Lucene search
K

6413 matches found

F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•50 views

K35226442: Apache Struts vulnerabilities CVE-2019-0233 and CVE-2019-0230

Security Advisory Description CVE-2019-0233 An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload. CVE-2019-0230 Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, ma...

9.8CVSS8.4AI score0.97399EPSS
Exploits15Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:46 p.m.•50 views

K01730454: Ruby vulnerabilities CVE-2017-0899, CVE-2017-0900, CVE-2017-0901, and CVE-2017-0902

Security Advisory Description CVE-2017-0899 RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. CVE-2017-0900 RubyGems version 2.6.12 and earlie...

9.8CVSS7.3AI score0.29442EPSS
Exploits5
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•50 views

K71796229: Linux kernel vulnerability CVE-2017-14489

Security Advisory Description The iscsiifrx function in drivers/scsi/scsitransportiscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service panic by leveraging incorrect length validation. CVE-2017-14489 Impact This vulnerability allows a local user to cause a...

5.5CVSS6AI score0.01155EPSS
Exploits4Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•50 views

K61547155: QEMU vulnerabilities CVE-2020-10761, CVE-2020-13361, CVE-2020-13362, CVE-2020-13659, and CVE-2020-13754

Security Advisory Description CVE-2020-10761 An assertion failure issue was found in the Network Block DeviceNBD Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remot...

6.7CVSS6.1AI score0.01796EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•50 views

K36942191: Advanced WAF and BIG-IP ASM MySQL database vulnerability CVE-2021-23053

Security Advisory Description When the brute force protection feature of ASM/Adv WAF is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. CVE-2021-23053...

5.3CVSS5.2AI score0.00919EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•50 views

K01713115: BIND vulnerability CVE-2019-6465

Security Advisory Description Controls for zone transfers may not be properly applied to Dynamically Loadable Zones DLZs if the zones are writable Versions affected: BIND 9.9.0 - 9.10.8-P1, 9.11.0 - 9.11.5-P2, 9.12.0 - 9.12.3-P2, and versions 9.9.3-S1 - 9.11.5-S3 of BIND 9 Supported Preview...

5.3CVSS6.5AI score0.037EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•50 views

K42801711: node-ipc vulnerability CVE-2022-23812

Security Advisory Description This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji. Note: from versions 11.0.0 onwards, instead of having...

10CVSS9.4AI score0.04194EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•50 views

K93723284: BIG-IP PEM and AFM TMUI, TMSH, and iControl REST vulnerability CVE-2022-41813

Security Advisory Description When the BIG-IP system is provisioned with the PEM or AFM module, an undisclosed input can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-41813 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote...

6.5CVSS6.5AI score0.00595EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•50 views

K05513373: Linux kernel vulnerability CVE-2016-9576

Security Advisory Description The blkrqmapuseriov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service use-after-free by leveraging...

7.8CVSS6AI score0.00437EPSS
Exploits0Affected Software23
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•50 views

K86075480: Java SE vulnerability CVE-2018-3214

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Sound. Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows...

5.3CVSS5.8AI score0.07EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•50 views

K30216728: Multiple PHP vulnerabilities

Security Advisory Description CVE-2016-7128 The exifprocessIFDinTIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a...

9.8CVSS8.3AI score0.0883EPSS
Exploits6
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•50 views

K56551263: tcpdump vulnerability CVE-2018-14880

Security Advisory Description The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6printlshdr. CVE-2018-14880 Impact An attacker can gain access to sensitive information and can also cause a denial of service DoS. Security Advisory Status F5 Product Development h...

7.5CVSS6.5AI score0.05342EPSS
Exploits0Affected Software17
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•50 views

K42143118: PHP vulnerability CVE-2016-10712

Security Advisory Description In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of streamgetmetadata can be controlled if the input can be controlled e.g., during file uploads. For example, a "$uri = streamgetmetadatafopen$file, "r"'uri'" call mishandles th...

7.5CVSS7.9AI score0.02297EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•50 views

K15031791: Samba vulnerability CVE-2015-5330

Security Advisory Description ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and th...

7.5CVSS7AI score0.06114EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:30 p.m.•50 views

K16864: SSL/TLS RC4 vulnerability CVE-2015-2808

Security Advisory Description The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream...

5CVSS4.9AI score0.73851EPSS
Exploits0Affected Software22
F5 Networks
F5 Networks
•added 2023/02/21 6:29 p.m.•50 views

K15677: Linux kernel vulnerability CVE-2014-4014

Security Advisory Description The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the...

6.2CVSS5.2AI score0.03303EPSS
Exploits4
F5 Networks
F5 Networks
•added 2023/02/21 6:26 p.m.•50 views

K17378: SNMP vulnerability CVE-2015-5621

Security Advisory Description The snmppduparse function in snmpapi.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmpvariablelist item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary...

