Lucene search
K

6413 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.43 views

K42065024: PHP vulnerability CVE-2016-4070

Security Advisory Description DISPUTED Integer overflow in the phprawurlencode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service application crash via a long string to the rawurlencode function. NOTE...

7.5CVSS8.6AI score0.05719EPSS
Exploits1Affected Software21
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.43 views

K12487579: Apache vulnerabilities CVE-2018-1282, CVE-2018-1284, CVE-2018-1295, CVE-2018-1308, and CVE-2018-1315

Security Advisory Description CVE-2018-1282 This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation. CVE-2018-1284 In Apache Hive 0.6.0 to 2.3.2,...

9.8CVSS6.6AI score0.20937EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.43 views

K06725231: Wireshark vulnerability CVE-2019-12295

Security Advisory Description In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion. CVE-2019-12295 Impact An attacker can leverage this issue...

7.5CVSS7.4AI score0.03765EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.43 views

K09405555: MySQL vulnerabilities CVE-2017-10155, CVE-2017-10165, CVE-2017-10167, CVE-2017-10227, and CVE-2017-10268

Security Advisory Description CVE-2017-10155 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Pluggable Auth. Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with...

7.5CVSS6.4AI score0.04291EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.43 views

K45139744: ImageMagick vulnerabilities CVE-2017-1000476 CVE-2017-11166 CVE-2017-12805 CVE-2017-12806 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2017-18271 CVE-2017-18273 CVE-2018-10804

Security Advisory Description CVE-2017-1000476 ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. CVE-2017-11166 The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a...

7.5CVSS6.2AI score0.02938EPSS
Exploits4
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.43 views

K57454331: Linux Kernel vulnerability CVE-2018-10853

Security Advisory Description A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilegeCPL level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw t...

7.8CVSS7.1AI score0.0047EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.43 views

K22232964: Expat XML library vulnerability CVE-2016-4472

Security Advisory Description The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an...

8.1CVSS9.1AI score0.12367EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.43 views

K15547: MIT Kerberos 5 vulnerability CVE-2014-4342

Security Advisory Description MIT Kerberos 5 aka krb5 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service buffer over-read or NULL pointer dereference, and application crash by injecting invalid tokens into a GSSAPI application session. CVE-2014-4342 Impact A...

5CVSS8.5AI score0.06523EPSS
Exploits0Affected Software4
F5 Networks
F5 Networks
added 2023/02/21 6:27 p.m.43 views

K73459626: Linux kernel vulnerability CVE-2021-3506

Security Advisory Description An out-of-bounds OOB memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of...

7.1CVSS6.1AI score0.00366EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:26 p.m.43 views

K16302: OpenSSL vulnerability CVE-2015-0292

Security Advisory Description Integer underflow in the EVPDecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service memory corruption or possibly...

7.5CVSS7.5AI score0.44503EPSS
Exploits1Affected Software19
F5 Networks
F5 Networks
added 2023/02/21 6:19 p.m.43 views

K16704: cURL and libcurl vulnerability CVE-2015-3143

Security Advisory Description cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. CVE-2015-3143 Impact Remote attackers may be able to reuse NTLM...

5CVSS6.7AI score0.16222EPSS
Exploits0Affected Software20
F5 Networks
F5 Networks
added 2023/02/21 6:11 p.m.43 views

K16714: PHP vulnerabilities CVE-2015-2301 and CVE-2015-2331

Security Advisory Description CVE-2015-2301 Use-after-free vulnerability in the pharrenamearchive function in pharobject.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempt...

7.5CVSS9.1AI score0.27692EPSS
Exploits2
F5 Networks
F5 Networks
added 2023/02/21 6:7 p.m.43 views

K12851: BIND vulnerability CVE-2010-3613

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

4CVSS7.3AI score0.091EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:7 p.m.43 views

K84602160: Linux kernel vulnerability CVE-2021-3491

Security Advisory Description The iouring subsystem in the Linux kernel allowed the MAXRWCOUNT limit to be bypassed in the PROVIDEBUFFERS operation, which led to negative values being usedin memrw when reading /proc//mem. This could be used to create a heap overflow leading to arbitrary code...

8.8CVSS6.8AI score0.00629EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:3 p.m.43 views

K40524634: OpenSSL vulnerability CVE-2016-0797

Security Advisory Description Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service heap memory corruption or NULL pointer dereference or possibly have unspecified other impact via a long digit string that is mishandl...

7.5CVSS8.5AI score0.27022EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 5:38 p.m.43 views

K14340611: Java vulnerability CVE-2013-5782

Security Advisory Description Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality,...

