Lucene search
K

6413 matches found

F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•51 views

K30905674: Linux kernel vulnerability CVE-2014-9904

Security Advisory Description The sndcompresscheckinput function in sound/core/compressoffload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service insufficient memory allocation or possibly...

7.8CVSS6.9AI score0.00384EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:46 p.m.•51 views

K79933541: HTTP2 profile vulnerability CVE-2022-35236

Security Advisory Description When an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. CVE-2022-35236 Impact System performance can degrade until the TMM process is either forced to restart or is manually restarted. This...

7.5CVSS7.3AI score0.00681EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:45 p.m.•51 views

K16025: Linux kernel SCTP vulnerability CVE-2014-3688

Security Advisory Description The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service memory consumption by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c...

5CVSS6.3AI score0.0585EPSS
Exploits1Affected Software20
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•51 views

K63687287: Linux kernel vulnerability CVE-2016-8632

Security Advisory Description The tipcmsgbuild function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service heap-based buff...

7.8CVSS6.5AI score0.00399EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•51 views

K15131064: Node.js vulnerability CVE-2018-7162

Security Advisory Description All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpecte...

7.8CVSS7.2AI score0.06974EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•51 views

K57735782: NGINX Controller API Management vulnerability CVE-2022-23008

Security Advisory Description An authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. CVE-2022-23008 Impact Successful exploitation...

5.5CVSS5.4AI score0.0053EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•51 views

K43232343: Linux kernel Vulnerability CVE-2021-31440

Security Advisory Description This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

8.8CVSS7.9AI score0.01754EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•51 views

K94142349: BIG-IP Advanced WAF and ASM WebSocket security exposure

Security Advisory Description BIG-IP Advanced WAF and ASM incorrectly handle certain WebSocket requests. This issue occurs when the following condition is met: BIG-IP Advanced WAF or ASM handles a malicious WebSocket message. Impact The attack signature check fails to detect and block requests, a...

6.6AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•51 views

K33484483: F5OS vulnerability CVE-2022-41835

Security Advisory Description Excessive file permissions in F5OS allow an authenticated local attacker to execute a limited set of commands in a container and impact the F5OS controller. CVE-2022-41835 Impact An authenticated low-privileged attacker with CLI access can exploit this vulnerability...

8.8CVSS8.4AI score0.00147EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•52 views

K76328112: BIG-IP TMM vulnerability CVE-2019-6683

Security Advisory Description BIG-IP virtual servers with Loose Initiation enabled on a FastL4 profile may be subject to excessive flow usage under undisclosed conditions. CVE-2019-6683 Impact This vulnerability is present only on BIG-IP Virtual Edition VE systems with limited bandwidth licenses...

7.5CVSS7.3AI score0.01014EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•51 views

K80691406: MySQL vulnerabilities CVE-2019-2535, CVE-2019-2536, CVE-2019-2537, and CVE-2019-2539

Security Advisory Description CVE-2019-2535 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Options. Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure whe...

5CVSS5.6AI score0.0442EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•51 views

K65078159: Apache Tomcat vulnerability CVE-2021-24122

Security Advisory Description When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause wa...

5.9CVSS7.7AI score0.22852EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•51 views

K22854723: Poppler vulnerability CVE-2018-10768

Security Advisory Description There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected...

6.5CVSS5.8AI score0.02435EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•51 views

K49160100: Apache Tomcat vulnerability CVE-2016-6817

Security Advisory Description The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible. CVE-2016-6817 Impact There is no impact; F5...

7.5CVSS7.6AI score0.0719EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:27 p.m.•51 views

K4583: Insufficient validation of ICMP error messages VU#222750 / CVE-2004-0790 (9.x - 10.x)

Security Advisory Description This article applies to BIG-IP 9.x through 10.x. However, a regression for this vulnerability was introduced in later BIG-IP versions. For information about other versions, refer to the following article: K23440942: Insufficient validation of ICMP error messages...

5CVSS6.4AI score0.80675EPSS
Exploits10
F5 Networks
F5 Networks
•added 2023/02/21 6:27 p.m.•51 views

K53214222: midi kernel driver vulnerability CVE-2018-10902

Security Advisory Description It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc double free in sndrawmidiinputparams and sndrawmidioutputstatus which are part of sndrawmidiioctl handler in rawmidi.c file. A malicious local...

7.8CVSS7AI score0.00523EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:20 p.m.•51 views

K24734336: PHP vulnerabilities CVE-2016-4542, CVE-2016-4543, and CVE-2016-4544

Security Advisory Description CVE-2016-4542 The exifprocessIFDTAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service out-of-bounds read or possibly...

