F5 - Page 33 of F5 Most Viewed Vulnerabilities List

7.5CVSS7.8AI score0.05289EPSS

K27053426: Spring data XML vulnerability CVE-2018-1259

Security Advisory Description Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library...

6.5CVSS6.3AI score0.00613EPSS

K38893457: BIG-IP DNS TMUI vulnerability CVE-2022-33947

Security Advisory Description A vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface TMUI that allows an authenticated attacker with at least operator role privileges to cause the Tomcat process to restart and perform unauthorized DNS requests and operatio...

Exploits0Affected Software1

7.5CVSS6.4AI score0.1014EPSS

K92665308: Apache Tomcat vulnerabilities CVE-2017-7674 and CVE-2017-7675

Security Advisory Description CVE-2017-7674 The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache...

5.9CVSS7AI score0.07201EPSS

K42910051: OpenSSL vulnerability CVE-2020-1971

Security Advisory Description The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not...

Exploits3Affected Software18

7.8CVSS6.5AI score0.00564EPSS

K98155950: Linux kernel vulnerability CVE-2018-19824

Security Advisory Description In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device with zero interfaces that is mishandled in usbaudioprobe in sound/usb/card.c. CVE-2018-19824 Impact There is no impact; F5...

7.5CVSS7.8AI score0.11296EPSS

K96223611: BIND vulnerability CVE-2021-25215

Security Advisory Description In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named...

Exploits0Affected Software14

9.8CVSS9AI score0.06898EPSS

K39712275: PHP vulnerability CVE-2016-7414

Security Advisory Description The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressedfilesize field is large enough, which allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have unspecified...

9.8CVSS7.8AI score0.7444EPSS

K62789814: Quagga bgpd vulnerabilities CVE-2018-5378, CVE-2018-5379, CVE-2018-5380, and CVE-2018-5381

Security Advisory Description CVE-2018-5378 The Quagga BGP daemon bgpd prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash...

F5 Networks•added 2023/02/21 6:49 p.m.•54 views

K81211720: Linux kernel vulnerability CVE-2017-6214

Security Advisory Description The tcpspliceread function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service infinite loop and soft lockup via vectors involving a TCP packet with the URG flag. CVE-2017-6214 Impact An attacker, using a specially...

7.5CVSS6.9AI score0.04666EPSS

Exploits0Affected Software23

F5 Networks•added 2023/02/21 6:49 p.m.•54 views

K26346590: GNU C Library vulnerabilities CVE-2019-9192 and CVE-2018-20796

Security Advisory Description CVE-2019-9192 DISPUTED In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '|\\1\\1' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that...

7.5CVSS7.4AI score0.05804EPSS

Exploits2

F5 Networks•added 2023/02/21 6:48 p.m.•54 views

K17321: Linux kernel UDF vulnerability CVE-2015-4167

Security Advisory Description The udfreadinode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service incorrect data representation or integer overflow, and OOPS via a crafted UDF filesystem...

4.7CVSS6.4AI score0.00434EPSS

Exploits0Affected Software5

F5 Networks•added 2023/02/21 6:48 p.m.•54 views

K21054458: Eclipse Jetty vulnerability CVE-2017-7656

Security Advisory Description In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, HTTP/0.9 is handled poorly. An HTTP/1 style request line i.e. method space URI space version that declares a version of HTTP/0.9...

7.5CVSS7.1AI score0.06411EPSS

Exploits0Affected Software14

7.8CVSS6.6AI score0.01659EPSS

K01249564: Linux kernel vulnerability CVE-2020-27786

Security Advisory Description A flaw was found in the Linux kernel's implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes t...

Exploits2

7.5CVSS7.4AI score0.39657EPSS

K11307303: OpenSSL vulnerability CVE-2016-8610

Security Advisory Description A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an...

Exploits1Affected Software1

7.5CVSS7.8AI score0.54164EPSS

K07944249: Node.js vulnerability CVE-2020-8277

Security Advisory Description A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions 15.2.1, 14.15.1, and 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is...

Exploits0Affected Software15

7.5CVSS7.6AI score0.01285EPSS

K01369521: bind vulnerability CVE-2022-0667

Security Advisory Description When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 CVE-2022-0667 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for...

F5 Networks•added 2023/02/21 6:46 p.m.•54 views

K03451253: Java vulnerabilities CVE-2018-3150, CVE-2018-3157, and CVE-2018-13785

Security Advisory Description CVE-2018-3150 Vulnerability in the Java SE component of Oracle Java SE subcomponent: Utility. The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

6.5CVSS4.3AI score0.0447EPSS

F5 Networks•added 2023/02/21 6:46 p.m.•54 views

K91040959: Polkit vulnerabilities CVE-2018-1116 and CVE-2018-19788

Security Advisory Description CVE-2018-1116 A flaw was found in polkit before version 0.116. The implementation of the polkitbackendinteractiveauthoritycheckauthorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users...

