Lucene search
K

6361 matches found

F5 Networks
F5 Networks
•added 2015/04/22 12:0 a.m.•63 views

SOL16471 - Linux kernel vulnerability CVE-2010-0415

Note: As of February 17, 2005, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

4.6CVSS0.7AI score0.01819EPSS
Exploits3References12
F5 Networks
F5 Networks
•added 2014/11/27 12:0 a.m.•63 views

SOL15868 - Multiple Wireshark vulnerabilities

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To...

7.8CVSS1.4AI score0.60643EPSS
Exploits7References9
F5 Networks
F5 Networks
•added 2014/04/18 12:0 a.m.•63 views

SOL15189 - Apache Commons FileUpload vulnerability CVE-2014-0050

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS1.7AI score0.83175EPSS
Exploits8References5
F5 Networks
F5 Networks
•added 2011/05/24 12:0 a.m.•63 views

SOL12853 - OpenSSL vulnerability CVE-2008-7270

F5 Product Development has determined that these specific product versions are not vulnerable to the OpenSSL session cache issue indicated by CVE-2008-7270. While these product versions may allow a client to change the ciphersuite on a subsequent connection, the system allows the client to change...

4.3CVSS6.8AI score0.09497EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/08/23 5:11 p.m.•62 views

K000140784: Apache HTTPD vulnerability CVE-2024-38477

Security Advisory Description null pointer dereference in modproxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue. CVE-2024-38477 Impact Attackers can exploit this...

7.5CVSS7.9AI score0.03153EPSS
Exploits0Affected Software15
F5 Networks
F5 Networks
•added 2023/02/21 8:2 p.m.•62 views

K17246: Linux kernel vulnerability CVE-2015-3636

Security Advisory Description The pingunhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service use-after-free and system crash by...

4.9CVSS7.1AI score0.02472EPSS
Exploits6Affected Software23
F5 Networks
F5 Networks
•added 2023/02/21 8:0 p.m.•62 views

K34985231: PHP vulnerabilities CVE-2016-6288 and CVE-2016-6289

Security Advisory Description CVE-2016-6288 The phpurlparseex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via vectors involving the smartstr data type. CVE-2016-6289 Integer...

9.8CVSS9.4AI score0.05055EPSS
Exploits1Affected Software7
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•62 views

K15699: Linux kernel vulnerability CVE-2014-0131

Security Advisory Description Use-after-free vulnerability in the skbsegment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. CVE-2014-0131 Impact...

2.9CVSS5.4AI score0.00675EPSS
Exploits2Affected Software17
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•62 views

K08250500: Nginx vulnerability CVE-2016-4450

Security Advisory Description os/unix/ngxfiles.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service NULL pointer dereference and worker process crash via a crafted request, involving writing a client request body to a temporary file. CVE-2016-4450...

7.5CVSS7.4AI score0.16376EPSS
Exploits0Affected Software7
F5 Networks
F5 Networks
•added 2023/02/21 7:58 p.m.•62 views

K89095152: PHP vulnerability CVE-2018-17082

Security Advisory Description The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the phphandler function in...

6.1CVSS6.2AI score0.04103EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•62 views

K14335949: Intel processors vulnerability CVE-2022-24436

Security Advisory Description Observable behavioral in power management throttling for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via network access. CVE-2022-24436 also known as hertzbleed Impact Successful exploitation of this vulnerabili...

6.5CVSS6.8AI score0.12124EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•62 views

K98221124: Multiple dnsmasq vulnerabilities CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686

Security Advisory Description CVE-2020-25684 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the...

4.3CVSS6.7AI score0.04873EPSS
Exploits2Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:56 p.m.•62 views

K01934914: Ruby-MySQL vulnerability CVE-2021-3779

Security Advisory Description A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later. CVE-2021-3779 Impact There is no impact; F5 products are...

6.5CVSS6.5AI score0.01107EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•62 views

K35253541: Java vulnerability CVE-2020-14797

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker...

4.3CVSS5.8AI score0.0217EPSS
Exploits0Affected Software15
F5 Networks
F5 Networks
•added 2023/02/21 7:54 p.m.•62 views

K15317908: Apache mod_cluster vulnerability CVE-2016-8612

Security Advisory Description Apache HTTP Server modcluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process. CVE-2016-8612 Impact There is no impact; F5...

4.3CVSS6.2AI score0.04692EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:54 p.m.•62 views

K72453266: Linux kernel vulnerability CVE-2013-2164

Security Advisory Description The mmcioctlcdromreaddata function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. CVE-2013-2164 Impact There is no impact; F5...