9.8CVSS9.2AI score0.12179EPSS
Exploits3
F5 Networks
F5 Networks
•added 2023/02/21 6:17 p.m.•51 views

K12597: PHP vulnerability CVE-2010-4156

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

5CVSS6.3AI score0.12786EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:11 p.m.•51 views

K15904: Multiple third-party application-server vulnerabilities

Security Advisory Description CVE-2003-1418 Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via 1 the ETag header, which reveals the inode number, or 2 multipart MIME boundary, which reveals child proccess IDs PID. CVE-2004-2320 The...

8.1CVSS7.3AI score0.25061EPSS
Exploits3
F5 Networks
F5 Networks
•added 2023/02/21 6:10 p.m.•51 views

K15936: NTP vulnerability CVE-2014-9295

Security Advisory Description Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to 1 the cryptorecv function when the Autokey Authentication feature is used, 2 the ctlputdata function, and 3 the configu...

7.5CVSS8.3AI score0.78717EPSS
Exploits1Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 5:33 p.m.•51 views

K18174924: Apache Tomcat 6.x vulnerability CVE-2016-0706

Security Advisory Description Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users ...

4.3CVSS6.5AI score0.06232EPSS
Exploits0Affected Software17
F5 Networks
F5 Networks
•added 2023/02/17 4:26 p.m.•51 views

K000132639: ALPACA: TLS vulnerability CVE-2021-3618

Security Advisory Description ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP...

7.4CVSS7.8AI score0.02037EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/01/03 10:0 p.m.•51 views

K07550539: TMM with LRO vulnerability CVE-2018-15311

Security Advisory Description When Large Receive Offload LRO is enabled, undisclosed traffic patterns may cause TMM to restart. LRO has been available since 11.4.0 but is not enabled by default until 13.1.0 for all platforms and 12.0.0 for Virtual Edition. CVE-2018-15311 Impact An attacker may be...

5.9CVSS6.6AI score0.01424EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2022/12/15 6:31 p.m.•51 views

K59333944: Apache mod_proxy_ftp vulnerability CVE-2020-1934

Security Advisory Description In Apache HTTP Server 2.4.0 to 2.4.41, modproxyftp may use uninitialized memory when proxying to a malicious FTP server. CVE-2020-1934 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...

5.3CVSS6.6AI score0.51951EPSS
Exploits0
F5 Networks
F5 Networks
•added 2016/10/20 12:0 a.m.•51 views

SOL41204355 - PHP vulnerability CVE-2016-5114

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

9.1CVSS2.5AI score0.04489EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2016/09/07 12:0 a.m.•51 views

SOL05016441 - Oracle Java vulnerability CVE-2016-3508

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.3CVSS1.9AI score0.04797EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2016/08/03 12:0 a.m.•51 views

SOL51390683 - PHP vulnerabilities CVE-2016-5094 and CVE-2016-5095

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

8.6CVSS3.4AI score0.0464EPSS
Exploits0References10
F5 Networks
F5 Networks
•added 2016/07/26 12:0 a.m.•51 views

SOL53729441 - MySQL vulnerability CVE-2016-2047

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.9CVSS2.5AI score0.03741EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2016/06/09 12:0 a.m.•51 views

SOL99998454 - iControl REST vulnerability CVE-2016-5021

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

4.9CVSS2AI score0.01237EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2016/05/23 12:0 a.m.•51 views

SOL61971428 - Multiple Java vulnerabilities

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

10CVSS2.6AI score0.04652EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2016/05/13 12:0 a.m.•51 views

SOL25102203 - ImageMagick vulnerability CVE-2016-3716

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

10CVSS2.2AI score0.97485EPSS
Exploits13References9
F5 Networks
F5 Networks
•added 2016/05/10 12:0 a.m.•51 views

SOL04755144 - Multiple QEMU vulnerabilities

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

7.5CVSS2.5AI score0.03897EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2016/03/24 12:0 a.m.•51 views

SOL93122894 - OpenSSL vulnerability CVE-2016-0705

In the default configuration there is no network access vector. There is no known exposure in the default configuration. Customized applications that are parsing DSA keys from untrusted input sources may expose this issue; however, that is a rare configuration. In most cases, this issue would be...

10CVSS2.2AI score0.26335EPSS
Exploits1References7
F5 Networks
F5 Networks
•added 2015/09/24 12:0 a.m.•51 views

SOL17317 - Apache HTTP server vulnerability CVE-2015-0253

The readrequestline function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service NULL pointer dereference and process crash by sending a request that lacks a method to an installation...

