Lucene search
K

6401 matches found

F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•57 views

K39712275: PHP vulnerability CVE-2016-7414

Security Advisory Description The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressedfilesize field is large enough, which allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have unspecified...

9.8CVSS9AI score0.06842EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:52 p.m.•57 views

K16475: Multiple Sun Java vulnerabilities

Security Advisory Description CVE-2007-3655 Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file. CVE-2007-3716 The Java XML...

10CVSS10AI score0.16899EPSS
Exploits3
F5 Networks
F5 Networks
•added 2023/02/21 6:49 p.m.•57 views

K81211720: Linux kernel vulnerability CVE-2017-6214

Security Advisory Description The tcpspliceread function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service infinite loop and soft lockup via vectors involving a TCP packet with the URG flag. CVE-2017-6214 Impact An attacker, using a specially...

7.5CVSS6.9AI score0.04666EPSS
Exploits0Affected Software23
F5 Networks
F5 Networks
•added 2023/02/21 6:49 p.m.•57 views

K01106224: Java SE vulnerability CVE-2019-2964

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Concurrency. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker...

4.3CVSS4.9AI score0.03533EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:49 p.m.•57 views

K26346590: GNU C Library vulnerabilities CVE-2019-9192 and CVE-2018-20796

Security Advisory Description CVE-2019-9192 DISPUTED In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '|\\1\\1' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that...

7.5CVSS7.4AI score0.05804EPSS
Exploits2
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•57 views

K87046687: VMware Tools vulnerability CVE-2022-31676

Security Advisory Description VMware Tools 12.0.0, 11.x.y and 10.x.y contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. CVE-2022-31676 Impact A local,...

7.8CVSS7.1AI score0.0054EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•57 views

K91125274: RubyGems vulnerability CVE-2017-0903

Security Advisory Description RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code...

9.8CVSS8.8AI score0.15853EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•57 views

K21054458: Eclipse Jetty vulnerability CVE-2017-7656

Security Advisory Description In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, HTTP/0.9 is handled poorly. An HTTP/1 style request line i.e. method space URI space version that declares a version of HTTP/0.9...

7.5CVSS7.1AI score0.06239EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•57 views

K01249564: Linux kernel vulnerability CVE-2020-27786

Security Advisory Description A flaw was found in the Linux kernel's implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes t...

7.8CVSS6.6AI score0.01672EPSS
Exploits2
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•57 views

K11307303: OpenSSL vulnerability CVE-2016-8610

Security Advisory Description A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an...

7.5CVSS7.4AI score0.39657EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:46 p.m.•57 views

K21430012: Linux kernel vulnerability CVE-2018-16884

Security Advisory Description A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host...

8CVSS6.8AI score0.01455EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:45 p.m.•57 views

K43541501: Intel CPU vulnerabilities CVE-2022-21131 and CVE-2022-21136

Security Advisory Description CVE-2022-21131 Improper access control for some IntelR XeonR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21136 Improper input validation for some IntelR XeonR Processors may allow a privileged use...

5.5CVSS4.9AI score0.00288EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•57 views

K32469285: Apache Tomcat vulnerability CVE-2021-33037

Security Advisory Description Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat...

5.3CVSS7.9AI score0.75353EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•57 views

K83271321: procps-ng vulnerability CVE-2018-1126

Security Advisory Description procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc. leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. CVE-2018-1126 Impact A local attacker may be able cause an integer overflow that negatively...

9.8CVSS7.6AI score0.01993EPSS
Exploits5Affected Software16
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•57 views

K45501314: Linux kernel vulnerability CVE-2019-20636

Security Advisory Description In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by inputsetkeycode, aka CID-cb222aed03d7. CVE-2019-20636 Impact A local user with root access can insert garbage to this keycode table that...

7.2CVSS6.5AI score0.00384EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•57 views

K01176681: Intel(R) Kernelflinger vulnerability CVE-2021-33137

Security Advisory Description Out-of-bounds write in the IntelR Kernelflinger project may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2021-33137 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...

7.8CVSS7.7AI score0.00241EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•57 views

K41877405: BIG-IP TMUI vulnerability CVE-2022-27659

Security Advisory Description An authenticated attacker can modify or delete Dashboards created by other BIG-IP users in the Traffic Management User Interface TMUI. CVE-2022-27659 Impact This vulnerability may allow an authenticated attacker with network access to the TMUI, also referred to as th...

4.3CVSS4.5AI score0.00452EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•57 views

K13213573: Linux kernel vulnerability CVE-2012-6701

Security Advisory Description Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. CVE-2012-6701 Impact This vulnerability allows for a disruption of service. Security Advisor...