2.1CVSS6AI score0.00529EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:50 p.m.•62 views

K38624343: MySQL vulnerabilities CVE-2017-3308, CVE-2017-3456, CVE-2017-3464, and CVE-2020-2780

Security Advisory Description CVE-2017-3308 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged...

7.7CVSS5.8AI score0.03103EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:49 p.m.•62 views

K10772: Linux NULL pointer dereference vulnerability - CVE-2009-2692

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

7.8CVSS6AI score0.14749EPSS
Exploits17
F5 Networks
F5 Networks
•added 2023/02/21 7:30 p.m.•62 views

K17061: Multiple PHP vulnerabilities

Security Advisory Description CVE-2015-4599 The SoapFault::toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service application crash, or possibly execute arbitrary code...

10CVSS8AI score0.11003EPSS
Exploits10Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 6:59 p.m.•62 views

K28409184: Mozilla NSS vulnerability CVE-2020-12413

Security Advisory Description The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites. CVE-2020-12413 Impact This can lead to an attacker being able to compute the pre-master secret i...

5.9CVSS7.5AI score0.00594EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 6:55 p.m.•62 views

K35012672: PHP vulnerability CVE-2014-9705

Security Advisory Description Heap-based buffer overflow in the enchantbrokerrequestdict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries...

7.5CVSS8.6AI score0.19332EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•62 views

K08641512: glibc vulnerability CVE-2020-27618

Security Advisory Description The iconv function in the GNU C Library aka glibc or libc6 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in...

5.5CVSS6.3AI score0.00887EPSS
Exploits1Affected Software15
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•62 views

K04265252: MySQL vulnerabilities CVE-2019-2502, CVE-2019-2503, CVE-2019-2507, CVE-2019-2510, and CVE-2019-2528

Security Advisory Description CVE-2019-2502 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

6.4CVSS5.8AI score0.03443EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•62 views

K23125024: MySQL vulnerabilities CVE-2019-2791, CVE-2019-2795, CVE-2019-2796, CVE-2019-2797, and CVE-2019-2798

Security Advisory Description CVE-2019-2791 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Audit Plug-in. Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with networ...

6.5CVSS5AI score0.02729EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•62 views

K82508682: Linux kernel vulnerability CVE-2017-6074

Security Advisory Description The dccprcvstateprocess function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCPPKTREQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service double free via an applicatio...

7.8CVSS6.4AI score0.0596EPSS
Exploits13Affected Software23
F5 Networks
F5 Networks
•added 2023/02/21 6:49 p.m.•62 views

K61429540: Linux kernel vulnerability CVE-2017-9077

Security Advisory Description The tcpv6synrecvsock function in net/ipv6/tcpipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890...

7.8CVSS6.8AI score0.00724EPSS
Exploits1Affected Software19
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•62 views

K44512851: OpenSSL vulnerability CVE-2017-3732

Security Advisory Description There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to...

5.9CVSS7.2AI score0.15934EPSS
Exploits1Affected Software10
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•62 views

K01955184: Python smtplib library vulnerability CVE-2016-0772

Security Advisory Description The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the...

6.5CVSS7.3AI score0.14524EPSS
Exploits3
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•62 views

K03674368: Linux kernel vulnerability CVE-2021-3715

Security Advisory Description A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate the...

7.8CVSS6.6AI score0.00353EPSS
Exploits2Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:46 p.m.•62 views

K08503505: BIG-IP Edge Client for Windows vulnerability CVE-2021-23022

Security Advisory Description The BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. CVE-2021-23022 Impact This vulnerability can be exploited to allow an unprivileged user to run a specially crafted application to gain privilege escalation on th...

7.8CVSS7.8AI score0.00228EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 6:45 p.m.•62 views

K29154575: ImageMagick vulnerability CVE-2016-3717

Security Advisory Description The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. CVE-2016-3717 Note : This vulnerability is one of the series of vulnerabilities known as ImageTragick. Impact Exploiting this...

7.1CVSS6.2AI score0.2044EPSS
Exploits4Affected Software10
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•62 views

K22526232: Multiple Intel software vulnerabilities

Security Advisory Description CVE-2019-14629 INTEL-SA-00332 Improper access control in driver for IntelR VTuneTM Amplifier for Windows before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2019-14615 INTEL-SA-00314 Insufficient control...

7.8CVSS7.5AI score0.01447EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•62 views

K05345625: Linux kernel vulnerability CVE-2018-10872

Security Advisory Description A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first...

6.5CVSS6.2AI score0.00465EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•62 views

K01311313: Linux kernel vulnerability CVE-2021-3612

Security Advisory Description An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the...

7.8CVSS6.9AI score0.00693EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•62 views

K11165942: Linux kernel vulnerability CVE-2018-18710

Security Advisory Description An issue was discovered in the Linux kernel through 4.19. An information leak in cdromioctlselectdisc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is...