5CVSS3.4AI score0.14734EPSS
Exploits0References3
F5 Networks
F5 Networks
•added 2015/09/08 12:0 a.m.•51 views

SOL17247 - PHP vulnerability CVE-2015-1351

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

7.5CVSS2.5AI score0.08646EPSS
Exploits1References3
F5 Networks
F5 Networks
•added 2015/07/30 12:0 a.m.•51 views

SOL17025 - BIND DNSSEC vulnerability CVE-2010-0097

ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC 1 NSEC and 2 NSEC3 records. CVE-2010-0097...

4.3CVSS6.9AI score0.09363EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2015/07/08 12:0 a.m.•51 views

SOL16940 - Multiple Wireshark vulnerabilities

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5CVSS1.1AI score0.03409EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2015/06/05 12:0 a.m.•51 views

SOL16716 - Multiple Mozilla NSS vulnerabilities

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

10CVSS0.6AI score0.06381EPSS
Exploits5References3
F5 Networks
F5 Networks
•added 2015/04/03 12:0 a.m.•51 views

SOL16364 - GNU C Library (glibc) vulnerability CVE-2012-3406

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

6.8CVSS1AI score0.03163EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2014/08/25 12:0 a.m.•51 views

SOL15532 - XSS vulnerability in echo.jsp CVE-2014-4023

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

4.3CVSS2.4AI score0.01842EPSS
Exploits2References8
F5 Networks
F5 Networks
•added 2014/07/17 12:0 a.m.•51 views

SOL15417 - OpenSSL vulnerability CVE-2012-0050

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

5CVSS2.7AI score0.15757EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2014/06/16 12:0 a.m.•51 views

SOL15342 - OpenSSL vulnerability CVE-2014-3470

The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service NULL pointer dereference and client crash by triggering a NULL certificate...

4.3CVSS7.5AI score0.85784EPSS
Exploits0References7
F5 Networks
F5 Networks
•added 2014/06/02 12:0 a.m.•51 views

SOL15300 - Apache HTTP Server mod_dav DoS vulnerability CVE-2013-6438

Recommended Action ARX If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate th...

5CVSS0.8AI score0.26831EPSS
Exploits2References14
F5 Networks
F5 Networks
•added 2013/02/11 12:0 a.m.•51 views

SOL14201 - BIND denial-of-service attack CVE-2012-5166/CVE-2012-4244

Recommended Action To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. To mitigate this vulnerability, you can disable recursion of the DNS server. To do so, perform the following procedure: Impact of action...

7.8CVSS7.2AI score0.36798EPSS
Exploits0References11
F5 Networks
F5 Networks
•added 2007/11/05 12:0 a.m.•51 views

SOL8077 - BIND 8 vulnerability CVE-2007-2930

The NSIDSHUFFLEONLY and NSIDUSEPOOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches using unknown vectors...

4.3CVSS2.8AI score0.07585EPSS
Exploits0
F5 Networks
F5 Networks
•added 2007/05/16 12:0 a.m.•51 views

SOL3568 - DNS denial of service vulnerability - CAN-2004-0789

Vulnerability description and product information: Multiple implementations of the DNS protocol, including 1 Poslib 1.0.2-1 and earlier as used by Posadis, 2 Axis Network products before firmware 3.13, and 3 Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to caus...

5CVSS2.6AI score0.02765EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/10/25 9:34 p.m.•50 views

K000148259: libarchive vulnerability CVE-2016-10350 and CVE-2016-10349

Security Advisory Description CVE-2016-10350 The archivereadformatcabreadheader function in archivereadsupportformatcab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted file. CVE-2016-10349 The archivele32de...

5.5CVSS6.6AI score0.01699EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2024/08/14 1:11 p.m.•50 views

K05710614: BIG-IP HSB vulnerability CVE-2024-39778

Security Advisory Description When a stateless virtual server is configured on a BIG-IP system with a High-Speed Bridge HSB, undisclosed requests can cause virtual servers to stop processing client connections and the Traffic Management Microkernel TMM to terminate. CVE-2024-39778 Impact Traffic ...

8.7CVSS6.9AI score0.00481EPSS
Exploits0Affected Software12
F5 Networks
F5 Networks
•added 2024/05/20 10:1 p.m.•50 views

K000139698: Python vulnerabilities CVE-2016-5636, CVE-2018-1000802, CVE-2022-48565 and CVE-2023-36632

Security Advisory Description CVE-2016-5636 Integer overflow in the getdata function in zipimport.c in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer...

10CVSS8.8AI score0.26316EPSS
Exploits6
F5 Networks
F5 Networks
•added 2024/05/16 10:0 p.m.•50 views

K000139641: libxml2 vulnerability CVE-2023-28484

Security Advisory Description In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. CVE-2023-28484 Impact This vulnerability allows a remote, authenticated...

6.5CVSS6.7AI score0.01086EPSS
Exploits1Affected Software17
Total number of security vulnerabilities5000