Lucene search
+L

6417 matches found

f5
f5
•added 2023/02/21 6:53 p.m.•45 views

K41454238: Apache mod_auth_openidc vulnerabilities CVE-2021-32785 CVE-2021-32786 CVE-2021-32792

Security Advisory Description CVE-2021-32785 modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When modauthopenidc versions prior to 2.4.9 are configur...

7.5CVSS6.5AI score0.02731EPSS
Exploits1
f5
f5
•added 2023/02/21 6:53 p.m.•45 views

K10027302: Libsoup vulnerability CVE-2018-12910

Security Advisory Description The getcookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. CVE-2018-12910 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

9.8CVSS7.6AI score0.04188EPSS
Exploits0
f5
f5
•added 2023/02/21 6:52 p.m.•45 views

K74327432: F5 Container Ingress Services vulnerability CVE-2019-6648

Security Advisory Description If DEBUG logging is enabled, F5 Container Ingress Services CIS for Kubernetes and Red Hat OpenShift k8s-bigip-ctlr log files may contain BIG-IP system secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration...

4.4CVSS4.7AI score0.00345EPSS
Exploits0Affected Software1
f5
f5
•added 2023/02/21 6:52 p.m.•45 views

K70652532: F5 BIG-IP Guided Configuration logging vulnerability CVE-2021-23046

Security Advisory Description When a configuration that contains secure properties is created and deployed from BIG-IP Guided Configuration AGC, secure properties are logged in restnoded logs. CVE-2021-23046 Impact Users with access to restnoded logs may gain access to sensitive information from...

4.9CVSS4.8AI score0.00768EPSS
Exploits0Affected Software1
f5
f5
•added 2023/02/21 6:50 p.m.•45 views

K16011: Linux kernel vulnerability CVE-2012-6657

Security Advisory Description The socksetsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service system crash by leveraging the ability to create a raw...

4.9CVSS7AI score0.0053EPSS
Exploits1Affected Software17
f5
f5
•added 2023/02/21 6:50 p.m.•45 views

K15571: OpenSSL vulnerability CVE-2014-3508

Security Advisory Description Description The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to...

4.3CVSS6.3AI score0.23292EPSS
Exploits0Affected Software2
f5
f5
•added 2023/02/21 6:47 p.m.•45 views

K31856317: BIG-IP Packet Filters vulnerability CVE-2022-27182

Security Advisory Description When BIG-IP packet filters are enabled and a virtual server is configured with the type set to Reject, undisclosed requests can cause an increase in memory resource utilization. CVE-2022-27182 Impact System performance can degrade until the process is either forced t...

5.3CVSS5.4AI score0.0083EPSS
Exploits0Affected Software13
f5
f5
•added 2023/02/21 6:47 p.m.•45 views

K94093538: NGINX Service Mesh control plane vulnerability CVE-2022-27495

Security Advisory Description NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. CVE-2022-27495 Impact An attacker may affect traffic policies, security policies, and other reverse proxy capabilities of NGINX Service Mesh if they've gained access to a Kubernete...

6.5CVSS6.5AI score0.00326EPSS
Exploits0Affected Software1
f5
f5
•added 2023/02/21 6:47 p.m.•45 views

K48414132: PHP SOAP vulnerability CVE-2015-8835

Security Advisory Description The makehttpsoaprequest function in ext/soap/phphttp.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service NULL pointer dereference, type confusion, and...

9.8CVSS9.3AI score0.06195EPSS
Exploits1
f5
f5
•added 2023/02/21 6:46 p.m.•45 views

K15867: Perl vulnerabilities CVE-2012-5195, CVE-2012-5526, CVE-2012-6329, and CVE-2013-1667

Security Advisory Description CVE-2012-5195 Heap-based buffer overflow in the Perlrepeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service memory consumption and crash or possibly...

7.5CVSS9.3AI score0.62202EPSS
Exploits14Affected Software21
f5
f5
•added 2023/02/21 6:35 p.m.•45 views

K51317292: glibc vulnerability CVE-2020-1751

Security Advisory Description An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential...

