Lucene search
K

6396 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.66 views

K67352212: Apache vulnerabilities CVE-2018-1286, CVE-2018-1294, CVE-2018-1316, CVE-2018-1319, and CVE-2018-1324

Security Advisory Description CVE-2018-1286 In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users. CVE-2018-1294 If a user of Commons-Email typically an application programmer...

7.5CVSS6.2AI score0.03681EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.66 views

K61363039: NTP vulnerability CVE-2019-8936

Security Advisory Description NTP through 4.2.8p12 has a NULL Pointer Dereference. CVE-2019-8936 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for potential vulnerabilit...

7.5CVSS6.5AI score0.05726EPSS
Exploits2
F5 Networks
F5 Networks
added 2023/02/21 6:12 p.m.66 views

K16354: Multiple JavaSE client-side vulnerabilities

Security Advisory Description CVE-2014-6601 Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2015-0412 Unspecified vulnerability in Oracle Java SE 6u85, 7u72,...

10CVSS6.8AI score0.06877EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:7 p.m.66 views

K52342540: Java SE vulnerability CVE-2017-10108

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability...

5.3CVSS6.3AI score0.03114EPSS
Exploits0Affected Software8
F5 Networks
F5 Networks
added 2023/02/21 5:37 p.m.66 views

K02201365: SLOTH: TLS 1.2 handshake vulnerability CVE-2015-7575

Security Advisory Description A flaw was found in the way TLS 1.2 uses RSA+MD5 signatures with Client Authentication and ServerKeyExchange messages during a TLS 1.2 handshakes. An attacker with a Man-in-the-Middle network position and the ability to force / observe the use of RSA+MD5 during a TLS...

5.9CVSS7.8AI score0.0288EPSS
Exploits0Affected Software17
F5 Networks
F5 Networks
added 2022/03/17 10:0 p.m.66 views

Intel CPU vulnerability CVE-2021-0099

Insufficient control flow management in the firmware for some IntelR Processors may allow an authenticated user to potentially enable an escalation of privilege via local access. CVE-2021-0099 Impact An attacker may be able to exploit the Intel processor firmware to gain elevated access to...

7.8CVSS7.9AI score0.00301EPSS
Exploits0
F5 Networks
F5 Networks
added 2016/10/19 12:0 a.m.66 views

SOL09422508 - OpenSSL vulnerabilities CVE-2016-6302, CVE-2016-6307, and CVE-2016-6308

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

7.5CVSS2.6AI score0.26441EPSS
Exploits1References4
F5 Networks
F5 Networks
added 2016/04/20 12:0 a.m.66 views

SOL04362926 - BIOS SMM privilege escalation vulnerability CVE-2015-0949

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.8CVSS3AI score0.00394EPSS
Exploits0References7
F5 Networks
F5 Networks
added 2016/01/29 12:0 a.m.66 views

SOL95345942 - Linux kernel vulnerability CVE-2015-3339

Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. CVE-2015-3339...

6.2CVSS5.4AI score0.00317EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2015/12/23 12:0 a.m.66 views

SOL52470083 - Apache vulnerability CVE-2010-0408

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

5CVSS2.5AI score0.20787EPSS
Exploits1References4
F5 Networks
F5 Networks
added 2015/08/12 12:0 a.m.66 views

SOL17121 - Linux network subsystem vulnerabilities CVE-2014-8160, CVE-2014-8172, CVE-2014-8173, CVE-2014-9428, CVE-2014-9644, CVE-2015-0274, and CVE-2015-2041

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

7.8CVSS2.1AI score0.05489EPSS
Exploits1References4
F5 Networks
F5 Networks
added 2015/08/06 12:0 a.m.66 views

SOL17079 - Java SE vulnerabilities CVE-2015-2590 and CVE-2015-4732

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

10CVSS2.9AI score0.25469EPSS
Exploits0References8
F5 Networks
F5 Networks
added 2015/04/15 12:0 a.m.66 views

SOL16442 - MIT Kerberos 5 vulnerability CVE-2014-9422

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

6.1CVSS2.6AI score0.02726EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2015/04/09 12:0 a.m.66 views

SOL16398 - Python vulnerability CVE-2006-4980

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

7.5CVSS0.7AI score0.05195EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2015/04/02 12:0 a.m.66 views

SOL16336 - PHP vulnerability CVE-2015-0273

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

7.5CVSS2.6AI score0.42911EPSS
Exploits9References4
F5 Networks
F5 Networks
added 2024/08/23 5:11 p.m.65 views

K000140784: Apache HTTPD vulnerability CVE-2024-38477

Security Advisory Description null pointer dereference in modproxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue. CVE-2024-38477 Impact Attackers can exploit this...

