Lucene search
K

6413 matches found

F5 Networks
F5 Networks
added 2016/01/28 12:0 a.m.47 views

SOL72225092 - Linux kernel vulnerability CVE-2015-8746

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

7.5CVSS2.5AI score0.03103EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2016/01/05 12:0 a.m.47 views

SOL13405416 - QEMU vulnerability CVE-2012-3515

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.2CVSS2.2AI score0.00528EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2015/11/02 12:0 a.m.47 views

SOL17521 - NTP vulnerability CVE-2015-7849

If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not lis...

8.8CVSS0.2AI score0.16848EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2015/09/09 12:0 a.m.47 views

SOL17251 - Apache vulnerability CVE-2015-3183

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

5CVSS0.9AI score0.73327EPSS
Exploits0References7
F5 Networks
F5 Networks
added 2015/09/08 12:0 a.m.47 views

SOL17239 - Linux kernel vulnerability CVE-2014-9529

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

6.9CVSS0.8AI score0.00336EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2015/07/01 12:0 a.m.47 views

SOL16840 - SSH vulnerability CVE-1999-1085

OpenSSH supports the use of the SSH1 protocol; however, it is not enabled in default configurations. SSH1 can only be enabled by manually editing the OpenSSH configuration file. Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles...

5CVSS0.6AI score0.03211EPSS
Exploits0References6
F5 Networks
F5 Networks
added 2015/04/21 12:0 a.m.47 views

SOL16476 - NET-SNMP vulnerability CVE-2012-6151

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

4.3CVSS2.5AI score0.09451EPSS
Exploits1References10
F5 Networks
F5 Networks
added 2015/04/15 12:0 a.m.47 views

SOL16441 - MIT Kerberos 5 vulnerability CVE-2014-9423

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy...

5CVSS3.4AI score0.0389EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2015/04/02 12:0 a.m.47 views

SOL16341 - Linux kernel Controller Area Network (CAN) vulnerability CVE-2010-2959

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

7.2CVSS2.1AI score0.03746EPSS
Exploits6References2
F5 Networks
F5 Networks
added 2015/02/12 12:0 a.m.47 views

SOL16117 - Multiple libvirt vulnerabilities

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL4602: Overview of the F5 security vulnerability response policy SOL9957: Creating a custom RSS feed to view new and updated documents SOL4918: Overview of the F5 critical issue...

7.2CVSS2.4AI score0.02791EPSS
Exploits1References4
F5 Networks
F5 Networks
added 2014/12/04 12:0 a.m.47 views

SOL15872 - libxml2 vulnerability CVE-2014-3660

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted XML document containing a large number of nested entity references, a...

5CVSS5.9AI score0.03988EPSS
Exploits1References5
F5 Networks
F5 Networks
added 2014/12/01 12:0 a.m.47 views

SOL15876 - PHP vulnerability CVE-2013-2110

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

5CVSS0.5AI score0.06748EPSS
Exploits1References4
F5 Networks
F5 Networks
added 2014/12/01 12:0 a.m.47 views

SOL15879 - SOAP parser vulnerability CVE-2013-1824

Certain product versions contain the affected code; however, those product versions do not parse untrusted XML input, and are therefore not exploitable. Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate thi...

4.3CVSS1.7AI score0.04314EPSS
Exploits1References5
F5 Networks
F5 Networks
added 2014/11/27 12:0 a.m.47 views

SOL15881 - Libpng vulnerability CVE-2011-3048

The noted versions contain vulnerable code, but do not parse PNG images by default, and are therefore not vulnerable. Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version...

6.8CVSS1.9AI score0.06593EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2014/11/27 12:0 a.m.47 views

SOL15875 - cURL vulnerability CVE-2013-1944

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...

5CVSS2.1AI score0.04986EPSS
Exploits1References5
F5 Networks
F5 Networks
added 2014/11/25 12:0 a.m.47 views

SOL15862 - Multiple cURL and libcurl vulnerabilities CVE-2014-0015, CVE-2014-0138, and CVE-2014-0139

Recommended Action BIG-IP, BIG-IQ, and Enterprise Manager If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candida...

6.4CVSS1.3AI score0.05599EPSS
Exploits1References4
F5 Networks
F5 Networks
added 2014/10/06 12:0 a.m.47 views

SOL15637 - GnuTLS vulnerability CVE-2013-2116

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

5CVSS2.8AI score0.35584EPSS
Exploits1References4
F5 Networks
F5 Networks
added 2014/09/29 12:0 a.m.47 views

SOL15635 - PHP 5.x vulnerability - CVE-2012-1171

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...

