Lucene search
K

6413 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:49 p.m.52 views

K57397944: Linux kernel vulnerability CVE-2019-19807

Security Advisory Description In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to sndtimeropen and sndtimercloselocked. The timeri variable was originally intended to be for a newly created timer...

7.8CVSS6.4AI score0.00551EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:48 p.m.52 views

K23413369: Python-Pillow vulnerabilities CVE-2022-22816, CVE-2022-22817

Security Advisory Description pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. CVE-2022-22816 PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda...

9.8CVSS6.8AI score0.03399EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:46 p.m.52 views

K55051330: Intel BIOS vulnerability CVE-2021-33123

Security Advisory Description Improper access control in the BIOS authenticated code module for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-33123 Impact A local attacker logged in as a privileged user can exploit the...

7.8CVSS7.5AI score0.00253EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.52 views

K11155549: IPSEC vulnerability CVE-2019-14899

Security Advisory Description A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine...

7.4CVSS7.5AI score0.00838EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.52 views

K63712424: PHP vulnerability CVE-2015-8935

Security Advisory Description The sapiheaderop function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting XSS attacks against...

6.1CVSS6.9AI score0.02959EPSS
Exploits0Affected Software22
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.52 views

K51931024: Linux kernel vulnerability CVE-2017-1000364

Security Advisory Description An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over the stack guard page is bypassed, this affects Linux Kernel versions 4.11.5 and earlier the stackguard page was...

7.4CVSS7.5AI score0.05186EPSS
Exploits3Affected Software23
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.52 views

K42355373: Linux NFS kernel vulnerablity CVE-2020-25212

Security Advisory Description A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452...

7CVSS6.7AI score0.00275EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.52 views

K20486351: glibc vulnerability CVE-2017-1000366

Security Advisory Description glibc contains a vulnerability that allows specially crafted LDLIBRARYPATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent...

7.8CVSS8AI score0.02733EPSS
Exploits14Affected Software23
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.52 views

K06493172: glibc vulnerability CVE-2016-3706

Security Advisory Description Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library aka glibc or libc6 allows remote attackers to cause a denial of service crash via vectors involving hostent conversion. NOTE: this vulnerability exists because...

7.5CVSS7.8AI score0.05926EPSS
Exploits0Affected Software25
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.52 views

K78284681: Python tarfile library vulnerability CVE-2019-20907

Security Advisory Description In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation. CVE-2019-20907 Impact A user-created custom Python script utilizing the Python...

7.5CVSS7.2AI score0.06253EPSS
Exploits0Affected Software15
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.52 views

K91326803: Linux kernel vulnerability CVE-2021-38201

Security Advisory Description net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service xdrsetpagebase slab-out-of-bounds access by performing many NFS 4.2 READPLUS operations. CVE-2021-38201 Impact There is no impact; F5 products are not affected by...

7.5CVSS6.1AI score0.03365EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.52 views

K40019131: F5 Access for Android vulnerability CVE-2022-27875

Security Advisory Description A Task Hijacking vulnerability exists in the F5 Access for Android application, which may allow an attacker to steal sensitive user information. CVE-2022-27875 Impact An attacker may be able to exploit this vulnerability by tricking a legitimate user running Android...

5.5CVSS5.5AI score0.00591EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.52 views

K11910343: Linux kernel vulnerability CVE-2021-35039

Security Advisory Description kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIGMODULESIG, verification that a kernel module is signed, for loading via initmodule, does not occur for a module.sigenforce=1 command-line argumen...

7.8CVSS6.1AI score0.00246EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.52 views

K16869: logrotate vulnerability CVE-2011-1098

Security Advisory Description Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. CVE-2011-1098 Impact May allow a local user to read log data by opening a...

1.9CVSS6.2AI score0.00281EPSS
Exploits1Affected Software18
F5 Networks
F5 Networks
added 2023/02/21 6:32 p.m.52 views

K11100332: Multiple Oracle Database Server vulnerabilities

Security Advisory Description CVE-2016-3479 Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors. CVE-2016-3484 Unspecified vulnerability in the Database Vault component i...

9CVSS5.9AI score0.03744EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:32 p.m.52 views

K32059550: Linux kernel vulnerability CVE-2018-20669

Security Advisory Description An issue where a provided address with accessok is not checked was discovered in i915gemexecbuffer2ioctl in drivers/gpu/drm/i915/i915gemexecbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary...

7.8CVSS6.5AI score0.00572EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:29 p.m.52 views

K73183618: BIG-IP APM Portal Access vulnerability CVE-2020-5853

Security Advisory Description In BIG-IP APM Portal Access, HTTP pages that are served by back-end servers and have special JavaScript code may cause internal name conflicts. CVE-2020-5853 Impact BIG-IP APM An attacker who can control JavaScript code served by back-end servers may bypass the...

