Lucene search
K

6413 matches found

F5 Networks
F5 Networks
•added 2006/10/19 12:0 a.m.•53 views

SOL6634 - pam_ldap vulnerability - CVE-2005-2641

This security advisory describes a pamldap vulnerability. Clients who are referred to a different server than the server on which they were originally authenticated, with a different TLS encryption requirement, could possibly bypass the new server's TLS requirements. Information about this adviso...

7.5CVSS0.9AI score0.03645EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/06/04 4:2 p.m.•52 views

K000161577: Linux kernel vulnerability CVE-2025-39817

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfsdcompare Observed on kernel 6.6 present on master as well: BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasancheckrange+0xe8/0x190...

7.1CVSS6.4AI score0.00152EPSS
Exploits0Affected Software4
F5 Networks
F5 Networks
•added 2024/10/25 12:0 a.m.•52 views

K000148250: PostgreSQL vulnerabilities CVE-2016-0766, CVE-2015-3167, CVE-2015-0243, CVE-2015-0242, and CVE-2015-0241

Security Advisory Description CVE-2016-0766 PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings GUCS for PL/Java, which allows attackers to gain privileges via...

9CVSS8.5AI score0.05533EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/08/13 3:29 p.m.•52 views

K000140693: Apache HTTP server vulnerability CVE-2024-39573

Security Advisory Description Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue. CVE-2024-39573...

7.5CVSS6.6AI score0.35447EPSS
Exploits0Affected Software16
F5 Networks
F5 Networks
•added 2024/08/06 4:18 p.m.•52 views

K000140602: BIND vulnerability CVE-2024-4076

Security Advisory Description Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1...

7.5CVSS8AI score0.02111EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/05/27 10:14 a.m.•52 views

K000139793: MacOS vulnerability CVE-2023-41993

Security Advisory Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7...

8.8CVSS9AI score0.29179EPSS
Exploits3
F5 Networks
F5 Networks
•added 2024/05/14 10:29 p.m.•52 views

K000139615: Node.js vulnerability CVE-2024-27982

Security Advisory Description The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly,...

6.5CVSS7.2AI score0.01155EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/04/30 5:7 p.m.•52 views

K000139430: Linux kernel vulnerability CVE-2024-1086

Security Advisory Description A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The nftverdictinit function allows positive values as drop error within the hook verdict, and hence the nfhookslow function can...

7.8CVSS7.1AI score0.28058EPSS
Exploits16Affected Software2
F5 Networks
F5 Networks
•added 2024/02/15 4:39 p.m.•52 views

K000138628: python-pip vulnerabilities CVE-2021-3572 and CVE-2023-5752

Security Advisory Description CVE-2021-3572 A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity...

5.7CVSS7.1AI score0.01687EPSS
Exploits2
F5 Networks
F5 Networks
•added 2023/03/13 7:33 p.m.•52 views

K000132941: OpenSSL vulnerability CVE-2023-0286

Security Advisory Description There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as...

7.4CVSS7.7AI score0.59501EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
•added 2023/02/28 4:16 p.m.•52 views

K000132686: TLS Triple Handshake Attack vulnerability

Security Advisory Description The original TLS protocol includes a weakness in master secret negotiation, potentially allowing the Triple Handshake Attack that is mitigated by the Extended Master Secret EMS extension defined in RFC 7627. Impact This vulnerability may allow an unauthenticated...

5.5AI score
Exploits0Affected Software16
F5 Networks
F5 Networks
•added 2023/02/21 8:2 p.m.•53 views

K69334442: Intel Processors RRSBA advisory CVE-2022-28693

Security Advisory Description Unprotected alternative channel of return branch target prediction in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2022-28693 Impact There is no impact; F5 products are not affected by this...

4.7CVSS5.1AI score0.00171EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 8:2 p.m.•52 views

K02500249: Linux kernel vulnerability CVE-2013-1059

Security Advisory Description net/ceph/authnone.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via an authreply message that triggers an attempted buildrequest operation...

7.8CVSS7AI score0.04546EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 8:2 p.m.•52 views

K49116387: BIND vulnerabilities CVE-2017-3140 and CVE-2017-3141

Security Advisory Description CVE-2017-3140 If named is configured to use Response Policy Zones RPZ an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0-9.11.1, 9.9.10-S1, 9.10.5-S1. An error...

7.8CVSS6.3AI score0.1213EPSS
Exploits5
F5 Networks
F5 Networks
•added 2023/02/21 8:0 p.m.•52 views

K76444020: OpenJDK vulnerabilities CVE-2019-2933 and CVE-2019-2958

Security Advisory Description CVE-2019-2933 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows...

5.9CVSS5.1AI score0.02638EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 8:0 p.m.•52 views

K11435435: PHP vulnerability CVE-2020-7070

Security Advisory Description In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thu...