5.5CVSS6.2AI score0.00501EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•62 views

K14845276: OpenSSH vulnerability CVE-2016-6210

Security Advisory Description When SSHD tries to authenticate a non-existing user, it will pick up a fake password structure hard-coded in the SSHD source code. An attacker can measure timing information to determine if a user exists when verifying a password. CVE-2016-6210 Impact This...

5.9CVSS6.7AI score0.88944EPSS
Exploits12Affected Software19
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•62 views

K62178133: Linux kernel vulnerability CVE-2017-14106

Security Advisory Description The tcpdisconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service tcpselectwindow divide-by-zero error and system crash by triggering a disconnect within a certain tcprecvmsg code path. CVE-2017-14106 Impact ...

5.5CVSS6.2AI score0.00445EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•62 views

K82896488: Cyrus SASL vulnerability CVE-2022-24407

Security Advisory Description In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. CVE-2022-24407 Impact Failure to properly escape SQL input allows an attacker to run arbitrary SQL commands. Security Advisory Status F...

8.8CVSS8.7AI score0.04123EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:32 p.m.•62 views

K53092542: Linux kernel vulnerability CVE-2021-20226

Security Advisory Description A use-after-free flaw was found in the iouring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations ...

7.8CVSS7AI score0.0044EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:30 p.m.•62 views

K12543: OpenSSL vulnerability CVE-2010-4180

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

4.3CVSS7.2AI score0.09497EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:29 p.m.•62 views

K15679: UEFI EDK2 Capsule Update vulnerabilities CVE-2014-4859 / CVE-2014-4860

Security Advisory Description CVE-2014-4859 During the Drive Execution Environment DXE phase of the UEFI boot process, the contents of the capsule image are parsed during processing. An integer overflow vulnerability exists in the capsule processing phase that can cause the allocation of a buffer...

7.2CVSS7.5AI score0.00587EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:26 p.m.•62 views

K16898: PKCS #7 vulnerability CVE-2015-1790

Security Advisory Description The PKCS7dataDecodefunction in crypto/pkcs7/pk7doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a PKCS7 blob tha...

5CVSS6.7AI score0.22899EPSS
Exploits0Affected Software20
F5 Networks
F5 Networks
•added 2023/02/21 6:17 p.m.•62 views

K70517410: The BIG-IP ASM CSRF token may fail to renew when the original web server renews its session

Security Advisory Description This issue occurs when all of the following conditions are met: The BIG-IP ASM cross-site request forgery CSRF protection feature is enabled in a security policy. The CSRF token CSRT expiration time is disabled by default in the security policy. The original web serv...

6.5AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:15 p.m.•62 views

K31301245: TMUI CSRF vulnerability CVE-2020-5904

Security Advisory Description A cross-site request forgery CSRF vulnerability in the Traffic Management User Interface TMUI, also referred to as the Configuration utility, exists in an undisclosed page. CVE-2020-5904 Impact An attacker may be able to use the session of an administrator user to...

8.8CVSS8.5AI score0.00557EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 6:14 p.m.•62 views

K21462542: OpenSSL vulnerability CVE-2017-3735

Security Advisory Description While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then...

5.3CVSS6.6AI score0.17699EPSS
Exploits0Affected Software17
F5 Networks
F5 Networks
•added 2023/02/21 6:7 p.m.•62 views

K36462841: Linux kernel vulnerability CVE-2018-18281

Security Advisory Description Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that...

7.8CVSS6.7AI score0.01061EPSS
Exploits2Affected Software16
F5 Networks
F5 Networks
•added 2022/03/17 10:2 p.m.•62 views

Intel CPU vulnerabilities CVE-2021-0107 and CVE-2021-0111

CVE-2021-0107 Unchecked return value in the firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-0111 NULL pointer dereference in the firmware for some IntelR Processors may allow a privileged user to potentially...

6.7CVSS6.8AI score0.00299EPSS
Exploits0
F5 Networks
F5 Networks
•added 2016/11/28 12:0 a.m.•62 views

SOL43167094 - Apache Struts 2 vulnerability CVE-2016-6795

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

9.8CVSS2.8AI score0.08438EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2016/05/23 12:0 a.m.•62 views

SOL35240323 - PHP Vulnerability CVE-2016-4539

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

9.8CVSS1.7AI score0.06229EPSS
Exploits1References5
F5 Networks
F5 Networks
•added 2016/05/13 12:0 a.m.•62 views

SOL10550253 - ImageMagick vulnerability CVE-2016-3715

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

10CVSS2AI score0.97485EPSS
Exploits13References9
Total number of security vulnerabilities5000