Lucene search
+L

6414 matches found

f5
f5
•added 2008/06/30 12:0 a.m.•49 views

SOL8921 - Linux kernel vulnerability CVE-2007-3740

A flaw in the CIFS filesystem could cause the umask values of a process to not be honored. Information about this advisory is available at the following location:...

4.4CVSS5.6AI score0.0038EPSS
Exploits0
f5
f5
•added 2007/05/16 12:0 a.m.•49 views

SOL2319 - Insufficient MAC computation in OpenSSH - CAN-2003-0078

Obtaining and installing patches F5 has released a patch for BIG-IP and 3-DNS versions 4.2 and 4.5. To download the patch, perform the following procedure 1. Open the F5 Downloads page in a browser. 2. Navigate to the BIG-IP BIG-IP v4.x 4.5.x section. 3. Click CAN-2003-0078 and download the...

5CVSS2.6AI score0.13718EPSS
Exploits0
f5
f5
•added 2005/07/20 12:0 a.m.•49 views

SOL4441 - BSD telnet vulnerabilities CAN-2005-0468 and CAN-2005-0469

Was this resource helpful in solving your issue? Yes - this resource was helpful No - this resource was not helpful I don‘t know yet NOTE: Please do not provide personal information. Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:...

7.5CVSS1.6AI score0.27073EPSS
Exploits0
f5
f5
•added 2026/02/04 2:42 p.m.•48 views

K000159076: Quarterly Security Notification (February 2026)

Security Advisory Description On February 4, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associate...

8.2CVSS6.2AI score0.00339EPSS
Exploits0
f5
f5
•added 2024/08/14 1:14 p.m.•48 views

K000140529: NGINX ngx_http_mp4_module vulnerability CVE-2024-7347

Security Advisory Description NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the...

5.7CVSS8.1AI score0.0032EPSS
Exploits0Affected Software2
f5
f5
•added 2024/08/14 1:12 p.m.•48 views

K000138833: BIG-IP TMM vulnerability CVE-2024-41727

Security Advisory Description In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition VEs using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization. CVE-2024-41727 Impact System performance can degrade until the Traffic...

8.7CVSS6.8AI score0.00481EPSS
Exploits0Affected Software12
f5
f5
•added 2024/05/08 12:55 p.m.•48 views

K000139012: BIG-IP Next Central Manager vulnerability CVE-2024-33612

Security Advisory Description An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary. CVE-2024-33612...

6.8CVSS6.3AI score0.00233EPSS
Exploits0Affected Software1
f5
f5
•added 2024/01/17 3:50 a.m.•48 views

K000138178: Apache Tomcat vulnerability CVE-2023-42795

Security Advisory Description Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to...

5.3CVSS8AI score0.0216EPSS
Exploits1Affected Software13
f5
f5
•added 2023/09/29 4:49 p.m.•48 views

K000137054: libwebp vulnerabilities CVE-2023-4863 and CVE-2023-5129

Security Advisory Description CVE-2023-4863 Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical CVE-2023-5129 REJECTED This CVE I...

8.8CVSS7.4AI score0.99735EPSS
Exploits9
f5
f5
•added 2023/04/10 8:33 p.m.•48 views

K000133456: OpenJDK vulnerabilities CVE-2019-2766, CVE-2019-2769, CVE-2019-2786, CVE-2019-2816, CVE-2019-2842

Security Advisory Description CVE-2019-2766 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows...

5.8CVSS6.3AI score0.04351EPSS
Exploits0
f5
f5
•added 2023/02/21 8:2 p.m.•48 views

K54211024: OpenSSL vulnerability CVE-2016-6304

Security Advisory Description Multiple memory leaks in t1lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service memory consumption via large OCSP Status Request extensions. CVE-2016-6304 Impact A remote attacker can...

7.8CVSS8.2AI score0.63029EPSS
Exploits2Affected Software18
f5
f5
•added 2023/02/21 8:2 p.m.•48 views

K40523020: Linux kernel vulnerability CVE-2018-16658

Security Advisory Description An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdromioctldrivestatus in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is...