5.3CVSS6.5AI score0.05029EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•52 views

K15883: Net-SNMP vulnerability CVE-2012-2141

Security Advisory Description Array index error in the handlensExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service out-of-bounds read and snmpd crash via an SNMP GET request for an entry not in the extension...

3.5CVSS8.6AI score0.02167EPSS
Exploits0Affected Software12
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•52 views

K15725: Multiple 5.5.x and 5.6.x MySQL vulnerabilities

Security Advisory Description CVE-2014-6507 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. CVE-2014-6491 Unspecified...

7.5CVSS6.8AI score0.14784EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•52 views

K93683207: Apache vulnerability CVE-2018-1333

Security Advisory Description By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.18-2.4.30,2.4.33. CVE-2018-1333 Impact There is no impact; F5...

7.5CVSS6.4AI score0.17103EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:58 p.m.•52 views

K15189: Apache Commons FileUpload vulnerability CVE-2014-0050

Security Advisory Description MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted Content-Type header that bypasses a loop's...

7.5CVSS7.3AI score0.83175EPSS
Exploits8Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 7:58 p.m.•52 views

K23630542: MySQL vulnerabilities CVE-2017-3636, CVE-2018-3081, CVE-2018-3174, CVE-2021-2144, and CVE-2020-2812

Security Advisory Description CVE-2017-3636 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to...

7.2CVSS5.9AI score0.02981EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•52 views

K21121402: PHP vulnerability CVE-2020-7062

Security Advisory Description In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.uploadprogress.cleanup is set to 0 disabled, and the file upload fails, the upload procedure would...

7.5CVSS7.4AI score0.03598EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•52 views

K52325031: Linux kernel vulnerabilities CVE-2019-16231 and CVE-2019-16233

Security Advisory Description CVE-2019-16231 drivers/net/fjes/fjesmain.c in the Linux kernel 5.2.14 does not check the allocworkqueue return value, leading to a NULL pointer dereference. CVE-2019-16233 drivers/scsi/qla2xxx/qlaos.c in the Linux kernel 5.2.14 does not check the allocworkqueue retur...

4.7CVSS6.1AI score0.00422EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:54 p.m.•52 views

K64721111: vCMP vulnerability CVE-2018-5531

Security Advisory Description Through undisclosed methods, adjacent network attackers can cause a denial of service for vCMP guest and host systems. Attacks must be sourced from an adjacent network Layer 2. CVE-2018-5531 Impact BIG-IP An attacker from an adjacent network may be able to cause a...

7.4CVSS7.6AI score0.00507EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:51 p.m.•52 views

K13597: OpenSSL vulnerability CVE-2012-1165

Security Advisory Description The mimeparamcmp function in crypto/asn1/asnmime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service NULL pointer dereference and application crash using a crafted S/MIME message; a different vulnerability than...

5CVSS8.4AI score0.06989EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:50 p.m.•52 views

K14433: PHP SOAP vulnerability CVE-2013-1643

Security Advisory Description PHP allows the use of external entities while parsing SOAP wsdl files, which allows an attacker to read arbitrary files. If a web application unserializes user-supplied data and tries to execute any method of it, an attacker can send a serialized SoapClient object...

5CVSS9.5AI score0.10136EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:42 p.m.•52 views

K14909: OpenSSL vulnerability CVE-2013-4248

Security Advisory Description The opensslx509parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle...

4.3CVSS7.5AI score0.03588EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:40 p.m.•52 views

K15432: Apache Tomcat vulnerability CVE-2014-0099

Security Advisory Description Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Lengt...

4.3CVSS6.8AI score0.08838EPSS
Exploits0Affected Software15
F5 Networks
F5 Networks
•added 2023/02/21 7:29 p.m.•52 views

K62012529: BIND vulnerability CVE-2016-1286

Security Advisory Description named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service assertion failure and daemon exit via a crafted signature record for a DNAME record, related to db.c and resolver.c. CVE-2016-1286 Impact An attacke...

8.6CVSS7.1AI score0.621EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:28 p.m.•52 views

K15900: Apache HTTP server vulnerability CVE-2012-3499

Security Advisory Description Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modlda...

4.3CVSS7.7AI score0.22913EPSS
Exploits2Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 7:8 p.m.•52 views

K16442: MIT Kerberos 5 vulnerability CVE-2014-9422

Security Advisory Description The checkrpcsecauth function in kadmin/server/kadmrpcsvc.c in kadmind in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/ authorization check and obtain administrative access...

6.1CVSS8AI score0.02726EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:2 p.m.•52 views

K01128223: PHP vulnerability CVE-2020-7061

Security Advisory Description In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or...