7.5CVSS7.9AI score0.03153EPSS
Exploits0Affected Software15
F5 Networks
F5 Networks
added 2024/05/07 5:58 p.m.65 views

K000139532: Node.js vulnerability CVE-2024-27983

Security Advisory Description An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are...

8.2CVSS7.9AI score0.87211EPSS
Exploits1Affected Software12
F5 Networks
F5 Networks
added 2024/01/02 12:56 a.m.65 views

K000138103: Oracle Java SE vulnerabilities CVE-2023-22067 and CVE-2023-22081

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable...

5.3CVSS4.8AI score0.014EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/10/10 12:0 p.m.65 views

K000137106: HTTP/2 vulnerability CVE-2023-44487

Security Advisory Description The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 also known as HTTP/2 Rapid Reset Attack Impact BIG-IP and...

7.5CVSS7.2AI score0.99999EPSS
Exploits19
F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.65 views

K17118: Linux kernel vulnerability CVE-2015-2042

Security Advisory Description net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. CVE-2015-204...

4.6CVSS6.8AI score0.00449EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:59 p.m.65 views

K15863: Libtiff vulnerabilities CVE-2012-1173 and CVE-2012-2088

Security Advisory Description CVE-2012-1173 Multiple integer overflows in tiffgetimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the 1 gtTileSeparate or 2 gtStripSeparate function, leading to a...

7.5CVSS9.3AI score0.06918EPSS
Exploits0Affected Software17
F5 Networks
F5 Networks
added 2023/02/21 7:57 p.m.65 views

K29103455: QEMU 3.0.0 vulnerability CVE-2019-9824

Security Advisory Description tcpemu in slirp/tcpsubr.c aka slirp/src/tcpsubr.c in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. CVE-2019-9824 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...

5.5CVSS6.3AI score0.00515EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:56 p.m.65 views

K95204515: Intel CPU vulnerability CVE-2022-21151

Security Advisory Description Processor optimization removal or modification of security-critical code for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21151 Impact This vulnerability may allow an authenticated user...

5.5CVSS5.6AI score0.00347EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:55 p.m.65 views

K82641075: PHP vulnerability CVE-2018-10545

Security Advisory Description An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpmunix.c makes a PRSETDUMPABLE prctl call, allowing one user in a multiuser...

4.7CVSS6.1AI score0.00831EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:55 p.m.65 views

K43024307: BIG-IP iRules vulnerability CVE-2022-41624

Security Advisory Description When a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. CVE-2022-41624 Impact System performance can degrade until the Traffic Management Microkernel TMM process is either forced to restart or...

7.5CVSS7.5AI score0.00616EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
added 2023/02/21 7:54 p.m.65 views

K29146534: SSB Variant 4 vulnerability CVE-2018-3639

Security Advisory Description Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel...

5.5CVSS6.8AI score0.60631EPSS
Exploits2Affected Software19
F5 Networks
F5 Networks
added 2023/02/21 7:48 p.m.65 views

K14673240: Linux kernel vulnerability CVE-2018-20856

Security Advisory Description An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an blkdrainqueue use-after-free because a certain error case is mishandled. CVE-2018-20856 Impact There is no impact; F5 products are not affected by this vulnerability. Security...

7.8CVSS6.8AI score0.00707EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:42 p.m.65 views

K14446: OpenSSH vulnerability CVE-2012-0814

Security Advisory Description The authparseoptions function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorizedkeys command options. CVE-2012-0814 Impact This vulnerability may allow remotely-authenticated users to obtain potentially sensitive information...

6.5CVSS6.6AI score0.03672EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:27 p.m.65 views

K62442245: Kernel vulnerability CVE-2016-6828

Security Advisory Description The tcpchecksendhead function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service tcpxmitretransmitqueue use-after-free and system crash vi...

5.5CVSS6AI score0.01181EPSS
Exploits5Affected Software23
F5 Networks
F5 Networks
added 2023/02/21 7:0 p.m.65 views

K8171: Linux kernel IA32 System Call vulnerability - CVE-2007-4573

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

7.2CVSS6AI score0.0082EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:0 p.m.65 views

K52102651: Linux Kernel vulnerability CVE-2021-23134

Security Advisory Description Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAPNETRAW capability. CVE-2021-23134 Impac...

7.8CVSS6.3AI score0.00343EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:59 p.m.65 views

K44415301: Apache Tomcat vulnerability CVE-2020-17527

Security Advisory Description While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the...

7.5CVSS7.5AI score0.24622EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.65 views

K51011533: Expat XML parser vulnerability CVE-2018-20843

Security Advisory Description In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing enough to be usable for denial-of-service attacks. CVE-2018-20843 Impact...

7.8CVSS6.8AI score0.07107EPSS
Exploits1Affected Software15
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.65 views

K52308021: GNU C Library (glibc) vulnerabilities CVE-2022-23218 and CVE-2022-23219

Security Advisory Description CVE-2022-23218 The deprecated compatibility function svcunixcreate in the sunrpc module of the GNU C Library aka glibc through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a...