5CVSS1.4AI score0.02812EPSS
Exploits1References4
F5 Networks
F5 Networks
added 2014/07/17 12:0 a.m.47 views

SOL15423 - GNU Libtasn1 vulnerabilities CVE-2014-3467 and CVE-2014-3468

Vulnerability Recommended Actions ARX If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exist...

7.5CVSS1.6AI score0.068EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2014/07/10 12:0 a.m.47 views

SOL15399 - Usermin remote vulnerability CVE-2014-3883

The vulnerability described in this article has been resolved, or does not affect any F5 products. There will be no further updates, unless new information is discovered...

6.8CVSS2.3AI score0.01295EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2014/04/10 12:0 a.m.47 views

SOL15160 - GnuTLS vulnerability CVE-2014-0092

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. For affected ARX...

5.8CVSS2.3AI score0.29958EPSS
Exploits1References5
F5 Networks
F5 Networks
added 2014/04/10 12:0 a.m.47 views

SOL15156 - OpenSSH vulnerability CVE-2009-2904

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custo...

6.9CVSS2.9AI score0.00318EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2014/04/07 12:0 a.m.47 views

SOL15150 - cURL and libcurl vulnerability CVE-2013-4545

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy...

4.3CVSS3.3AI score0.03076EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2011/05/13 12:0 a.m.47 views

SOL12851 - BIND vulnerability CVE-2010-3613

This security advisory describes a BIND vulnerability. For information about this advisory, refer to the Common Vulnerabilities and Exposures website at the following location: Note: The following link will take you to a resource outside of AskF5, and it is possible that the document may be remov...

4CVSS8.6AI score0.091EPSS
Exploits0
F5 Networks
F5 Networks
added 2009/02/24 12:0 a.m.47 views

SOL9754 - BIND 9 vulnerability CVE-2009-0025

BIND does not properly check the return value from the OpenSSL DSAverify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature. Information about this advisory is available at the following location: Note: The previous link takes y...

7.5CVSS7.3AI score0.0686EPSS
Exploits1
F5 Networks
F5 Networks
added 2008/09/01 12:0 a.m.47 views

SOL9109 - Apache Tomcat cross-site scripting vulnerability CVE-2008-1947

Cross-site scripting XSS vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML through the name parameter the hostname attribute to host-manager/html/add. Information about this advisory is available at the...

4.3CVSS6.6AI score0.09776EPSS
Exploits2
F5 Networks
F5 Networks
added 2008/02/14 12:0 a.m.47 views

SOL8425 - Linux Kernel Vulnerability - CVE-2008-0600

CVE-2008-0600 - Linux Kernel Multiple Memory Access Vulnerabilities. The vmsplicetopipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges through crafted arguments in a vmsplice syste...

7.2CVSS5.6AI score0.0354EPSS
Exploits3
F5 Networks
F5 Networks
added 2006/10/06 12:0 a.m.47 views

SOL2593 - Buffer overflow in zlib - CAN-2003-0107

Note: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about F5 Networks' security policy regarding evaluating older and unsupported versions of F5 Networks products, refer to SOL4602: Overview of F5 Networks securi...

7.5CVSS2.2AI score0.2554EPSS
Exploits1
F5 Networks
F5 Networks
added 2024/11/08 9:15 p.m.46 views

K000148467: MySQL vulnerabilities CVE-2024-21262 and CVE-2024-21272

Security Advisory Description CVE-2024-21262 Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/ODBC. Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoco...

7.5CVSS7.6AI score0.00547EPSS
Exploits1
F5 Networks
F5 Networks
added 2024/05/08 12:51 p.m.46 views

K000138733: BIG-IP Next Central Manager SQL Injection vulnerability CVE-2024-26026

Security Advisory Description An SQL injection vulnerability exists in the BIG-IP Next Central Manager API URI. CVE-2024-26026 Impact An unauthenticated attacker can exploit this vulnerability to execute malicious SQL statements through the BIG-IP Next Central Manager API URI. This vulnerability...

7.5CVSS9.9AI score0.07163EPSS
Exploits0
F5 Networks
F5 Networks
added 2024/05/03 7:9 p.m.46 views

K000139508: rust-openssl vulnerability CVE-2024-3296

Security Advisory Description A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of tria...

5.9CVSS5.7AI score0.00415EPSS
Exploits0
F5 Networks
F5 Networks
added 2024/04/30 7:7 a.m.46 views

K000139446: Oracle Java vulnerability CVE-2024-21005

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerabili...