6.1CVSS6.1AI score0.00552EPSS
Exploits0Affected Software15
f5
f5
•added 2023/02/21 8:1 p.m.•48 views

K08306700: DHCP client vulnerability CVE-2018-5732

Security Advisory Description An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client machines via a crafted DHCP response packet. CVE-2018-5732...

7.5CVSS7.5AI score0.0496EPSS
Exploits0Affected Software18
f5
f5
•added 2023/02/21 8:0 p.m.•48 views

K9754: BIND 9 vulnerability CVE-2009-0025

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

6.8CVSS7.8AI score0.0686EPSS
Exploits0
f5
f5
•added 2023/02/21 7:57 p.m.•48 views

K00409335: procps-ng vulnerability CVE-2018-1122

Security Advisory Description procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the configfil...

7.3CVSS7.6AI score0.013EPSS
Exploits5Affected Software16
f5
f5
•added 2023/02/21 7:56 p.m.•48 views

K29421535: Intel processor vulnerability CVE-2021-33117

Security Advisory Description Improper access control for some 3rd Generation IntelR XeonR Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access. CVE-2021-33117 Impact This vulnerability may potentially allow a local...

5.5CVSS5.2AI score0.00306EPSS
Exploits0Affected Software1
f5
f5
•added 2023/02/21 7:54 p.m.•48 views

K00174195: Apache Tomcat vulnerability CVE-2021-25122

Security Advisory Description When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both se...

7.5CVSS7.5AI score0.18114EPSS
Exploits1Affected Software1
f5
f5
•added 2023/02/21 7:49 p.m.•48 views

K13217575: Session data may be exposed when using a proxy to multiplex connections to the BIG-IP APM system

Security Advisory Description This issue occurs when all of the following conditions are met: The BIG-IP APM system is configured to perform NTLM SSO authentication to back-end servers. A proxy in front of the BIG-IP APM system multiplexes connections from different users. Impact Users may be...

7AI score
Exploits0
f5
f5
•added 2023/02/21 7:49 p.m.•49 views

K16441: MIT Kerberos 5 vulnerability CVE-2014-9423

Security Advisory Description The svcauthgssacceptseccontext function in lib/rpc/svcauthgss.c in MIT Kerberos 5 aka krb5 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive...

5CVSS7.8AI score0.0389EPSS
Exploits0
f5
f5
•added 2023/02/21 7:45 p.m.•48 views

K15260: Apache Struts vulnerability CVE-2014-0094

Security Advisory Description The ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method. CVE-2014-0094 Impact None. F5 products do not use the affected Apache Struts version...

5CVSS9.3AI score0.99614EPSS
Exploits7
f5
f5
•added 2023/02/21 7:42 p.m.•48 views

K14739: OpenSSH vulnerability CVE-2008-3234

Security Advisory Description sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ colon slash sequence, followed by the role name, to the username. CVE-2008-3234 Impact None. No F...

6.5CVSS9.1AI score0.05773EPSS
Exploits1
f5
f5
•added 2023/02/21 7:41 p.m.•48 views

K17541: Linux kernel vulnerability CVE-2015-2150

Security Advisory Description Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service non-maskable interrupt and host crash by disabling the 1 memory or 2 I/O decoding fo...

4.9CVSS6.4AI score0.00534EPSS
Exploits0
f5
f5
•added 2023/02/21 7:40 p.m.•48 views

K36488941: OpenSSL vulnerability CVE-2016-2106

Security Advisory Description Integer overflow in the EVPEncryptUpdate function in crypto/evp/evpenc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service heap memory corruption via a large amount of data. CVE-2016-2106 Impact A successful attack...

7.5CVSS8.2AI score0.27261EPSS
Exploits1Affected Software23
f5
f5
•added 2023/02/21 7:38 p.m.•48 views

K35240323: PHP vulnerability CVE-2016-4539

Security Advisory Description The xmlparseintostruct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service buffer under-read and segmentation fault or possibly have unspecified other impact via crafted XML da...

