EPSS
Exploits40
F5 Networks
F5 Networks
•added 2023/02/21 8:0 p.m.•70 views

K19820866: Linux kernel vulnerability CVE-2018-7492

Security Advisory Description A NULL pointer dereference was found in the net/rds/rdma.c rdsrdmamap function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDSGETMR and RDSGETMRFORDEST. CVE-2018-7492 Impact There is no impact...

5.5CVSS5.8AI score0.00652EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:56 p.m.•70 views

K87351324: Intel BIOS vulnerability CVE-2021-33124

Security Advisory Description Out-of-bounds write in the BIOS authenticated code module for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-33124 Impact A local attacker logged in as a privileged user can exploit the...

7.2CVSS6.7AI score0.00252EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 7:56 p.m.•70 views

K84301413: CUPS vulnerability CVE-2017-18190

Security Advisory Description A localhost.localdomain whitelist entry in validhost in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is...

7.5CVSS7AI score0.02979EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:4 p.m.•70 views

K61974123: ImageMagick vulnerability CVE-2016-3718

Security Advisory Description The 1 HTTP and 2 FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery SSRF attacks via a crafted image. CVE-2016-3718 Note : This vulnerability is one of the series of vulnerabilities known as...

5.5CVSS6.3AI score0.76897EPSS
Exploits4Affected Software10
F5 Networks
F5 Networks
•added 2023/02/21 6:55 p.m.•70 views

K35239571: PHP vulnerability CVE-2015-3329

Security Advisory Description Multiple stack-based buffer overflows in the pharsetinode function in pharinternal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a 1 tar, 2 phar, or 3 ZIP archive...

7.5CVSS8.2AI score0.38434EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•70 views

K21418431: PHP vulnerability CVE-2020-7059

Security Advisory Description When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information...

9.1CVSS7AI score0.07116EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:52 p.m.•70 views

K32305110: mod_session vulnerability CVE-2021-26691

Security Advisory Description In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow CVE-2021-26691 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

9.8CVSS8.6AI score0.68067EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:49 p.m.•70 views

K78825687: Python and Jython vulnerability CVE-2014-7185

Security Advisory Description Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. CVE-2014-7185 Impact An attacker that is able to control arguments in...

6.4CVSS8AI score0.05307EPSS
Exploits1Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•70 views

K85742355: Java SE vulnerability CVE-2020-14577

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker wi...

4.3CVSS4.7AI score0.03284EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•70 views

K32525759: Linux kernel vulnerability CVE-2021-3489

Security Advisory Description The eBPF RINGBUF bpfringbufreserve function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fix...

7.8CVSS7.1AI score0.0055EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:46 p.m.•70 views

K42941419: Multiple Qt vulnerabilities

Security Advisory Description CVE-2018-15518 QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. CVE-2018-19869 An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in...

9.8CVSS7.4AI score0.03382EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:46 p.m.•70 views

K31739796: Linux kernel vulnerability CVE-2019-8912

Security Advisory Description In the Linux kernel through 4.20.11, afalgrelease in crypto/afalg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfssetattr. CVE-2019-8912 Impact There is no impact; F5 products are not affected by this...

7.8CVSS7.2AI score0.00651EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•70 views

K14102355: Python Pillow vulnerability CVE-2021-25289

Security Advisory Description An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-3565...

9.8CVSS7.7AI score0.02281EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:32 p.m.•70 views

K03310902: Multiple Linux vulnerabilities CVE-2020-8647,CVE-2020-8648, CVE-2020-8649

Security Advisory Description CVE-2020-8647 There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vcdoresize function in drivers/tty/vt/vt.c. CVE-2020-8648 There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the nttyreceivebufcommon function in...

7.1CVSS6.1AI score0.00661EPSS
Exploits2
F5 Networks
F5 Networks
•added 2023/02/21 6:3 p.m.•70 views

K70675920: August 2018 Intel security vulnerability announcement

Security Advisory Description On 14-Aug-2018, Intel announced the discovery of the following vulnerabilities: CVE-2018-3615 Foreshadow CVE-2018-3620 Foreshadow-NG CVE-2018-3646 Foreshadow-NG For the complete announcement from Intel, refer to the following link: Note : The following link takes you...

7.3CVSS7.1AI score0.08101EPSS
Exploits0
F5 Networks
F5 Networks
•added 2016/05/10 12:0 a.m.•70 views

SOL44611310 - MySQL vulnerability CVE-2015-0411

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS2.2AI score0.10038EPSS
Exploits0References8
F5 Networks
F5 Networks
•added 2016/02/29 12:0 a.m.•70 views

SOL00329831 - Multiple NTP vulnerabilities CVE-2015-8139 and CVE-2015-8140

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.8CVSS0.6AI score0.05935EPSS
Exploits1References9
F5 Networks
F5 Networks
•added 2015/12/04 12:0 a.m.•70 views

SOL12824341 - OpenSSL vulnerability CVE-2015-3195

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.3CVSS1.8AI score0.38709EPSS
Exploits1References5
F5 Networks
F5 Networks
•added 2015/09/08 12:0 a.m.•70 views

SOL17246 - Linux kernel vulnerability CVE-2015-3636

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

4.9CVSS0.7AI score0.02472EPSS
Exploits6References4
F5 Networks
F5 Networks
•added 2015/07/14 12:0 a.m.•70 views

SOL16965 - bzip2 vulnerabilities CVE-2005-0953 and CVE-2005-1260

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

5CVSS2.7AI score0.06152EPSS
Exploits0References3
F5 Networks
F5 Networks
•added 2015/07/07 12:0 a.m.•70 views

SOL16863 - Apache vulnerability CVE-2013-5704

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

5CVSS0.7AI score0.60205EPSS
Exploits2References3
F5 Networks
F5 Networks
•added 2014/11/25 12:0 a.m.•70 views

SOL15864 - libxml vulnerabilities CVE-2009-2414 and CVE-2009-2416

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...

6.5CVSS1.8AI score0.03147EPSS
Exploits2References4
F5 Networks
F5 Networks
•added 2014/10/09 12:0 a.m.•70 views

SOL15679 - UEFI EDK2 Capsule Update vulnerabilities CVE-2014-4859 / CVE-2014-4860

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

7.2CVSS3.1AI score0.00587EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2014/05/29 12:0 a.m.•70 views

SOL15295 - OpenSSL vulnerability CVE-2014-0076

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists...

1.9CVSS2AI score0.00942EPSS
Exploits1References5
F5 Networks
F5 Networks
•added 2014/02/04 12:0 a.m.•70 views

SOL14969 - BIG-IP Edge and FirePass client information leakage vulnerability CVE-2013-6024

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

4.4CVSS2.8AI score0.00357EPSS
Exploits0References10
F5 Networks
F5 Networks
•added 2013/05/02 12:0 a.m.•70 views

SOL14382 - OpenSSH vulnerability CVE-2008-3259

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy...

1.2CVSS3.3AI score0.00328EPSS
Exploits0References3
Total number of security vulnerabilities5000