3.1CVSS5.8AI score0.00853EPSS
Exploits0
F5 Networks
F5 Networks
added 2024/02/16 11:2 p.m.46 views

K000138641: cURL vulnerability CVE-2023-46219

Security Advisory Description When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. CVE-2023-46219 Impact An attacker with a network position that allows the...

5.3CVSS7AI score0.01133EPSS
Exploits1Affected Software2
F5 Networks
F5 Networks
added 2023/10/23 9:42 p.m.46 views

K000137330: Node.JS vulnerabilities CVE-2023-38552, CVE-2023-39331, CVE-2023-39332, and CVE-2023-3933

Security Advisory Description CVE-2023-38552 When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check...

9.8CVSS6.5AI score0.01819EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/10/02 8:54 p.m.46 views

K000137093: Node.js vulnerabilities CVE-2018-7167, CVE-2018-12115, and CVE-2018-12116

Security Advisory Description CVE-2018-7167 Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instea...

7.5CVSS7.4AI score0.08028EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
added 2023/07/27 5:24 p.m.46 views

K000135632: AMD Ryzen vulnerability CVE-2023-20593

Security Advisory Description An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. CVE-2023-20593 also known as Zen Bleed Vulnerability Impact There is no impact; F5 products are not affected by this...

5.5CVSS7.1AI score0.05794EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/05/23 6:48 p.m.46 views

K000134747: PHP vulnerability CVE-2023-0568

Security Advisory Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being...

8.1CVSS7.2AI score0.01242EPSS
Exploits1Affected Software12
F5 Networks
F5 Networks
added 2023/04/18 3:57 p.m.46 views

K000133547: Python urllib3 vulnerability CVE-2020-26137

Security Advisory Description urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116. CVE-2020-26137 Impact An attacker may...

8.2AI score
Exploits0Affected Software3
F5 Networks
F5 Networks
added 2023/02/21 8:2 p.m.46 views

K93960557: Linux kernel vulnerability CVE-2018-5953

Security Advisory Description The swiotlbprintinfo function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call. CVE-2018-5953 Impact There is no impact; F5 products are not...

5.5CVSS5.7AI score0.00401EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.46 views

K20224417: OCSP responder vulnerability CVE-2018-8019

Security Advisory Description When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with...

7.4CVSS6.6AI score0.04068EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:57 p.m.46 views

K14631834: NGINX Controller vulnerability CVE-2020-5863

Security Advisory Description In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other...

8.6CVSS8.4AI score0.01122EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:56 p.m.46 views

K43798238: OpenSSL vulnerability CVE-2019-1551

Security Advisory Description There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be ver...

5.3CVSS6.4AI score0.14298EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:56 p.m.46 views

K41738501: Mozilla NSS vulnerability CVE-2018-12384

Security Advisory Description When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not...

5.9CVSS6AI score0.01496EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:56 p.m.46 views

K40264570: Java SE vulnerabilities CVE-2019-2987, CVE-2019-2988, and CVE-2019-2992

Security Advisory Description CVE-2019-2987 Vulnerability in the Java SE product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

4.3CVSS5AI score0.03467EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:56 p.m.46 views

K62103028: Multiple Java vulnerabilities CVE-2020-2583, CVE-2020-2590, CVE-2020-2593

Security Advisory Description CVE-2020-2583 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows...

5.8CVSS5.5AI score0.0404EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:55 p.m.46 views

K88511840: QEMU vulnerability CVE-2015-8345

Security Advisory Description The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service application crash and infinite loop via vectors involving the command block list. CVE-2015-8345 Impact There is no impact; F5 products are not affected by this...

6.5CVSS6.9AI score0.00393EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:55 p.m.46 views

K82224417: Linux kernel vulnerability CVE-2017-7308

Security Advisory Description The packetsetring function in net/packet/afpacket.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service overflow or possibly have unspecified other impact via crafted system call...

7.8CVSS6.8AI score0.17827EPSS
Exploits17
F5 Networks
F5 Networks
added 2023/02/21 7:50 p.m.46 views

K13277: Apache vulnerability CVE-2009-2412

Security Advisory Description Multiple integer overflows in the Apache Portable Runtime APR library and the Apache Portable Utility library aka APR-util 0.9.x and 1.3.x allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code by way of vectors that...

9.1AI score
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:49 p.m.46 views

K9988: libpng vulnerability CVE-2009-0040

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.8CVSS9.4AI score0.04825EPSS
Exploits2
F5 Networks
F5 Networks
added 2023/02/21 7:49 p.m.46 views

K5716: Authentication bypass in PAM LDAP module - CAN-2005-2641

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

7.5CVSS6.7AI score0.03645EPSS
Exploits0
Total number of security vulnerabilities5000