9CVSS7AI score0.11483EPSS

F5 Networks•added 2023/02/21 6:35 p.m.•54 views

K32469285: Apache Tomcat vulnerability CVE-2021-33037

Security Advisory Description Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat...

5.3CVSS7.9AI score0.75353EPSS

Exploits1Affected Software1

F5 Networks•added 2023/02/21 6:35 p.m.•54 views

K83271321: procps-ng vulnerability CVE-2018-1126

Security Advisory Description procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc. leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. CVE-2018-1126 Impact A local attacker may be able cause an integer overflow that negatively...

9.8CVSS7.6AI score0.01993EPSS

Exploits5Affected Software16

7.2CVSS6.5AI score0.00384EPSS

K45501314: Linux kernel vulnerability CVE-2019-20636

Security Advisory Description In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by inputsetkeycode, aka CID-cb222aed03d7. CVE-2019-20636 Impact A local user with root access can insert garbage to this keycode table that...

Exploits0Affected Software1

7.8CVSS6.8AI score0.11127EPSS

K38472857: Kernel vulnerability CVE-2016-8655

Security Advisory Description Race condition in net/packet/afpacket.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service use-after-free by leveraging the CAPNETRAW capability to change a socket version, related to the packetsetring and...

Exploits16

8.6CVSS9.4AI score0.0464EPSS

K51390683: PHP vulnerabilities CVE-2016-5094 and CVE-2016-5095

Security Advisory Description CVE-2016-5094 Integer overflow in the phphtmlentities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from...

Exploits0Affected Software18

4.3CVSS4.5AI score0.00443EPSS

K41877405: BIG-IP TMUI vulnerability CVE-2022-27659

Security Advisory Description An authenticated attacker can modify or delete Dashboards created by other BIG-IP users in the Traffic Management User Interface TMUI. CVE-2022-27659 Impact This vulnerability may allow an authenticated attacker with network access to the TMUI, also referred to as th...

Exploits0Affected Software13

7.5CVSS6.2AI score0.1167EPSS

K55248799: phpLDAPAdmin vulnerabilities CVE-2005-2654, CVE-2005-2792, CVE-2005-2793, CVE-2006-2016, and CVE-2009-4427

Security Advisory Description CVE-2005-2654 phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disableanonbind is set, via an HTTP request to login.php with the anonymousbind parameter set. CVE-2005-2792 Directory traversal vulnerability in...

Exploits4

7.8CVSS7.9AI score0.00693EPSS

K73644551: Apache Tomcat vulnerability CVE-2016-6325

Security Advisory Description The Tomcat package on Red Hat Enterprise Linux RHEL 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for 1 /etc/sysconfig/tomcat and 2 /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat...

7.2CVSS6.6AI score0.13335EPSS

K76314525: Samba vulnerabilities CVE-2015-5252 and CVE-2015-5299

Security Advisory Description CVE-2015-5252 vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points...

Exploits1Affected Software1

7.8CVSS6AI score0.04433EPSS

K43378049: Linux kernel vulnerability CVE-2019-19074

Security Advisory Description A memory leak in the ath9kwmicmd function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption, aka CID-728c1e2a05e4. CVE-2019-19074 Impact There is no impact; F5 products are not...

F5 Networks•added 2023/02/21 6:32 p.m.•54 views

K93419216: Multiple MySQL vulnerabilities CVE-2022-21534, CVE-2022-21535, CVE-2022-21537, CVE-2022-21538, CVE-2022-21539

Security Advisory Description CVE-2022-21534 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

5CVSS5AI score0.01411EPSS

F5 Networks•added 2023/02/21 6:26 p.m.•54 views

K16879: Apache Portable Runtime vulnerability CVE-2011-1928

Security Advisory Description Description The fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service infinite loop via a URI that does not match unspecified types of...

8AI score

F5 Networks•added 2023/02/21 6:19 p.m.•54 views

K50118123: Java vulnerabilities CVE-2016-0466 and CVE-2016-0483

Security Advisory Description CVE-2016-0466 Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP...

10CVSS6.8AI score0.14714EPSS

Exploits0Affected Software22

F5 Networks•added 2023/02/21 6:18 p.m.•54 views

K11353642: Linux kernel vulnerability CVE-2013-2596

Security Advisory Description Integer overflow in the fbmmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and...

7.8CVSS6.2AI score0.03373EPSS

F5 Networks•added 2023/02/21 6:8 p.m.•54 views

K14371: Apache Axis vulnerability CVE-2012-5784

Security Advisory Description Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the...

5.8CVSS7.5AI score0.05722EPSS