10CVSS7.3AI score0.06295EPSS
Exploits0Affected Software5
F5 Networks
F5 Networks
added 2023/02/21 5:28 p.m.43 views

K13405416: QEMU vulnerability CVE-2012-3515

Security Advisory Description Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space...

7.2CVSS8.4AI score0.00528EPSS
Exploits0Affected Software10
F5 Networks
F5 Networks
added 2023/01/26 9:45 p.m.43 views

K000132267: BIND vulnerability CVE-2022-3736

Security Advisory Description BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10,...

7.5CVSS7.6AI score0.5017EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/01/04 12:54 a.m.43 views

K34035645: Multiple Wireshark vulnerabilities

Security Advisory Description CVE-2018-7320 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets. CVE-2018-7321 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12,...

7.5CVSS7.2AI score0.02743EPSS
Exploits3
F5 Networks
F5 Networks
added 2023/01/03 8:53 p.m.43 views

K74114570: BIG-IP APM webtop vulnerability CVE-2018-15334

A cross-site request forgery CSRF vulnerability in the APM webtop, may allow attacker to force an APM webtop session to log out and require re-authentication. CVE-2018-15334 Impact A remote attacker may be able to force a BIG-IP APM webtop session to log out and require reauthentication. Security...

4.3CVSS4.9AI score0.00734EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2022/12/31 2:52 a.m.43 views

K48351130: Linux kernel vulnerability CVE-2019-16714

Security Advisory Description In the Linux kernel before 5.2.14, rds6incinfocopy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. CVE-2019-16714 Impact This vulnerability may allow attackers to obtain...

7.5CVSS7.5AI score0.02701EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2016/09/20 12:0 a.m.43 views

SOL10280318 - Zend Framework vulnerability CVE-2016-6233

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

9.8CVSS2.4AI score0.02047EPSS
Exploits1References4
F5 Networks
F5 Networks
added 2016/08/05 12:0 a.m.43 views

SOL06493172 - glibc vulnerability CVE-2016-3706

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS2.4AI score0.05926EPSS
Exploits1References4
F5 Networks
F5 Networks
added 2016/06/01 12:0 a.m.43 views

SOL33285044 - Oracle Java SE vulnerability CVE-2016-0695

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.9CVSS0.5AI score0.03397EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2016/05/17 12:0 a.m.43 views

SOL53313971 - Samba vulnerabilities CVE-2016-2110 and CVE-2016-2115

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.9CVSS0.9AI score0.10232EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2016/05/10 12:0 a.m.43 views

SOL47133310 - Samba vulnerability CVE-2016-2112

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.9CVSS1.1AI score0.09345EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2016/04/26 12:0 a.m.43 views

SOL23822215 - glibc calloc vulnerability CVE-2015-5229

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS1.2AI score0.02238EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2016/02/29 12:0 a.m.43 views

SOL93445609 - phpMyAdmin vulnerabilities

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

7.5CVSS2.6AI score0.02688EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2015/12/03 12:0 a.m.43 views

SOL90230486 - Linux kernel vulnerability CVE-2015-7613

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

6.9CVSS1.1AI score0.00412EPSS
Exploits1References4
F5 Networks
F5 Networks
added 2015/11/30 12:0 a.m.43 views

SOL66871452 - PowerDNS vulnerability CVE-2015-5311

PowerDNS aka pdns Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service assertion failure and server crash via crafted query packets. CVE-2015-5311...

5CVSS5.9AI score0.67456EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2015/10/16 12:0 a.m.43 views

SOL17453 - Subversion vulnerabilities CVE-2015-0248, CVE-2015-0251, and CVE-2015-3187

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

5CVSS2.7AI score0.12841EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2015/07/02 12:0 a.m.43 views

SOL16878 - PAM vulnerabilities CVE-2011-3148 and CVE-2011-3149

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

4.6CVSS0.7AI score0.00696EPSS
Exploits0References6
F5 Networks
F5 Networks
added 2015/07/02 12:0 a.m.43 views

SOL16875 - file vulnerability CVE-2012-1571

file before 5.11 and libmagic allow remote attackers to cause a denial of service crash via a crafted Composite Document File CDF file that triggers 1 an out-of-bounds read or 2 an invalid pointer dereference. CVE-2012-1571...

4.3CVSS7.1AI score0.04117EPSS
Exploits1References3
F5 Networks
F5 Networks
added 2015/05/11 12:0 a.m.43 views

SOL16596 - Privilege escalation vulnerability CVE-2014-3215

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

6.9CVSS1.3AI score0.00357EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2015/04/01 12:0 a.m.43 views

SOL16342 - GNU C Library (glibc) vulnerability CVE-2012-6656

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

5CVSS1.8AI score0.03439EPSS
Exploits1References2
F5 Networks
F5 Networks
added 2015/01/26 12:0 a.m.43 views

SOL16025 - Linux kernel SCTP vulnerability CVE-2014-3688

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

5CVSS1.3AI score0.0585EPSS
Exploits1References6
F5 Networks
F5 Networks
added 2014/09/05 12:0 a.m.43 views

SOL15567 - OpenSSL vulnerability CVE-2014-5139

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...