7.5CVSS8.6AI score0.40002EPSS
Exploits1Affected Software23
F5 Networks
F5 Networks
•added 2023/02/21 6:20 p.m.•50 views

K11251130: NTP vulnerability CVE-2016-1547

Security Advisory Description An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated...

5.3CVSS6.9AI score0.0511EPSS
Exploits2Affected Software24
F5 Networks
F5 Networks
•added 2023/02/21 6:7 p.m.•50 views

K41351250: BIG-IP Advanced WAF and BIG-IP ASM vulnerability CVE-2021-23031

Security Advisory Description An authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. CVE-2021-23031 Impact When this vulnerability is exploited, an authenticated attacker with access to the Configuration utility can execute arbitrary...

9.9CVSS9.1AI score0.02072EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2022/12/31 2:0 a.m.•50 views

K11186236: Linux kernel KVM subsystem vulnerability CVE-2019-6974

Security Advisory Description In the Linux kernel before 4.20.8, kvmioctlcreatedevice in virt/kvm/kvmmain.c mishandles reference counting because of a race condition, leading to a use-after-free. CVE-2019-6974 Impact BIG-IP An attacker may use this vulnerability to cause a vCMP guest to crash,...

8.1CVSS6.5AI score0.16523EPSS
Exploits2
F5 Networks
F5 Networks
•added 2016/11/21 12:0 a.m.•50 views

SOL30403302 - ImageMagick vulnerabilities CVE-2015-8895 and CVE-2015-8896

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS1.9AI score0.04566EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2016/11/08 12:0 a.m.•50 views

SOL35155453 - Multiple LibTIFF vulnerabilities

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

8.8CVSS1.5AI score0.05669EPSS
Exploits2References7
F5 Networks
F5 Networks
•added 2016/10/23 12:0 a.m.•50 views

SOL38110373 - Apache Tomcat vulnerability CVE-2014-7810

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5CVSS1.1AI score0.13872EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2016/10/20 12:0 a.m.•50 views

SOL73644551 - Apache Tomcat vulnerability CVE-2016-6325

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

7.8CVSS2.4AI score0.00693EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2016/07/25 12:0 a.m.•50 views

SOL92930514 - GO vulnerability CVE-2016-5386

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

8.1CVSS2.8AI score0.0522EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2016/03/25 12:0 a.m.•50 views

SOL22334603 - OpenSSL vulnerability CVE-2016-0799

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

10CVSS1.6AI score0.53655EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2016/02/22 12:0 a.m.•50 views

SOL32790144 - NTP vulnerability CVE-2015-7973

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

6.5CVSS1.2AI score0.03362EPSS
Exploits2References11
F5 Networks
F5 Networks
•added 2016/02/19 12:0 a.m.•50 views

SOL59503294 - libjpeg vulnerability CVE-2013-6629

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5CVSS3AI score0.10117EPSS
Exploits0References10
F5 Networks
F5 Networks
•added 2015/12/29 12:0 a.m.•50 views

SOL23332326 - Apache HTTPD vulnerability CVE-2010-2791

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5CVSS5.5AI score0.16002EPSS
Exploits2References4
F5 Networks
F5 Networks
•added 2015/09/09 12:0 a.m.•50 views

SOL17253 - BIG-IP Configuration utility vulnerability CVE-2015-4040

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

4CVSS1.5AI score0.06756EPSS
Exploits5References3
F5 Networks
F5 Networks
•added 2015/07/07 12:0 a.m.•50 views

SOL16914 - OpenSSL vulnerability CVE-2015-1791

For BIG-IP, Enterprise Manager, and BIG-IQ systems, the vulnerable code exists on the system; however, it is not used in the way that exposes the system to the vulnerability. For LineRate systems, the vulnerable code exists on the system; however, it is not used in the way that exposes the system...

6.8CVSS1.4AI score0.15968EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2015/07/01 12:0 a.m.•50 views

SOL16859 - SUSE coreutils vulnerabilities CVE-2013-0221, CVE-2013-0222, and CVE-2013-0223

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

4.3CVSS1.9AI score0.07238EPSS
Exploits2References5
F5 Networks
F5 Networks
•added 2015/04/20 12:0 a.m.•50 views

SOL16472 - glibc vulnerability CVE-2013-7424

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.1CVSS1.8AI score0.02682EPSS
Exploits0References9
F5 Networks
F5 Networks
•added 2015/04/09 12:0 a.m.•50 views

SOL16389 - Multiple MySQL vulnerabilities

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

4CVSS2.1AI score0.0467EPSS
Exploits0References7
F5 Networks
F5 Networks
•added 2015/04/03 12:0 a.m.•50 views

