Lucene search
K

6396 matches found

F5 Networks
F5 Networks
added 2016/05/23 12:0 a.m.63 views

SOL35240323 - PHP Vulnerability CVE-2016-4539

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

9.8CVSS1.7AI score0.06229EPSS
Exploits1References5
F5 Networks
F5 Networks
added 2016/05/13 12:0 a.m.63 views

SOL10550253 - ImageMagick vulnerability CVE-2016-3715

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

10CVSS2AI score0.97485EPSS
Exploits13References9
F5 Networks
F5 Networks
added 2016/04/27 12:0 a.m.63 views

SOL93532943 - SSHD session.c vulnerability CVE-2016-3115

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

6.4CVSS1.8AI score0.37016EPSS
Exploits13References9
F5 Networks
F5 Networks
added 2016/02/18 12:0 a.m.63 views

SOL62655427 - libjpeg-turbo vulnerability CVE-2013-6630

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5CVSS2.5AI score0.02131EPSS
Exploits0References8
F5 Networks
F5 Networks
added 2015/11/04 12:0 a.m.63 views

SOL17543 - Linux kernel vulnerability CVE-2014-9420

Although the software of the affected F5 products contains the vulnerable code, the affected F5 products do not use the vulnerable code in a way that exposes the vulnerability in a standard configuration. An attacker must have local shell access to the affected F5 products to trigger an exploit...

4.9CVSS0.2AI score0.00452EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2015/08/31 12:0 a.m.63 views

SOL17201 - Apache HTTP server vulnerability CVE-2008-0455

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

4.3CVSS0.2AI score0.6477EPSS
Exploits1References6
F5 Networks
F5 Networks
added 2015/04/02 12:0 a.m.63 views

SOL16354 - Multiple JavaSE client-side vulnerabilities

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy...

10CVSS3.1AI score0.06877EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2015/04/02 12:0 a.m.63 views

SOL16321 - OpenSSL vulnerability CVE-2015-0293

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5CVSS0.7AI score0.21247EPSS
Exploits0References11
F5 Networks
F5 Networks
added 2014/12/11 12:0 a.m.63 views

SOL15905 - Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

5CVSS1.4AI score0.3038EPSS
Exploits5References4
F5 Networks
F5 Networks
added 2014/06/19 12:0 a.m.63 views

SOL15359 - OpenSSL vulnerability CVE-2009-1378

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

5CVSS2.7AI score0.12746EPSS
Exploits12References4
F5 Networks
F5 Networks
added 2014/05/20 12:0 a.m.63 views

SOL15274 - TCP reassembly vulnerability CVE-2014-3000

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. If your LineRate...

7.8CVSS0.9AI score0.12824EPSS
Exploits0References14
F5 Networks
F5 Networks
added 2007/05/16 12:0 a.m.63 views

SOL5533 - Potential protocol version rollback vulnerability in OpenSSL - CVE-2005-2969

It is possible that customers using non-default SSL options could be exposed to this vulnerability in the BIG-IP LTM Configuration utility, SSL terminating virtual servers, and bundled utilities. F5 tracked this problem as CR55070, CR55145, CR55203, CR55204, CR55283, CR55426, CR55588, and CR63465...

5CVSS2.8AI score0.04866EPSS
Exploits0
F5 Networks
F5 Networks
added 2025/02/05 2:13 p.m.62 views

K000149173: NGINX TLS session resumption vulnerability CVE-2025-23419

Security Advisory Description When name-based virtual hosts are configured to share the same IP address and port combination, with TLS 1.3 and OpenSSL, a previously authenticated attacker can use session resumption to bypass client certificate authentication requirements on these servers. This...

5.3CVSS5.6AI score0.02646EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
added 2024/09/09 10:1 p.m.62 views

K000141008: RADIUS authentication vulnerability CVE-2024-3596

Security Advisory Description RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator...

9CVSS7.2AI score0.14859EPSS
Exploits2Affected Software16
F5 Networks
F5 Networks
added 2024/02/23 12:40 a.m.62 views

K000138693: Linux kernel vulnerabilities CVE-2023-4206, CVE-2023-4207, and CVE-2023-4208

Security Advisory Description CVE-2023-4206 A use-after-free vulnerability in the Linux kernel's net/sched: clsroute component can be exploited to achieve local privilege escalation. When route4change is called on an existing filter, the whole tcfresult struct is always copied into the new instan...

7.8CVSS7AI score0.00565EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2024/01/29 5:4 p.m.62 views

K000138392: Apache Tomcat vulnerability CVE-2024-21733

Security Advisory Description Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which...

5.3CVSS7.3AI score0.14286EPSS
Exploits3
F5 Networks
F5 Networks
added 2023/02/21 8:2 p.m.62 views

K17246: Linux kernel vulnerability CVE-2015-3636

Security Advisory Description The pingunhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service use-after-free and system crash by...