7CVSS7.6AI score0.00537EPSS
Exploits0
f5
f5
•added 2023/02/21 6:35 p.m.•45 views

K12254802: Apache httpd HTTP/2 vulnerability CVE-2016-1546

Security Advisory Description The Apache HTTP Server 2.4.17 and 2.4.18, when modhttp2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service stream-processing outage via modified flow-control...

5.9CVSS6.3AI score0.15327EPSS
Exploits0
f5
f5
•added 2023/02/21 6:35 p.m.•45 views

K38336243: Binutils vulnerabilities CVE-2018-20623, CVE-2018-20651, and CVE-2018-20712

Security Advisory Description CVE-2018-20623 In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the processarchive function in readelf.c via a crafted ELF file. CVE-2018-20651 A NULL pointer dereference was discovered in elflinkaddobjectsymbols i...

6.5CVSS5.9AI score0.02685EPSS
Exploits3
f5
f5
•added 2023/02/21 6:35 p.m.•45 views

K25244852: BIND vulnerability CVE-2018-5745

Security Advisory Description "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses...

4.9CVSS6.7AI score0.02264EPSS
Exploits0
f5
f5
•added 2023/02/21 6:35 p.m.•45 views

K81952114: Authenticated iControl REST in Appliance mode vulnerability CVE-2022-26415

Security Advisory Description When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. CVE-2022-26415 Impact In Appliance mode, an authenticated user with valid user...

9.1CVSS8.7AI score0.00691EPSS
Exploits0Affected Software13
f5
f5
•added 2023/02/21 6:35 p.m.•45 views

K26422113: libxml2 vulnerability CVE-2016-1839

Security Advisory Description The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

5.5CVSS6.8AI score0.07347EPSS
Exploits2Affected Software15
f5
f5
•added 2023/02/21 6:34 p.m.•45 views

K40778012: Intel CPU vulnerability CVE-2021-0127

Security Advisory Description Insufficient control flow management in some IntelR Processors may allow an authenticated user to potentially enable a denial of service via local access. CVE-2021-0127 Impact An authenticated attacker may exploit the Intel processor firmware to cause a denial of...

5.5CVSS6.3AI score0.00299EPSS
Exploits0Affected Software2
f5
f5
•added 2023/02/21 6:34 p.m.•45 views

K30525503: BIG-IP APM Edge Client proxy vulnerability CVE-2022-23032

Security Advisory Description When proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. CVE-2022-23032 Impact DNS rebinding allows external attackers to bypass the same-origin...

5.3CVSS5.5AI score0.00404EPSS
Exploits0Affected Software2
f5
f5
•added 2023/02/21 6:34 p.m.•45 views

K44834280: Multiple Treck vulnerabilities CVE-2020-25066, CVE-2020-27336, CVE-2020-27337, and CVE-2020-27338

Security Advisory Description CVE-2020-25066 A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service crash/reset or to possibly execute arbitrary code. CVE-2020-27336 An issue was discovered in Treck IPv6 before 6.0.1.68...

10CVSS7.4AI score0.03348EPSS
Exploits0
f5
f5
•added 2023/02/21 6:34 p.m.•45 views

K65481741: Java SE vulnerability CVE-2018-3139

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated...

3.1CVSS5.1AI score0.05243EPSS
Exploits0
f5
f5
•added 2023/02/21 6:33 p.m.•45 views

K48373922: Apache vulnerablilty CVE-2018-8011

Security Advisory Description By specially crafting HTTP requests, the modmd challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.33. CVE-2018-8011 Impact There is no impac...

7.5CVSS6.4AI score0.51714EPSS
Exploits0
f5
f5
•added 2023/02/21 6:33 p.m.•45 views

K04713734: BIND vulnerability CVE-2018-5741

Security Advisory Description To provide fine-grained controls over the ability to use Dynamic DNS DDNS to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the ke...