SOL16318 - OpenSSL vulnerability CVE-2015-0287

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

5CVSS1.2AI score0.0837EPSS
Exploits0References3
F5 Networks
F5 Networks
•added 2015/03/30 12:0 a.m.•50 views

SOL16320 - OpenSSL vulnerability CVE-2015-0289

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

5CVSS0.9AI score0.0837EPSS
Exploits0References3
F5 Networks
F5 Networks
•added 2015/01/08 12:0 a.m.•50 views

SOL15967 - glibc and eglibc vulnerability CVE-2011-2702

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

6.8CVSS2.7AI score0.08458EPSS
Exploits6References4
F5 Networks
F5 Networks
•added 2014/10/23 12:0 a.m.•50 views

SOL15732 - Linux kernel vulnerability CVE-2013-0311

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

6.5CVSS1.8AI score0.00644EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2014/06/05 12:0 a.m.•50 views

SOL15322 - PHP vulnerability CVE-2014-0185

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

7.2CVSS2.6AI score0.00505EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2014/04/17 12:0 a.m.•50 views

SOL15172 - BIND vulnerability CVE-2010-3762

F5 Product Development has determined that these BIG-IP and Enterprise Manager versions use a vulnerable version of BIND. However, the vulnerable code is not used by default on these BIG-IP or Enterprise Manager systems. These products are only vulnerable if BIND was manually configured...

4.3CVSS2.9AI score0.08086EPSS
Exploits0References8
F5 Networks
F5 Networks
•added 2011/01/27 12:0 a.m.•50 views

SOL12566 - OpenSSL vulnerability CVE-2010-3864

For information about this advisory, refer to the Common Vulnerabilities and Exposures website at the following location:...

7.6CVSS6.6AI score0.22145EPSS
Exploits0
F5 Networks
F5 Networks
•added 2008/09/01 12:0 a.m.•50 views

SOL9110 - Apache Tomcat information disclosure vulnerability - CVE-2008-2370

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files through a...

5CVSS7.3AI score0.52716EPSS
Exploits1
F5 Networks
F5 Networks
•added 2007/05/16 12:0 a.m.•50 views

SOL5857 - Client certificate check vulnerability in Apache - CVE-2005-2700

In the default configuration, BIG-IP and 3-DNS do not require client certificates to connect to the Configuration utility. This vulnerability cannot be exploited without making unsupported changes to the BIG-IP or 3-DNS web server configuration. This problem was tracked as CR53583 and CR53585 and...

10CVSS3.7AI score0.30576EPSS
Exploits0
F5 Networks
F5 Networks
•added 2006/12/07 12:0 a.m.•50 views

SOL6876 - OpenSSH vulnerabilities CVE-2006-5052

This security advisory describes an OpenSSH vulnerability. OpenSSH versions previous to version 4.4, on platforms with GSSAPI enabled, allow remote attackers to determine the validity of usernames through a Generic Security Services Application Program Interface GSSAPI authentication abort...

5CVSS7.9AI score0.02801EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/10/28 12:26 a.m.•49 views

K000148278: Spring framework CVE-2024-38820 vulnerability

Security Advisory Description The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected. CVE-2024-38820 Impact There is no impact; F5...

5.3CVSS6.5AI score0.00631EPSS
Exploits1
F5 Networks
F5 Networks
•added 2024/10/02 5:24 p.m.•49 views

K000141317: PHP vulnerabilities CVE-2017-9225, CVE-2017-8923, CVE-2016-7413, CVE-2016-9935, and CVE-2016-7417

Security Advisory Description CVE-2017-9225 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigencunicodegetcasefoldcodesbystr occurs during regular expression compilation. Code point...

9.8CVSS8.6AI score0.07191EPSS
Exploits4
F5 Networks
F5 Networks
•added 2024/08/03 3:46 a.m.•49 views

K000140505: Apache HTTPD vulnerability CVE-2024-38473

Security Advisory Description Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixe...

8.1CVSS7.4AI score0.25878EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
•added 2024/05/29 1:35 p.m.•49 views

K000139627: NGINX HTTP/3 QUIC vulnerability CVE-2024-34161

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously...

5.3CVSS7AI score0.00867EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2024/05/16 2:27 a.m.•49 views

K000139630: Expat vulnerability CVE-2023-52425

Security Advisory Description libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. CVE-2023-52425 Impact There is no impact; F5 products are not affected by this...

7.5CVSS7.2AI score0.01815EPSS
Exploits1
F5 Networks
F5 Networks
•added 2024/02/16 10:6 p.m.•49 views

K000138640: Perl vulnerability CVE-2023-47038

Security Advisory Description A vulnerability was found in perl. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. CVE-2023-47038 Impact This vulnerability could allow a local...

7.8CVSS7.2AI score0.00832EPSS
Exploits0Affected Software8
Total number of security vulnerabilities5000