4.9CVSS7.1AI score0.02472EPSS
Exploits6Affected Software23
F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.62 views

K45752041: Samba vulnerability CVE-2021-44141

Security Advisory Description All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in...

4.3CVSS6.2AI score0.01097EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.62 views

K34985231: PHP vulnerabilities CVE-2016-6288 and CVE-2016-6289

Security Advisory Description CVE-2016-6288 The phpurlparseex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via vectors involving the smartstr data type. CVE-2016-6289 Integer...

9.8CVSS9.4AI score0.05055EPSS
Exploits1Affected Software7
F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.62 views

K95432245: PHP vulnerability CVE-2016-5768

Security Advisory Description Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application...

9.8CVSS9.2AI score0.0963EPSS
Exploits1Affected Software21
F5 Networks
F5 Networks
added 2023/02/21 7:59 p.m.62 views

K08250500: Nginx vulnerability CVE-2016-4450

Security Advisory Description os/unix/ngxfiles.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service NULL pointer dereference and worker process crash via a crafted request, involving writing a client request body to a temporary file. CVE-2016-4450...

7.5CVSS7.4AI score0.16376EPSS
Exploits0Affected Software7
F5 Networks
F5 Networks
added 2023/02/21 7:56 p.m.62 views

K01934914: Ruby-MySQL vulnerability CVE-2021-3779

Security Advisory Description A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later. CVE-2021-3779 Impact There is no impact; F5 products are...

6.5CVSS6.5AI score0.01107EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 7:55 p.m.62 views

K35253541: Java vulnerability CVE-2020-14797

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker...

4.3CVSS5.8AI score0.0217EPSS
Exploits0Affected Software15
F5 Networks
F5 Networks
added 2023/02/21 7:54 p.m.62 views

K72453266: Linux kernel vulnerability CVE-2013-2164

Security Advisory Description The mmcioctlcdromreaddata function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. CVE-2013-2164 Impact There is no impact; F5...

2.1CVSS6AI score0.00529EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 7:50 p.m.62 views

K38624343: MySQL vulnerabilities CVE-2017-3308, CVE-2017-3456, CVE-2017-3464, and CVE-2020-2780

Security Advisory Description CVE-2017-3308 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged...

7.7CVSS5.8AI score0.03078EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:30 p.m.62 views

K17061: Multiple PHP vulnerabilities

Security Advisory Description CVE-2015-4599 The SoapFault::toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service application crash, or possibly execute arbitrary code...

10CVSS8AI score0.11003EPSS
Exploits10Affected Software18
F5 Networks
F5 Networks
added 2023/02/21 7:2 p.m.62 views

K71960814: OpenSSH vulnerability CVE-2016-1908

Security Advisory Description The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by...

9.8CVSS7.8AI score0.13736EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
added 2023/02/21 6:59 p.m.62 views

K28409184: Mozilla NSS vulnerability CVE-2020-12413

Security Advisory Description The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites. CVE-2020-12413 Impact This can lead to an attacker being able to compute the pre-master secret i...

5.9CVSS7.5AI score0.00594EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
added 2023/02/21 6:55 p.m.62 views

K35012672: PHP vulnerability CVE-2014-9705

Security Advisory Description Heap-based buffer overflow in the enchantbrokerrequestdict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries...

7.5CVSS8.6AI score0.19203EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.62 views

K82508682: Linux kernel vulnerability CVE-2017-6074

Security Advisory Description The dccprcvstateprocess function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCPPKTREQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service double free via an applicatio...

7.8CVSS6.4AI score0.0596EPSS
Exploits13Affected Software23
F5 Networks
F5 Networks
added 2023/02/21 6:49 p.m.62 views

K61429540: Linux kernel vulnerability CVE-2017-9077

Security Advisory Description The tcpv6synrecvsock function in net/ipv6/tcpipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890...

7.8CVSS6.8AI score0.00724EPSS
Exploits1Affected Software19
F5 Networks
F5 Networks
added 2023/02/21 6:47 p.m.62 views

K44512851: OpenSSL vulnerability CVE-2017-3732

Security Advisory Description There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to...

5.9CVSS7.2AI score0.15934EPSS
Exploits1Affected Software10
F5 Networks
F5 Networks
added 2023/02/21 6:47 p.m.62 views

K84024430: Linux kernel vulnerability CVE-2017-7542

Security Advisory Description The ip6find1stfragopt function in net/ipv6/outputcore.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service integer overflow and infinite loop by leveraging the ability to open a raw socket. CVE-2017-7542 Impact This vulnerability allow...