6.5CVSS6.8AI score0.03451EPSS
Exploits0
f5
f5
•added 2023/02/21 6:33 p.m.•45 views

K62700573: Linux kernel vulnerabilities CVE-2010-5313 and CVE-2014-7842

Security Advisory Description CVE-2010-5313 Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service L1 guest OS crash via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842...

4.9CVSS6.3AI score0.00374EPSS
Exploits0Affected Software14
f5
f5
•added 2023/02/21 6:33 p.m.•45 views

K11414891: Linux Kernel vulnerability CVE-2018-13053

Security Advisory Description The alarmtimernsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktimeaddsafe is not used. CVE-2018-13053 Impact There is no impact; F5 products are not affected by this...

3.3CVSS6.1AI score0.00513EPSS
Exploits0
f5
f5
•added 2023/02/21 6:29 p.m.•45 views

K15316: PHP vulnerability CVE-2013-4635

Security Advisory Description Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service application hang via a large argument to the jdtojewish function...

5CVSS9.2AI score0.0423EPSS
Exploits0
f5
f5
•added 2023/02/21 6:29 p.m.•45 views

K15879: SOAP parser vulnerability CVE-2013-1824

Security Advisory Description The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue in the...

4.3CVSS9.3AI score0.04314EPSS
Exploits1Affected Software17
f5
f5
•added 2023/02/21 6:27 p.m.•45 views

K82644737: NTP vulnerability CVE-2016-4954

Security Advisory Description The processpacket function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service peer-variable modification by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an...

7.5CVSS6.4AI score0.13208EPSS
Exploits0Affected Software24
f5
f5
•added 2023/02/21 6:18 p.m.•45 views

K17232507: OpenSSL vulnerability CVE-2016-0798

Security Advisory Description Memory leak in the SRPVBASEgetbyuser implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service memory consumption by providing an invalid username in a connection attempt, related to apps/sserver.c and...

7.8CVSS8.4AI score0.24409EPSS
Exploits1
f5
f5
•added 2023/02/21 6:15 p.m.•45 views

K50899356: file vulnerability CVE-2018-10360

Security Advisory Description The docorenote function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file. CVE-2018-10360 Impact This vulnerability may allow a remote attacker to cause a...

6.5CVSS6.2AI score0.0341EPSS
Exploits0Affected Software1
f5
f5
•added 2023/02/21 6:9 p.m.•45 views

K32262483: NTP vulnerability CVE-2017-6451

Security Advisory Description The mx4200send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an...

7.8CVSS8.3AI score0.00481EPSS
Exploits0Affected Software23
f5
f5
•added 2023/02/21 6:9 p.m.•45 views

K13719: Samba vulnerability CVE-2012-1182

Security Advisory Description The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code ...

10CVSS9.2AI score0.74034EPSS
Exploits9
f5
f5
•added 2023/02/21 6:8 p.m.•45 views

K16743: MIT Kerberos 5 vulnerability CVE-2014-5355

Security Advisory Description MIT Kerberos 5 aka krb5 through 1.13.1 incorrectly expects that a krb5readmessage data field is represented as a string ending with a '\0' character, which allows remote attackers to 1 cause a denial of service NULL pointer dereference via a zero-byte version string ...

5CVSS7.2AI score0.04587EPSS
Exploits0Affected Software1
f5
f5
•added 2023/02/21 6:7 p.m.•45 views

K68499208: Linux kernel vulnerability CVE-2017-18204

Security Advisory Description The ocfs2setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service deadlock via DIO requests. CVE-2017-18204 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...

5.5CVSS5.4AI score0.00443EPSS
Exploits0
f5
f5
•added 2023/02/07 12:56 a.m.•45 views

K000132425: Linux kernel vulnerability CVE-2023-0179

Security Advisory Description A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. CVE-2023-017...