5.4CVSS5.3AI score0.00521EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:12 p.m.52 views

K17136: Java and JRockit vulnerabilities CVE-2015-0478 and CVE-2015-0488

Security Advisory Description CVE-2015-0478 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE.Per Oracle: Applies to client and server deployment of Java. This vulnerability c...

5CVSS4.9AI score0.04204EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:10 p.m.52 views

K8938: BIND DNS cache poisoning vulnerability - CVE-2008-1447 - VU#800113

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.8CVSS6.6AI score0.95182EPSS
Exploits21
F5 Networks
F5 Networks
added 2023/02/21 6:7 p.m.52 views

K74413297: Linux kernel vulnerability CVE-2014-3184

Security Advisory Description The reportfixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service out-of-bounds write via a crafted device that provides a small report descriptor, related to 1...

4.7CVSS6.1AI score0.00397EPSS
Exploits0Affected Software16
F5 Networks
F5 Networks
added 2023/02/21 6:7 p.m.52 views

K81557381: BIG-IP HTTP/2 vulnerability CVE-2019-6673

Security Advisory Description When the BIG-IP system is configured in HTTP/2 full proxy mode, specifically crafted requests may cause a disruption of service provided by the Traffic Management Microkernel TMM. CVE-2019-6673 Impact An attacker may be able to use a specifically crafted request to...

7.5CVSS7.5AI score0.01014EPSS
Exploits0Affected Software8
F5 Networks
F5 Networks
added 2023/02/21 6:6 p.m.52 views

K86326526: MySQL vulnerabilities CVE-2015-4766, CVE-2015-4904, CVE-2015-4791, and CVE-2015-4807

Security Advisory Description CVE-2015-4766 Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall. CVE-2015-4904 Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier...

4CVSS6.8AI score0.02729EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 5:33 p.m.52 views

K51518670: Linux kernel vulnerability CVE-2015-2922

Security Advisory Description The ndiscrouterdiscovery function in net/ipv6/ndisc.c in the Neighbor Discovery ND protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hoplimit value in a Router...

3.3CVSS6AI score0.03052EPSS
Exploits1Affected Software22
F5 Networks
F5 Networks
added 2022/12/27 11:49 p.m.52 views

K14981751: Linux kernel vulnerability CVE-2019-18808

Security Advisory Description A memory leak in the ccprunshacmd function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service memory consumption, aka CID-128c66429247. CVE-2019-18808 Impact There is no impact; F5 products are not affected...

5.5CVSS6.3AI score0.00329EPSS
Exploits0
F5 Networks
F5 Networks
added 2022/12/20 7:14 p.m.52 views

K12201527: Overview of F5 security notifications

Security Advisory Description In July 2026, F5 announced a change to our security release cadence: monthly hardened software releases on the third Wednesday and MSNs published one month after each hardened release. F5 strongly recommends you promptly update your environment with each hardened...

9.8CVSS6.3AI score0.04261EPSS
Exploits3
F5 Networks
F5 Networks
added 2016/07/08 12:0 a.m.52 views

SOL24642829 - Linux kernel vulnerability CVE-2015-7515

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

4.9CVSS2.4AI score0.018EPSS
Exploits4References4
F5 Networks
F5 Networks
added 2016/06/20 12:0 a.m.52 views

SOL61275340 - Java vulnerability CVE-2013-5823

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5CVSS1.8AI score0.04732EPSS
Exploits0References8
F5 Networks
F5 Networks
added 2016/06/13 12:0 a.m.52 views

SOL65271605 - NTP vulnerability CVE-2016-1549

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

6.5CVSS0.9AI score0.03147EPSS
Exploits1References5
F5 Networks
F5 Networks
added 2016/06/08 12:0 a.m.52 views

SOL51484039 - PHP 'snmp.c' remote format string vulnerability CVE-2016-4071

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

9.8CVSS2.6AI score0.19455EPSS
Exploits1References4
F5 Networks
F5 Networks
added 2016/05/25 12:0 a.m.52 views

SOL61200338 - NTP vulnerability CVE-2016-2517

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.3CVSS2.4AI score0.08823EPSS
Exploits0References9
F5 Networks
F5 Networks
added 2016/05/19 12:0 a.m.52 views

SOL36488941 - OpenSSL vulnerability CVE-2016-2106

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS2.3AI score0.27261EPSS
Exploits1References7
F5 Networks
F5 Networks
added 2016/01/27 12:0 a.m.52 views

SOL13145361 - Linux kernel KVM subsystem vulnerability CVE-2014-3647

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.5CVSS1.4AI score0.00588EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2016/01/07 12:0 a.m.52 views

SOL05272632 - BIG-IP AOM password sync vulnerability CVE-2015-8611

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

10CVSS0.9AI score0.0319EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2015/10/16 12:0 a.m.52 views

SOL17447 - Linux kernel UDF vulnerabilities CVE-2014-9728, CVE-2014-9729, and CVE-2014-9730

Recommended Action If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently...

