Lucene search
K

6364 matches found

F5 Networks
F5 Networks
•added 2014/12/23 12:0 a.m.•47 views

SOL15931 - Unbound vulnerability CVE-2014-8602

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

4.3CVSS0.2AI score0.25205EPSS
Exploits0References6
F5 Networks
F5 Networks
•added 2014/11/27 12:0 a.m.•47 views

SOL15875 - cURL vulnerability CVE-2013-1944

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...

5CVSS2.1AI score0.04986EPSS
Exploits1References5
F5 Networks
F5 Networks
•added 2014/10/23 12:0 a.m.•47 views

SOL15725 - Multiple 5.5.x and 5.6.x MySQL vulnerabilities

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

7.5CVSS2.4AI score0.14784EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2014/10/06 12:0 a.m.•47 views

SOL15637 - GnuTLS vulnerability CVE-2013-2116

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

5CVSS2.8AI score0.35584EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2014/09/18 12:0 a.m.•47 views

SOL15604 - Multiple rsync vulnerabilities

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL167: Downloading software and firmware fro...

10CVSS4.2AI score0.05442EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2014/07/17 12:0 a.m.•47 views

SOL15423 - GNU Libtasn1 vulnerabilities CVE-2014-3467 and CVE-2014-3468

Vulnerability Recommended Actions ARX If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exist...

7.5CVSS1.6AI score0.068EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2014/07/10 12:0 a.m.•47 views

SOL15405 - OpenSSL 0.9.8l vulnerability CVE-2009-4355

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

5CVSS2.7AI score0.08941EPSS
Exploits2References4
F5 Networks
F5 Networks
•added 2013/05/01 12:0 a.m.•47 views

SOL14386 - BIND vulnerability CVE-2013-2266

Vulnerability Recommended Actions To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the table. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to...

7.8CVSS3.8AI score0.42851EPSS
Exploits1References7
F5 Networks
F5 Networks
•added 2011/02/28 12:0 a.m.•47 views

SOL12650 - PHP vulnerability CVE-2010-4645

The strtod.c function may allow context-dependent attackers to cause a denial-of-service via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers. Information about this advisory is available at the following location: Note: The previous link...

5CVSS8.8AI score0.15103EPSS
Exploits1
F5 Networks
F5 Networks
•added 2009/04/05 12:0 a.m.•47 views

SOL9913 - Apache Tomcat vulnerability - CVE-2008-4308

Description The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request. Information about this advisory is...

2.6CVSS7.3AI score0.03914EPSS
Exploits2
F5 Networks
F5 Networks
•added 2008/06/30 12:0 a.m.•47 views

SOL8920 - Linux kernel vulnerability CVE-2007-2876

A flaw in the connection tracking support for SCTP allows a remote user to cause a denial of service by dereferencing a NULL pointer. Information about this advisory is available at the following location: Note: This link takes you to a resource outside of AskF5, and it is possible that the...

6.1CVSS7.2AI score0.01395EPSS
Exploits0
F5 Networks
F5 Networks
•added 2008/06/30 12:0 a.m.•47 views

SOL8921 - Linux kernel vulnerability CVE-2007-3740

A flaw in the CIFS filesystem could cause the umask values of a process to not be honored. Information about this advisory is available at the following location:...

4.4CVSS5.6AI score0.0038EPSS
Exploits0
F5 Networks
F5 Networks
•added 2007/05/16 12:0 a.m.•47 views

SOL6795 - ClamAV CHM Chunk Name Length DoS Vulnerability - CVE-2006-5295

The FirePass controller can be configured to provide anti-virus scanning of files uploaded through Portal Access using the ClamAV open source software. A vulnerability in ClamAV 0.88.4 and earlier versions could allow a remote attacker to crash the scanner process using a specially crafted...

5CVSS5.7AI score0.10471EPSS
Exploits0
F5 Networks
F5 Networks
•added 2005/07/20 12:0 a.m.•47 views

SOL4441 - BSD telnet vulnerabilities CAN-2005-0468 and CAN-2005-0469

Was this resource helpful in solving your issue? Yes - this resource was helpful No - this resource was not helpful I don‘t know yet NOTE: Please do not provide personal information. Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:...

7.5CVSS1.6AI score0.27073EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/05/07 1:44 p.m.•46 views

K000151008: Quarterly Security Notification (May 2025)

Security Advisory Description On May 7, 2025, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. You can watch th...

9.2CVSS9.6AI score0.26055EPSS
Exploits1
F5 Networks
F5 Networks
•added 2024/10/28 12:26 a.m.•46 views

K000148278: Spring framework CVE-2024-38820 vulnerability

Security Advisory Description The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected. CVE-2024-38820 Impact There is no impact; F5...