7.8CVSS7.5AI score0.01944EPSS
Exploits5
f5
f5
•added 2023/02/03 7:31 p.m.•45 views

K000132404: OpenJDK vulnerability CVE-2023-21830

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily...

5.3CVSS5.2AI score0.01058EPSS
Exploits0
f5
f5
•added 2016/10/19 12:0 a.m.•45 views

SOL24923910 - LibTIFF vulnerability CVE-2016-3632

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.8CVSS2AI score0.03123EPSS
Exploits0References4
f5
f5
•added 2016/08/10 12:0 a.m.•45 views

SOL55248799 - phpLDAPAdmin vulnerabilities CVE-2005-2654, CVE-2005-2792, CVE-2005-2793, CVE-2006-2016, and CVE-2009-4427

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

7.5CVSS2.5AI score0.1167EPSS
Exploits4References4
f5
f5
•added 2016/08/08 12:0 a.m.•45 views

SOL41233508 - bzip2 vulnerability CVE-2016-3189

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

6.5CVSS2.7AI score0.15831EPSS
Exploits0References4
f5
f5
•added 2016/07/15 12:0 a.m.•45 views

SOL30905674 - Linux kernel vulnerability CVE-2014-9904

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

7.8CVSS2.5AI score0.00384EPSS
Exploits0References4
f5
f5
•added 2016/06/21 12:0 a.m.•45 views

SOL08206127 - PHP vulnerability CVE-2016-4072

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

9.8CVSS2.5AI score0.05932EPSS
Exploits0References4
f5
f5
•added 2016/06/20 12:0 a.m.•45 views

SOL05405841 - GCM nonce vulnerability CVE-2016-0270

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

5.9CVSS2.8AI score0.03099EPSS
Exploits0References4
f5
f5
•added 2016/06/07 12:0 a.m.•45 views

SOL37236006 - SQLite vulnerabilities CVE-2015-3414 and CVE-2015-3415

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS0.5AI score0.04852EPSS
Exploits0References3
f5
f5
•added 2016/04/08 12:0 a.m.•45 views

SOL21921812 - Quagga vulnerability CVE-2016-2342

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

8.1CVSS2.9AI score0.1211EPSS
Exploits0References4
f5
f5
•added 2016/03/07 12:0 a.m.•45 views

SOL81903701 - Libpng vulnerability CVE-2015-8472

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS2.2AI score0.10339EPSS
Exploits0References11
f5
f5
•added 2016/01/12 12:0 a.m.•45 views

SOL25901386 - GRUB2 vulnerability CVE-2015-8370

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.4CVSS1.7AI score0.01104EPSS
Exploits1References9
f5
f5
•added 2015/11/02 12:0 a.m.•45 views

SOL17528 - NTP vulnerability CVE-2015-7850

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

6.5CVSS1.6AI score0.04973EPSS
Exploits0References5
f5
f5
•added 2015/10/28 12:0 a.m.•45 views

SOL17461 - OpenSSH vulnerability CVE-2015-5352

Recommended Action 1By default, the vulnerable code is not enabled and is not used by the affected BIG-IP, BIG-IQ, and Enterprise Manager versions. In a standard/default configuration, the vulnerability is not exposed. If you are running a version listed in the Versions known to be vulnerable...

4.3CVSS1.4AI score0.05445EPSS
Exploits0References5
f5
f5
•added 2015/09/08 12:0 a.m.•45 views

SOL17200 - PHP vulnerability CVE-2015-2783

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

5.8CVSS1AI score0.10879EPSS
Exploits1References4
f5
f5
•added 2015/08/12 12:0 a.m.•45 views

SOL17118 - Linux kernel vulnerability CVE-2015-2042

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

4.6CVSS2.2AI score0.00449EPSS
Exploits0References2
f5
f5
•added 2015/07/02 12:0 a.m.•45 views

SOL16845 - MySQL vulnerability CVE-2015-3152

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

5.9CVSS1.5AI score0.07083EPSS
Exploits1References4
Total number of security vulnerabilities5000