9.8CVSS9.4AI score0.06229EPSS
Exploits1Affected Software21
f5
f5
•added 2023/02/21 7:37 p.m.•48 views

K17457: Linux kernel vulnerability CVE-2015-6252

Security Advisory Description The vhostdevioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service memory consumption via a VHOSTSETLOGFD ioctl call that triggers permanent file-descriptor allocation. CVE-2015-6252 Impact None. F5...

2.1CVSS6.3AI score0.00442EPSS
Exploits0
f5
f5
•added 2023/02/21 7:36 p.m.•48 views

K22040951: systemd-journald vulnerability CVE-2019-3815

Security Advisory Description A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatchmessagereal in journald-server.c does not free the memory allocated by setiovecfieldfree to store the CMDLINE= entry. A local attacker may use this...

3.3CVSS6.7AI score0.004EPSS
Exploits0Affected Software11
f5
f5
•added 2023/02/21 7:35 p.m.•48 views

K8578: Security Advisory: BIND buffer overflow in inet_network CVE-2008-0122

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

10CVSS6.6AI score0.123EPSS
Exploits1
f5
f5
•added 2023/02/21 7:33 p.m.•48 views

K88162221: The BIG-IP ASM system may not properly perform signature checks on cookies

Security Advisory Description The BIG-IP ASM system may not properly perform signature checks on cookies. This issue occurs when the following condition is met: You have a security policy enabled with cookie scope attack signatures. Impact Cookies containing malicious payload may pass through the...

5.3CVSS5.9AI score0.0158EPSS
Exploits1
f5
f5
•added 2023/02/21 7:32 p.m.•48 views

K15741: Apache Commons HttpClient vulnerability CVE-2012-6153

Security Advisory Description http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...

4.3CVSS5.8AI score0.05844EPSS
Exploits0
f5
f5
•added 2023/02/21 7:31 p.m.•48 views

K9762: OpenSSL vulnerability - CVE-2008-5077

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

5.8CVSS7.7AI score0.05146EPSS
Exploits1
f5
f5
•added 2023/02/21 7:27 p.m.•48 views

K65271605: NTP vulnerability CVE-2016-1549

Security Advisory Description A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and...

6.5CVSS6.5AI score0.03147EPSS
Exploits1Affected Software22
f5
f5
•added 2023/02/21 7:26 p.m.•48 views

K48448204: PHP vulnerability CVE-2016-6207

Security Advisory Description Integer overflow in the gdContributionsAlloc function in gdinterpolation.c in GD Graphics Library aka libgd before 2.2.3 allows remote attackers to cause a denial of service out-of-bounds memory write or memory consumption via unspecified vectors. CVE-2016-6207 Impac...

6.5CVSS8AI score0.06256EPSS
Exploits0
f5
f5
•added 2023/02/21 7:25 p.m.•48 views

K16976: PHP vulnerability CVE-2015-1352

Security Advisory Description The buildtablename function in pgsql.c in the PostgreSQL aka pgsql extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service. CVE-2015-1352 Impact There is no impact; F5 products are...

5CVSS7.5AI score0.07704EPSS
Exploits1
f5
f5
•added 2023/02/21 7:8 p.m.•48 views

K15341: BIG-IP ASM Virtual Edition may run out of memory under certain DoS conditions

Security Advisory Description The BIG-IP ASM system limits the maximum number of concurrent requests with large payloads 10,000 bytes or larger by default to 100, using the maxconcurrentlongrequest internal parameter. The BIG-IP ASM system drops new requests with large payloads once this limit is...

6.5AI score
Exploits0Affected Software1
f5
f5
•added 2023/02/21 7:0 p.m.•48 views

K54891070: Tomcat vulnerabilities CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887

Security Advisory Description CVE-2012-5885 The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc...

5CVSS5.2AI score0.12098EPSS
Exploits2
f5
f5
•added 2023/02/21 7:0 p.m.•48 views

K52259753: Intel Processor vulnerability CVE-2022-26373

Security Advisory Description Non-transparent sharing of return predictor targets between contexts in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2022-26373 Impact There is no impact; F5 products are not affected by this...

5.5CVSS5.8AI score0.0035EPSS
Exploits0
f5
f5
•added 2023/02/21 6:59 p.m.•48 views

K90011301: libssh2 vulnerabilities CVE-2019-3856, CVE-2019-3857, and CVE-2019-3863

Security Advisory Description CVE-2019-3856 An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system...