7.8CVSS8.1AI score0.00354EPSS
Exploits0Affected Software17
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•57 views

K03202240: FFmpeg vulnerabilities CVE-2016-1897 and CVE-2016-1898

Security Advisory Description CVE-2016-1897 FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming HLS M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a...

5.5CVSS5.7AI score0.14621EPSS
Exploits3
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•57 views

K03007515: Linux kernel vulnerabilities CVE-2018-7755 and CVE-2019-14283

Security Advisory Description CVE-2018-7755 An issue was discovered in the fdlockedioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl an...

6.8CVSS6.3AI score0.00734EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:19 p.m.•57 views

K17236: Apache HTTP server vulnerability CVE-2015-3185

Security Advisory Description The apsomeauthrequired function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass...

4.3CVSS6.4AI score0.18795EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:19 p.m.•57 views

K16826: PHP vulnerability CVE-2015-4024

Security Advisory Description Algorithmic complexity vulnerability in the multipartbufferheaders function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service CPU consumption via crafted form data that triggers an...

5CVSS8.6AI score0.50129EPSS
Exploits1Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 6:12 p.m.•57 views

K17132: Linux kernel vulnerability CVE-2014-8133

Security Advisory Description arch/x86/kernel/tls.c in the Thread Local Storage TLS implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a craft...

2.1CVSS5.8AI score0.00583EPSS
Exploits0Affected Software9
F5 Networks
F5 Networks
•added 2023/02/21 5:33 p.m.•57 views

K34250741: BIND vulnerability CVE-2015-8000

Security Advisory Description db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a malformed class attribute. CVE-2015-8000 Impact An attack may cause a denial-of-service DoS ...

5CVSS7.1AI score0.5469EPSS
Exploits0Affected Software21
F5 Networks
F5 Networks
•added 2023/02/21 4:17 p.m.•57 views

K15638: Python vulnerability CVE-2013-4238

Security Advisory Description The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL server...

4.3CVSS7.8AI score0.05347EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/01/03 5:34 p.m.•58 views

K83430580: SAMBA vulnerability CVE-2022-42898

Security Advisory Description PAC parsing in MIT Kerberos 5 aka krb5 before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution in KDC, kadmind, or a GSS or Kerberos application server on 32-bit platforms which have a resultant heap-based buffer overflow,...

8.8CVSS7.1AI score0.06419EPSS
Exploits1
F5 Networks
F5 Networks
•added 2016/11/21 12:0 a.m.•57 views

SOL24311131 - MySQL vulnerability CVE-2016-3492

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

6.8CVSS2.7AI score0.06499EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2016/11/07 12:0 a.m.•57 views

SOL02254805 - InfiniBand vulnerability in the Linux Kernel CVE-2016-4565

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

7.8CVSS2.6AI score0.00483EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2016/10/10 12:0 a.m.•57 views

SOL42219132 - OpenSSL vulnerability CVE-2016-6309

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

10CVSS2.7AI score0.70223EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2016/05/25 12:0 a.m.•57 views

SOL68942513 - Java vulnerability CVE-2013-5780

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

4.3CVSS1.9AI score0.03433EPSS
Exploits0References7
F5 Networks
F5 Networks
•added 2016/05/10 12:0 a.m.•57 views

SOL35358312 - TCP vulnerability CVE-2015-8099

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.9CVSS0.5AI score0.01998EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2016/02/16 12:0 a.m.•57 views

SOL47098834 - glibc vulnerability CVE-2015-7547

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

8.1CVSS2.9AI score0.89557EPSS
Exploits17References7
F5 Networks
F5 Networks
•added 2015/12/15 12:0 a.m.•57 views

SOL59010802 - Multiple MySQL vulnerabilities

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.2CVSS2.1AI score0.30146EPSS
Exploits6References4
F5 Networks
F5 Networks
•added 2015/11/20 12:0 a.m.•57 views

SOL93203055 - Java vulnerability CVE-2015-4872

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5CVSS1.1AI score0.03703EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2015/09/25 12:0 a.m.•57 views

SOL17321 - Linux kernel UDF vulnerability CVE-2015-4167

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

4.7CVSS0.1AI score0.00434EPSS
Exploits0References7
F5 Networks
F5 Networks
•added 2015/09/03 12:0 a.m.•57 views

SOL17227 - BIND vulnerability CVE-2015-5986

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.1CVSS1.8AI score0.26071EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2015/07/10 12:0 a.m.•57 views

SOL16950 - SQLite vulnerability CVE-2015-3416

Although the software of the affected F5 products contain the vulnerable code, the affected F5 products do not use the vulnerable code in a way which exposes the vulnerability in a standard configuration. An attacker must have local shell access to the affected F5 products to trigger an exploit...