4.3CVSS1.8AI score0.19997EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2014/09/04 12:0 a.m.43 views

SOL15553 - Kerberos vulnerability CVE-2014-4343

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

7.6CVSS1.4AI score0.06419EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2014/08/13 12:0 a.m.43 views

SOL15461 - OpenSSL vulnerability CVE-2011-4619

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Note: SGC...

5CVSS1.3AI score0.16645EPSS
Exploits0References8
F5 Networks
F5 Networks
added 2014/07/17 12:0 a.m.43 views

SOL15427 - OpenSSL vulnerability CVE-2011-4354

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy...

5.8CVSS3.8AI score0.04044EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2014/06/19 12:0 a.m.43 views

SOL15345 - GnuTLS vulnerability CVE-2014-3466

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

6.8CVSS2.8AI score0.11221EPSS
Exploits1References4
F5 Networks
F5 Networks
added 2013/01/21 12:0 a.m.43 views

SOL14138 - XML External Entity Injection (XXE) from authenticated source vulnerability CVE-2012-2997

Vulnerability Recommended Actions To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column. Acknowledgements F5 would like to acknowledge SEC Consult Vulnerability Lab for bringing this issue to our attention, and for following the...

4CVSS2.9AI score0.06443EPSS
Exploits2References7
F5 Networks
F5 Networks
added 2008/02/06 12:0 a.m.43 views

SOL8406 - The BIG-IP ASM web management interface cross-site scripting vulnerability CVE-2008-0539

The F5 BIG-IP ASM web management interface contains a cross-site scripting vulnerability in the Security Report function. The vulnerability is within the BIG-IP ASM portion of the Configuration utility and can be accessed successfully only if the browser user is authenticated and the BIG-IP ASM...

4.3CVSS0.1AI score0.07213EPSS
Exploits1
F5 Networks
F5 Networks
added 2008/01/13 12:0 a.m.43 views

SOL8178 - MySQL vulnerabilities CVE-2007-5925, CVE-2007-5969, and CVE-2007-6303

Information about these advisories is available at the following locations: An authenticated user who can issue SQL commands could crash the database server. A malicious user with filesystem access could cause data loss on the filesystem. VIEW definition updates do not occur correctly, allowing a...

7.1CVSS9.3AI score0.1426EPSS
Exploits4
F5 Networks
F5 Networks
added 2007/11/18 12:0 a.m.43 views

SOL8108 - OpenSSL vulnerability CVE-2007-3108

F5 Product Development has determined that the BIG-IP and Enterprise Manager products use a vulnerable version of OpenSSL; however, the vulnerable code is not used in either TMM or in Apache on the BIG-IP system. The vulnerability is considered to be a local vulnerability and cannot be exploited...

1.2CVSS6.8AI score0.00409EPSS
Exploits1
F5 Networks
F5 Networks
added 2026/06/09 1:51 a.m.42 views

K000161639: Apache HTTP Server mod_http2 (HTTP/2 Bomb) vulnerability CVE-2026-49975

Security Advisory Description Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67. CVE-2026-49975 Impact For products with None in the...

7.5CVSS5.5AI score0.11471EPSS
Exploits8
F5 Networks
F5 Networks
added 2024/09/06 12:0 a.m.42 views

K000140961: libarchive vulnerability CVE-2021-23177

Security Advisory Description An improper link resolution flaw while extracting an archive can lead to changing the access control list ACL of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A...

7.8CVSS8.1AI score0.00367EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
added 2024/09/03 4:40 p.m.42 views

K000140908: MySQL Server vulnerability CVE-2024-21134

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Connection Handling. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via...

4.3CVSS4.7AI score0.00777EPSS
Exploits0
F5 Networks
F5 Networks
added 2024/08/19 12:28 a.m.42 views

K000140735: Oracle MySQL vulnerabilities CVE-2024-21160, CVE-2024-21162, and CVE-2024-21173

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4.9CVSS5.2AI score0.0085EPSS
Exploits0
F5 Networks
F5 Networks
added 2024/07/22 9:16 a.m.42 views

K000140399: MySQL vulnerabilities CVE-2024-21130, CVE-2024-21142, CVE-2024-21166, and CVE-2024-21185

Security Advisory Description CVE-2024-21130 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access...

5.9CVSS5.3AI score0.00863EPSS
Exploits0
Total number of security vulnerabilities5000