5.3CVSS6.5AI score0.00631EPSS
Exploits1
F5 Networks
F5 Networks
•added 2024/08/14 1:12 p.m.•46 views

K000138833: BIG-IP TMM vulnerability CVE-2024-41727

Security Advisory Description In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition VEs using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization. CVE-2024-41727 Impact System performance can degrade until the Traffic...

8.7CVSS6.8AI score0.00481EPSS
Exploits0Affected Software12
F5 Networks
F5 Networks
•added 2024/07/05 7:2 p.m.•46 views

K000140257: OpenSSL vulnerability CVE-2024-4741

Security Advisory Description Issue summary: Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or...

7.5CVSS8AI score0.02945EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2024/05/08 12:55 p.m.•46 views

K000139012: BIG-IP Next Central Manager vulnerability CVE-2024-33612

Security Advisory Description An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary. CVE-2024-33612...

6.8CVSS6.3AI score0.00233EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2024/04/29 2:37 a.m.•46 views

K000139429: Oracle GraalVM Vulnerability CVE-2024-20954 and CVE-2024-21098

Security Advisory Description CVE-2024-20954 Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Compiler. Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3....

3.7CVSS4.1AI score0.00564EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/03/20 5:6 a.m.•46 views

K000138953: Python vulnerability CVE-2023-41105

Security Advisory Description An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for...

7.5CVSS8.4AI score0.02187EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/02/23 6:16 p.m.•46 views

K000138695: OpenSSL vulnerability CVE-2024-0727

Security Advisory Description Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12...

5.5CVSS7.1AI score0.03174EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2024/02/14 1:36 p.m.•46 views

K000137796: BIG-IP SSL profile security exposure

Security Advisory Description The BIG-IP system may not honor the revocation status of a certificate present in the certificate revocation list CRL file, potentially allowing unauthorized connections. This issue occurs when all of the following conditions are met: A ClientSSL or ServerSSL profile...

6.5AI score
Exploits0
F5 Networks
F5 Networks
•added 2024/02/13 7:5 p.m.•46 views

K000138600: Python vulnerability CVE-2023-43804

Security Advisory Description urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a Cookie heade...

8.1CVSS6.9AI score0.01207EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/10/23 9:42 p.m.•46 views

K000137330: Node.JS vulnerabilities CVE-2023-38552, CVE-2023-39331, CVE-2023-39332, and CVE-2023-3933

Security Advisory Description CVE-2023-38552 When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check...

9.8CVSS6.5AI score0.01819EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/10/02 8:54 p.m.•46 views

K000137093: Node.js vulnerabilities CVE-2018-7167, CVE-2018-12115, and CVE-2018-12116

Security Advisory Description CVE-2018-7167 Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instea...

7.5CVSS7.4AI score0.08028EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/09/29 4:49 p.m.•46 views

K000137054: libwebp vulnerabilities CVE-2023-4863 and CVE-2023-5129

Security Advisory Description CVE-2023-4863 Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical CVE-2023-5129 REJECTED This CVE I...

8.8CVSS7.4AI score0.99735EPSS
Exploits9
F5 Networks
F5 Networks
•added 2023/06/20 7:23 p.m.•46 views

K000135122: Linux kernel vulnerability CVE-2023-0461

Security Advisory Description There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIGTLS or CONFIGXFRMESPINTCP has to be configured, but the operation does not require any...

7.8CVSS7.1AI score0.00652EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 8:2 p.m.•46 views

K75532331: iRulesLX debug NodeJS vulnerability CVE-2019-6644

Security Advisory Description Similar to the issue identified in CVE-2018-12120, the BIG-IP system will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible. CVE-2019-6644 Impac...

9.4CVSS8.1AI score0.01404EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 8:2 p.m.•46 views

K93960557: Linux kernel vulnerability CVE-2018-5953

Security Advisory Description The swiotlbprintinfo function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call. CVE-2018-5953 Impact There is no impact; F5 products are not...

5.5CVSS5.7AI score0.00401EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 8:0 p.m.•46 views

K75910138: Python vulnerabilities CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, and CVE-2012-1150

Security Advisory Description CVE-2011-1521 The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service...

6.4CVSS7AI score0.0562EPSS
Exploits7
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•46 views

K15262: Apache Struts vulnerability CVE-2014-0113

Security Advisory Description CookieInterceptor in Apache Struts before 2.3.16.2, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request...

7.5CVSS8.2AI score0.78451EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:58 p.m.•46 views

K17126: Apache Struts vulnerability CVE-2014-7809

Security Advisory Description Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism. CVE-2014-7809 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...