5.5CVSS6.3AI score0.00454EPSS
Exploits0Affected Software19
F5 Networks
F5 Networks
added 2023/02/21 6:46 p.m.62 views

K08503505: BIG-IP Edge Client for Windows vulnerability CVE-2021-23022

Security Advisory Description The BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. CVE-2021-23022 Impact This vulnerability can be exploited to allow an unprivileged user to run a specially crafted application to gain privilege escalation on th...

7.8CVSS7.8AI score0.00228EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.62 views

K11165942: Linux kernel vulnerability CVE-2018-18710

Security Advisory Description An issue was discovered in the Linux kernel through 4.19. An information leak in cdromioctlselectdisc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is...

5.5CVSS6.2AI score0.00501EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.62 views

K23151384: Sudo vulnerabilities CVE-2017-1000367 and CVE-2017-1000368

Security Advisory Description CVE-2017-1000367 Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation embedded spaces in the getprocessttyname function resulting in information disclosure and command execution. CVE-2017-1000368 Todd Miller's sudo version 1.8.20p1 and...

8.2CVSS7.3AI score0.08018EPSS
Exploits8
F5 Networks
F5 Networks
added 2023/02/21 6:15 p.m.62 views

K31301245: TMUI CSRF vulnerability CVE-2020-5904

Security Advisory Description A cross-site request forgery CSRF vulnerability in the Traffic Management User Interface TMUI, also referred to as the Configuration utility, exists in an undisclosed page. CVE-2020-5904 Impact An attacker may be able to use the session of an administrator user to...

8.8CVSS8.5AI score0.00557EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
added 2023/02/21 6:14 p.m.62 views

K21462542: OpenSSL vulnerability CVE-2017-3735

Security Advisory Description While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then...

5.3CVSS6.6AI score0.17699EPSS
Exploits0Affected Software17
F5 Networks
F5 Networks
added 2023/02/21 6:7 p.m.62 views

K49229034: Sudo vulnerabilities CVE-2014-9680, CVE-2016-7032, CVE-2016-7076, and CVE-2016-7077

Security Advisory Description CVE-2014-9680 sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as...

7.8CVSS6.8AI score0.01366EPSS
Exploits2
F5 Networks
F5 Networks
added 2023/02/21 6:7 p.m.62 views

K45991967: PHP vulnerability CVE-2020-7060

Security Advisory Description When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbflfiltconvbig5wchar to read past the allocated buffer. This may...

9.1CVSS7AI score0.08888EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 5:33 p.m.62 views

K52470083: Apache vulnerability CVE-2010-0408

Security Advisory Description The approxyajprequest function in modproxyajp.c in modproxyajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service backend server...

5CVSS8.1AI score0.20787EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/01 1:56 p.m.62 views

K000130496: Overview of F5 vulnerabilities (February 2023)

Security Advisory Description On February 1, 2023, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associate...

8.5CVSS7.3AI score0.72646EPSS
Exploits0
F5 Networks
F5 Networks
added 2022/03/17 10:2 p.m.62 views

Intel CPU vulnerabilities CVE-2021-0107 and CVE-2021-0111

CVE-2021-0107 Unchecked return value in the firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-0111 NULL pointer dereference in the firmware for some IntelR Processors may allow a privileged user to potentially...

6.7CVSS6.8AI score0.00299EPSS
Exploits0
F5 Networks
F5 Networks
added 2016/11/15 12:0 a.m.62 views

SOL35232053 - PHP vulnerability CVE-2016-7125

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS1.7AI score0.0578EPSS
Exploits1References4
F5 Networks
F5 Networks
added 2016/09/26 12:0 a.m.62 views

SOL72255110 - MySQL vulnerability CVE-2016-6662

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

10CVSS2.7AI score0.6773EPSS
Exploits16References4
F5 Networks
F5 Networks
added 2016/06/17 12:0 a.m.62 views

SOL41739114 - Linux kernel vulnerability CVE-2014-6410

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

4.7CVSS3.2AI score0.0051EPSS
Exploits1References12
F5 Networks
F5 Networks
added 2016/01/07 12:0 a.m.62 views

SOL75136237 - Privilege escalation vulnerability CVE-2015-7393

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.4CVSS1.8AI score0.0034EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2015/07/02 12:0 a.m.62 views

SOL16835 - ICU overflow vulnerabilities CVE-2014-8146 and CVE-2014-8147

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

7.5CVSS1.7AI score0.2447EPSS
Exploits4References6
F5 Networks
F5 Networks
added 2015/04/22 12:0 a.m.62 views

SOL16477 - Linux kernel vulnerability CVE-2010-2524

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

7.8CVSS0.7AI score0.00423EPSS
Exploits1References5
F5 Networks
F5 Networks
added 2015/04/13 12:0 a.m.62 views

SOL16429 - Linux kernel vulnerability CVE-2015-0239

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy...

4.4CVSS3.5AI score0.00643EPSS
Exploits1References3
Total number of security vulnerabilities5000