4.9CVSS0.9AI score0.00451EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2015/09/15 12:0 a.m.52 views

SOL17270 - OpenSSH vulnerability CVE-2015-6565

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

7.2CVSS2.4AI score0.02605EPSS
Exploits4References3
F5 Networks
F5 Networks
added 2015/09/09 12:0 a.m.52 views

SOL17236 - Apache HTTP server vulnerability CVE-2015-3185

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL460...

4.3CVSS0.5AI score0.18795EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2015/08/28 12:0 a.m.52 views

SOL17189 - Apache HTTP server vulnerability CVE-2008-0456

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

2.6CVSS0.5AI score0.19036EPSS
Exploits1References4
F5 Networks
F5 Networks
added 2015/08/03 12:0 a.m.52 views

SOL17057 - QEMU vulnerabilities CVE-2015-3214, CVE-2015-5154, and CVE-2015-5158

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

7.2CVSS0.5AI score0.01594EPSS
Exploits1References8
F5 Networks
F5 Networks
added 2015/07/23 12:0 a.m.52 views

SOL16907 - Apache HTTPD vulnerability CVE-2011-3607

Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...

4.4CVSS8.6AI score0.04716EPSS
Exploits4References4
F5 Networks
F5 Networks
added 2015/07/16 12:0 a.m.52 views

SOL16976 - PHP vulnerability CVE-2015-1352

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

5CVSS2.5AI score0.07704EPSS
Exploits1References3
F5 Networks
F5 Networks
added 2015/07/07 12:0 a.m.52 views

SOL16920 - OpenSSL vulnerability CVE-2014-8176

The failover.secure system database variable is only available in BIG-IP 11.5.0 and later, and is disabled by default. However, Common Criteria mode enables the failover.secure database variable. The BIG-IP Edge Client system will be vulnerable only when connected to a malicious server...

7.5CVSS2.5AI score0.16587EPSS
Exploits1References7
F5 Networks
F5 Networks
added 2015/05/29 12:0 a.m.52 views

SOL16708 - cURL and libcurl vulnerabilities CVE-2015-3144 and CVE-2015-3145

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

9CVSS1AI score0.3763EPSS
Exploits0References6
F5 Networks
F5 Networks
added 2015/05/29 12:0 a.m.52 views

SOL16707 - cURL and libcurl vulnerability CVE-2015-3148

cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. CVE-2015-3148...

5CVSS8.3AI score0.17942EPSS
Exploits0References6
F5 Networks
F5 Networks
added 2014/11/03 12:0 a.m.52 views

SOL15787 - BIND vulnerability CVE-2010-0382

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custo...

7.6CVSS3.1AI score0.07235EPSS
Exploits0References6
F5 Networks
F5 Networks
added 2014/10/27 12:0 a.m.52 views

SOL15745 - Multiple Oracle Java vulnerabilities

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

10CVSS2.5AI score0.05639EPSS
Exploits1References5
F5 Networks
F5 Networks
added 2014/10/21 12:0 a.m.52 views

SOL15723 - OpenSSL vulnerability CVE-2014-3567

Recommended action If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently...

7.1CVSS2.4AI score0.23598EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2011/04/15 12:0 a.m.52 views

SOL12793 - GNU C Library vulnerability CVE-2010-4051

The regcomp implementation in the GNU C Library aka glibc or libc6 allows context-dependent attackers to cause a denial-of-service DoS attack. This applies to GNU C Library versions through 2.11.3, and also versions 2.12.x through 2.12.2. Information about this advisory is available at the...

5CVSS7.5AI score0.39995EPSS
Exploits12
F5 Networks
F5 Networks
added 2011/02/10 12:0 a.m.52 views

SOL12597 - PHP vulnerability CVE-2010-4156

PHP vulnerability CVE-2010-4156 describes a vulnerability where the mbstrcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter aka the length parameter. Information...

5CVSS5.4AI score0.12786EPSS
Exploits1
F5 Networks
F5 Networks
added 2010/10/14 12:0 a.m.52 views

SOL12156 - PHP xmlrpc vulnerability - CVE-2010-0397

This security advisory describes a PHP xmlrpc vulnerability. For information about this advisory, refer to the Common Vulnerabilities and Exposures website at the following location: Note: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed...

5CVSS9.3AI score0.11528EPSS
Exploits2
F5 Networks
F5 Networks
added 2010/05/31 12:0 a.m.52 views

SOL11533 - OpenSSL vulnerability CVE-2010-0740

The ssl3getrecord function in ssl/s3pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service crash via a malformed record in a TLS connection that triggers a NULL pointer de-reference, related to the minor version number. Information about this advisory is...

5CVSS7.2AI score0.2035EPSS
Exploits5
Total number of security vulnerabilities5000