6.8CVSS7.1AI score0.03486EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•46 views

K14631834: NGINX Controller vulnerability CVE-2020-5863

Security Advisory Description In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other...

8.6CVSS8.4AI score0.01122EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•46 views

K05032915: GNU Binutils vulnerability CVE-2019-1010204

Security Advisory Description GNU binutils gold gold v1.11-v1.16 GNU binutils v2.21-v2.31.1 is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcppfile.h:644. The attack vect...

5.5CVSS6.5AI score0.01115EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•46 views

K26310765: HTTP/2 profile vulnerability CVE-2022-23012

Security Advisory Description When the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23012 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote unauthenticate...

7.5CVSS7.5AI score0.0092EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 7:56 p.m.•46 views

K43798238: OpenSSL vulnerability CVE-2019-1551

Security Advisory Description There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be ver...

5.3CVSS6.4AI score0.14298EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•46 views

K88511840: QEMU vulnerability CVE-2015-8345

Security Advisory Description The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service application crash and infinite loop via vectors involving the command block list. CVE-2015-8345 Impact There is no impact; F5 products are not affected by this...

6.5CVSS6.9AI score0.00393EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•46 views

K82224417: Linux kernel vulnerability CVE-2017-7308

Security Advisory Description The packetsetring function in net/packet/afpacket.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service overflow or possibly have unspecified other impact via crafted system call...

7.8CVSS6.8AI score0.17827EPSS
Exploits17
F5 Networks
F5 Networks
•added 2023/02/21 7:46 p.m.•46 views

K9109: Apache Tomcat cross-site scripting vulnerability CVE-2008-1947

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

4.3CVSS4.5AI score0.09776EPSS
Exploits2
F5 Networks
F5 Networks
•added 2023/02/21 7:45 p.m.•46 views

K15260: Apache Struts vulnerability CVE-2014-0094

Security Advisory Description The ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method. CVE-2014-0094 Impact None. F5 products do not use the affected Apache Struts version...

5CVSS9.3AI score0.99614EPSS
Exploits7
F5 Networks
F5 Networks
•added 2023/02/21 7:42 p.m.•46 views

K14739: OpenSSH vulnerability CVE-2008-3234

Security Advisory Description sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ colon slash sequence, followed by the role name, to the username. CVE-2008-3234 Impact None. No F...

6.5CVSS9.1AI score0.05773EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:36 p.m.•46 views

K61570943: Multiple libXML2 vulnerabilities

Security Advisory Description CVE-2015-5312 The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability...

7.1CVSS8.2AI score0.0721EPSS
Exploits2Affected Software21
F5 Networks
F5 Networks
•added 2023/02/21 7:35 p.m.•46 views

K8578: Security Advisory: BIND buffer overflow in inet_network CVE-2008-0122

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

10CVSS6.6AI score0.123EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:27 p.m.•46 views

K65271605: NTP vulnerability CVE-2016-1549

Security Advisory Description A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and...

6.5CVSS6.5AI score0.03147EPSS
Exploits1Affected Software22
F5 Networks
F5 Networks
•added 2023/02/21 7:8 p.m.•46 views

K15341: BIG-IP ASM Virtual Edition may run out of memory under certain DoS conditions

Security Advisory Description The BIG-IP ASM system limits the maximum number of concurrent requests with large payloads 10,000 bytes or larger by default to 100, using the maxconcurrentlongrequest internal parameter. The BIG-IP ASM system drops new requests with large payloads once this limit is...

6.5AI score
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:0 p.m.•46 views

K71581599: libgd vulnerability CVE-2016-6161

Security Advisory Description The output function in gdgifout.c in the GD Graphics Library aka libgd allows remote attackers to cause a denial of service out-of-bounds read via a crafted image. CVE-2016-6161 Impact When using PHP to generate GIF images, it is possible for a specially crafted GD2...

6.5CVSS6.8AI score0.02772EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:0 p.m.•46 views

K51494034: Intel NUC BIOS firmware vulnerability CVE-2021-33164

Security Advisory Description Improper access control in BIOS firmware for some IntelR NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-33164 Impact There is no impact; F5 products are not affected by this...

8.2CVSS6.6AI score0.00193EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:59 p.m.•46 views

K49921213: glibc vulnerability CVE-2020-1752

Security Advisory Description A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit thi...

7CVSS7.5AI score0.00535EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:59 p.m.•46 views

K51444934: NTP vulnerability CVE-2016-7426

Security Advisory Description NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service prevent responses from the sources by sending responses with a spoofed source...

7.5CVSS6.4AI score0.12367EPSS
Exploits0Affected Software12
Total number of security vulnerabilities5000