9.1CVSS7.9AI score0.04075EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:1 p.m.•52 views

K40317110: MySQL vulnerabilities CVE-2017-10320, CVE-2017-10365, CVE-2017-10378, CVE-2017-10379, and CVE-2017-10384

Security Advisory Description CVE-2017-10320 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB. Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

6.5CVSS6.4AI score0.03237EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:0 p.m.•52 views

K85307687: cURL and libcurl vulnerabilities CVE-2014-3613, CVE-2014-3707, and CVE-2014-8150

Security Advisory Description CVE-2014-3613 cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site...

5CVSS8.4AI score0.07432EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:55 p.m.•52 views

K15101402: iControl REST vulnerability CVE-2022-1468

Security Advisory Description An authenticated iControl REST user with at least guest role privileges can cause processing delays to iControl REST requests via undisclosed requests. CVE-2022-1468 Impact Processing delays to iControl REST requests can occur until the iControl REST daemon is either...

4.3CVSS4.8AI score0.00795EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:55 p.m.•52 views

K05940857: Apache Tomcat vulnerabilities CVE-2017-5650 and CVE-2017-5651

Security Advisory Description CVE-2017-5650 In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOWUPDATE before allowing the application to...

9.8CVSS8.5AI score0.08275EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:55 p.m.•52 views

K41523201: cURL vulnerability CVE-2019-5482

Security Advisory Description Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. CVE-2019-5482 Impact An attacker could cause a denial of service DoS or arbitrary code execution if you use cURL to transfer data to or from a Trivial File Transport Protocol TFTP server and...

9.8CVSS7.5AI score0.17939EPSS
Exploits0Affected Software16
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•52 views

K02354867: Kernel vulnerability CVE-2020-10711

Security Advisory Description A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option CIPSO protocol's category bitmap into the SELinux extensible bitmap via the'...

5.9CVSS6.1AI score0.03097EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•52 views

K12132951: Linux kernel vulnerability CVE-2022-0812

Security Advisory Description An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpcrdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. CVE-2022-0812 Impact There is no impact; F5 products are not affected by...

4.3CVSS6.1AI score0.01097EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•52 views

K35263486: libarchive vulnerability CVE-2016-8688

Security Advisory Description The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service crash via a crafted file, which triggers an invalid read in the 1 detectform or 2 bidentry function in...

5.5CVSS6.3AI score0.0198EPSS
Exploits0Affected Software10
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•52 views

K60350722: Java SE Embedded vulnerability CVE-2018-2814

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker...

8.3CVSS5.8AI score0.03746EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•52 views

K54747614: Java SE and JRockit vulnerability CVE-2017-10243

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAX-WS. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows...

6.5CVSS6.2AI score0.02862EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•52 views

K77384526: tcpdump vulnerabilities CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, and CVE-2016-7927

Security Advisory Description CVE-2016-7922 The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ahprint. CVE-2016-7923 The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arpprint. CVE-2016-7924 The ATM parser in tcpdump before 4.9.0 has a buffer...

9.8CVSS8.7AI score0.03464EPSS
Exploits0Affected Software22
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•52 views

K04311751: Tcpdump vulnerability CVE-2018-19519

Security Advisory Description In tcpdump 4.9.2, a stack-based buffer over-read exists in the printprefix function of print-hncp.c via crafted packet data because of missing initialization. CVE-2018-19519 Impact There is no impact; F5 products are not affected by this vulnerability. Security...

5.5CVSS5.8AI score0.02364EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•52 views

K81674333: Ruby vulnerabilities CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325

Security Advisory Description CVE-2019-8322 An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur. CVE-2019-8323 An issue was...

8.8CVSS7.1AI score0.03372EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•52 views

K19240391: Apache Tomcat vulnerability CVE-2020-11996

Security Advisory Description A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections,...

7.5CVSS8.5AI score0.26699EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:52 p.m.•52 views

K43223005: PHP vulnerability CVE-2018-5711

Security Advisory Description gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the...

5.5CVSS6.4AI score0.13204EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:52 p.m.•52 views

K04107324: Linux kernel vulnerability CVE-2019-3900

Security Advisory Description An infinite loop issue was found in the vhostnet kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handlerx. It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote on...

7.7CVSS6.7AI score0.04425EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 6:52 p.m.•52 views

K70023694: Linux kernel vulnerability CVE-2021-4154

Security Advisory Description A use-after-free flaw was found in cgroup1parseparam in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container...

8.8CVSS6.2AI score0.01206EPSS
Exploits2
F5 Networks
F5 Networks
•added 2023/02/21 6:49 p.m.•52 views

K84940705: cURL and libcurl vulnerability CVE-2016-8623

Security Advisory Description A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure. CVE-2016-8623 Impact A use-after-free can occur with shared cookies, allowing a user or process...

7.5CVSS7AI score0.02602EPSS
Exploits0Affected Software24
Total number of security vulnerabilities5000