9.8CVSS8.6AI score0.04729EPSS
Exploits2Affected Software2
F5 Networks
F5 Networks
added 2023/02/21 6:47 p.m.65 views

K97810133: BIND vulnerability CVE-2020-8616

Security Advisory Description A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an...

8.6CVSS6.4AI score0.10593EPSS
Exploits1Affected Software12
F5 Networks
F5 Networks
added 2023/02/21 6:46 p.m.65 views

K43040412: Linux kernel vulnerability CVE-2021-41073

Security Advisory Description looprwiter in fs/iouring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORINGOPPROVIDEBUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc//maps for exploitation. CVE-2021-41073 Impact There is no...

7.8CVSS6.5AI score0.01719EPSS
Exploits2
F5 Networks
F5 Networks
added 2023/02/21 6:46 p.m.65 views

K31878120: libwebp vulnerabilities CVE-2018-25011 CVE-2020-36328 CVE-2020-36329 CVE-2018-25014

Security Advisory Description A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2018-25011 A flaw was found in libwebp in...

9.8CVSS7.9AI score0.02662EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.65 views

K35543324: OpenSSL vulnerability CVE-2016-6303

Security Advisory Description Integer overflow in the MDC2Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly have unspecified other impact via unknown vectors. CVE-2016-6303...

9.8CVSS8.6AI score0.31985EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.65 views

K43741620: OpenSSL vulnerabilities CVE-2018-0734 and CVE-2018-0735

Security Advisory Description CVE-2018-0734 The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a Affected 1.1.1. Fixed in OpenSSL 1.1.0j...

5.9CVSS6.2AI score0.12154EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.65 views

K28056114: Linux kernel vulnerability CVE-2016-5829

Security Advisory Description Multiple heap-based buffer overflows in the hiddevioctlusage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted 1 HIDIOCGUSAGES or 2...

7.8CVSS6.8AI score0.00458EPSS
Exploits0Affected Software24
F5 Networks
F5 Networks
added 2023/02/21 6:31 p.m.65 views

K03861222: ExtJS vulnerability CVE-2007-2285

Security Advisory Description Directory traversal vulnerability in examples/layout/feed-proxy.php in Jack Slocum Ext 1.0 alpha1 Ext JS allows remote attackers to read arbitrary files via a .. dot dot in the feed parameter. NOTE: analysis by third party researchers indicates that this issue might ...

7.8CVSS6.9AI score0.11771EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 5:38 p.m.65 views

K15364328: Apache vulnerabilities CVE-2012-5783 and CVE-2012-6153

Security Advisory Description CVE-2012-5783 Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509...

5.8CVSS6AI score0.09254EPSS
Exploits0
F5 Networks
F5 Networks
added 2016/07/13 12:0 a.m.65 views

SOL08440897 - Linux kernel vulnerability CVE-2016-0774

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

6.8CVSS2.7AI score0.00337EPSS
Exploits0References6
F5 Networks
F5 Networks
added 2016/06/10 12:0 a.m.65 views

SOL54924436 - PHP vulnerability CVE-2015-8865

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS2.1AI score0.04985EPSS
Exploits1References9
F5 Networks
F5 Networks
added 2016/06/09 12:0 a.m.65 views

SOL48802597 - Java vulnerabilities CVE-2013-5825 and CVE-2013-5830

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

10CVSS2.7AI score0.07188EPSS
Exploits0References6
F5 Networks
F5 Networks
added 2016/05/31 12:0 a.m.65 views

SOL34958244 - PHP vulnerability CVE-2016-3074

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

9.8CVSS0.8AI score0.36974EPSS
Exploits8References3
F5 Networks
F5 Networks
added 2016/02/08 12:0 a.m.65 views

SOL03202240 - FFmpeg vulnerabilities CVE-2016-1897 and CVE-2016-1898

CVE-2016-1897 FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming HLS M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file. CVE-2016-1898: FFmpe...

5.5CVSS4.3AI score0.14621EPSS
Exploits3References3
F5 Networks
F5 Networks
added 2015/11/02 12:0 a.m.65 views

SOL17530 - NTP vulnerabilities CVE-2015-7691, CVE-2015-7692, and CVE-2015-7702

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS1.2AI score0.07336EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2015/08/13 12:0 a.m.65 views

SOL17120 - Linux kernel vulnerability CVE-2014-8134

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

3.3CVSS0.7AI score0.00703EPSS
Exploits1References12
F5 Networks
F5 Networks
added 2014/12/15 12:0 a.m.65 views

SOL15910 - Linux kernel SCTP vulnerabilities CVE-2014-3673 and CVE-2014-3687

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

7.8CVSS1.2AI score0.08579EPSS
Exploits2References5
Total number of security vulnerabilities5000