7.5CVSS0.3AI score0.05531EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2015/04/24 12:0 a.m.•57 views

SOL16489 - Multiple Linux Kernel security vulnerabilities CVE-2010-3848, CVE-2010-3849, and CVE-2010-3850

Note: As of February 17, 2005, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

6.9CVSS0.2AI score0.00801EPSS
Exploits11References13
F5 Networks
F5 Networks
•added 2015/04/02 12:0 a.m.•57 views

SOL16352 - Multiple OpenJDK vulnerabilities

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy...

10CVSS3.2AI score0.67234EPSS
Exploits5References3
F5 Networks
F5 Networks
•added 2014/10/27 12:0 a.m.•57 views

SOL15748 - BIND vulnerability CVE-2010-0290

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custo...

4CVSS3.5AI score0.07952EPSS
Exploits1References8
F5 Networks
F5 Networks
•added 2014/10/27 12:0 a.m.•57 views

SOL15741 - Apache Commons HttpClient vulnerability CVE-2012-6153

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

5.8CVSS2.1AI score0.09254EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2014/10/09 12:0 a.m.•57 views

SOL15683 - Ruby vulnerability CVE-2013-4073

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

6.8CVSS2.7AI score0.05741EPSS
Exploits4References4
F5 Networks
F5 Networks
•added 2014/10/09 12:0 a.m.•57 views

SOL15663 - MD2 Message-Digest Algorithm vulnerability CVE-2009-2409

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

5.1CVSS2.7AI score0.04506EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2014/09/04 12:0 a.m.•57 views

SOL15561 - Kerberos vulnerability CVE-2014-4344

Vulnerability Recommended Actions You can eliminate this vulnerability by running a version listed in the Versions known to be not vulnerable column in the above tables. If the Versions known to be not vulnerable column does not list a version that is higher than the version you are running, then...

7.8CVSS1.4AI score0.06614EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2014/06/02 12:0 a.m.•57 views

SOL15304 - Linux kernel tcp_rcv_state_process vulnerability CVE-2012-6638

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. F5 recommends that...

7.8CVSS1.3AI score0.03336EPSS
Exploits1References7
F5 Networks
F5 Networks
•added 2013/08/15 12:0 a.m.•57 views

SOL14601 - BIND vulnerability CVE-2012-5689

Vulnerability Recommended Actions If using DNS64 and RPZs together, you can mitigate this vulnerability by verifying that the RPZ contains an AAAA rewrite rule for every A rewrite rule in the zone. If the RPZ provides an AAAA answer without the assistance of DNS64, the vulnerability is not...

7.1CVSS0.9AI score0.12036EPSS
Exploits1References6
F5 Networks
F5 Networks
•added 2012/11/02 12:0 a.m.•57 views

SOL13993 - Cross-site URL redirection attack vulnerability CVE-2009-4017

Vulnerability Recommended Actions Upgrade FirePass to the latest hotfix. Acknowledgements F5 would like to acknowledge Aung Khant of YGN Ethical Hacker Group, Myanmar for bringing this issue to our attention, and for following the highest standards of responsible disclosure. Supplemental...

5CVSS0.6AI score0.12041EPSS
Exploits0References6
F5 Networks
F5 Networks
•added 2009/10/27 12:0 a.m.•57 views

SOL3631 - Stack-based buffer overflow in Apache - CAN-2004-0488

Vulnerability description and product information: Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code by way of a client certificate with a long...

7.5CVSS1.7AI score0.37681EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/08/14 10:2 p.m.•56 views

K000140711: Python urllib3 vulnerability CVE-2024-37891

Security Advisory Description urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy suppor...

6.5CVSS8.2AI score0.01141EPSS
Exploits1Affected Software12
F5 Networks
F5 Networks
•added 2023/11/14 11:42 p.m.•56 views

K000137584: Linux kernel vulnerability CVE-2023-1829

Security Advisory Description A use-after-free vulnerability in the Linux Kernel traffic control index filter tcindex can be exploited to achieve local privilege escalation. The tcindexdelete function which does not properly deactivate filters in case of a perfect hashes while deleting the...

7.8CVSS7.1AI score0.01037EPSS
Exploits1Affected Software1
Total number of security vulnerabilities5000