8.8CVSS7.7AI score0.06131EPSS
Exploits0Affected Software16
f5
f5
•added 2023/02/21 6:55 p.m.•48 views

K13074505: libarchive vulnerability CVE-2016-8687

Security Advisory Description Stack-based buffer overflow in the safefprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename. CVE-2016-8687 Impact For BIG-IP and VIPRION platforms that ar...

7.5CVSS7.8AI score0.05258EPSS
Exploits0Affected Software11
f5
f5
•added 2023/02/21 6:55 p.m.•48 views

K17296065: Apache mod_userdir vulnerability CVE-2016-4975

Security Advisory Description Possible CRLF injection allowing HTTP response splitting attacks for sites which use moduserdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache...

6.1CVSS6.1AI score0.19798EPSS
Exploits0
f5
f5
•added 2023/02/21 6:54 p.m.•48 views

K23432135: Apache Struts 2 vulnerability CVE-2016-3093

Security Advisory Description Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service block access to a web site via unspecified vectors. CVE-2016-3093 Impact The Object-Graph...

5.3CVSS5.7AI score0.08667EPSS
Exploits0Affected Software1
f5
f5
•added 2023/02/21 6:54 p.m.•48 views

K92327553: BlueZ and Intel Smart Sound Technology vulnerabilities CVE-2020-0556 and CVE-2020-0583

Security Advisory Description CVE-2020-0556 Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access CVE-2020-0583 Improper access control in the subsystem for Intel...

8.8CVSS6.4AI score0.01033EPSS
Exploits0
f5
f5
•added 2023/02/21 6:53 p.m.•48 views

K54423555: PHP vulnerability CVE-2015-4147

Security Advisory Description The SoapClient::call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that defaultheaders is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an...

7.5CVSS8AI score0.12269EPSS
Exploits1
f5
f5
•added 2023/02/21 6:53 p.m.•48 views

K34120074: PostgreSQL vulnerability CVE-2020-1720

Security Advisory Description A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to...

6.5CVSS6.7AI score0.01183EPSS
Exploits0Affected Software1
f5
f5
•added 2023/02/21 6:52 p.m.•48 views

K17525: NTP vulnerability CVE-2015-7853

Security Advisory Description The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service crash via a negative input value. CVE-2015-7853 Impact Running a custom refclock driver in...

9.8CVSS7.3AI score0.11781EPSS
Exploits0Affected Software22
f5
f5
•added 2023/02/21 6:52 p.m.•48 views

K16871: logrotate vulnerability CVE-2011-1155

Security Advisory Description The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service rotation outage via a 1 \n newline or 2 \ backslash character in a log filename, as demonstrated by a filename that is...

1.9CVSS6.5AI score0.00387EPSS
Exploits1Affected Software18
f5
f5
•added 2023/02/21 6:50 p.m.•48 views

K5534: Apache mod_proxy message format vulnerability CAN-2004-0700

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

7.5CVSS7AI score0.05802EPSS
Exploits0
f5
f5
•added 2023/02/21 6:49 p.m.•48 views

K64928095: Java SE vulnerability CVE-2019-2983

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attack...

4.3CVSS5AI score0.03749EPSS
Exploits0
f5
f5
•added 2023/02/21 6:48 p.m.•48 views

K44318398: Net-SNMP vulnerability CVE-2020-15862

Security Advisory Description Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. CVE-2020-15862 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisor...

7.8CVSS6.8AI score0.00382EPSS
Exploits0
f5
f5
•added 2023/02/21 6:47 p.m.•48 views

K09413574: OpenSSL vulnerability CVE-2022-1434

Security Advisory Description The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one...

5.9CVSS6.5AI score0.01026EPSS
Exploits0
f5
f5
•added 2023/02/21 6:47 p.m.•48 views

K91327225: Linux sudo process vulnerability CVE-2019-18634

Security Advisory Description In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many othe...

7.8CVSS7.9AI score0.19426EPSS
Exploits13Affected Software1
Total number of security vulnerabilities5000