Lucene search
K

6413 matches found

F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•43 views

K15547: MIT Kerberos 5 vulnerability CVE-2014-4342

Security Advisory Description MIT Kerberos 5 aka krb5 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service buffer over-read or NULL pointer dereference, and application crash by injecting invalid tokens into a GSSAPI application session. CVE-2014-4342 Impact A...

5CVSS8.5AI score0.06523EPSS
Exploits0Affected Software4
F5 Networks
F5 Networks
•added 2023/02/21 6:27 p.m.•43 views

K73459626: Linux kernel vulnerability CVE-2021-3506

Security Advisory Description An out-of-bounds OOB memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of...

7.1CVSS6.1AI score0.00366EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:26 p.m.•43 views

K16302: OpenSSL vulnerability CVE-2015-0292

Security Advisory Description Integer underflow in the EVPDecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service memory corruption or possibly...

7.5CVSS7.5AI score0.44503EPSS
Exploits1Affected Software19
F5 Networks
F5 Networks
•added 2023/02/21 6:19 p.m.•43 views

K16704: cURL and libcurl vulnerability CVE-2015-3143

Security Advisory Description cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. CVE-2015-3143 Impact Remote attackers may be able to reuse NTLM...

5CVSS6.7AI score0.16222EPSS
Exploits0Affected Software20
F5 Networks
F5 Networks
•added 2023/02/21 6:11 p.m.•43 views

K16714: PHP vulnerabilities CVE-2015-2301 and CVE-2015-2331

Security Advisory Description CVE-2015-2301 Use-after-free vulnerability in the pharrenamearchive function in pharobject.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempt...

7.5CVSS9.1AI score0.27692EPSS
Exploits2
F5 Networks
F5 Networks
•added 2023/02/21 6:7 p.m.•43 views

K12851: BIND vulnerability CVE-2010-3613

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

4CVSS7.3AI score0.091EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:7 p.m.•43 views

K84602160: Linux kernel vulnerability CVE-2021-3491

Security Advisory Description The iouring subsystem in the Linux kernel allowed the MAXRWCOUNT limit to be bypassed in the PROVIDEBUFFERS operation, which led to negative values being usedin memrw when reading /proc//mem. This could be used to create a heap overflow leading to arbitrary code...

8.8CVSS6.8AI score0.00629EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:3 p.m.•43 views

K40524634: OpenSSL vulnerability CVE-2016-0797

Security Advisory Description Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service heap memory corruption or NULL pointer dereference or possibly have unspecified other impact via a long digit string that is mishandl...

7.5CVSS8.5AI score0.27022EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 5:38 p.m.•43 views

K14340611: Java vulnerability CVE-2013-5782

Security Advisory Description Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality,...

10CVSS7.3AI score0.06295EPSS
Exploits0Affected Software5
F5 Networks
F5 Networks
•added 2023/02/21 5:28 p.m.•43 views

K13405416: QEMU vulnerability CVE-2012-3515

Security Advisory Description Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space...

7.2CVSS8.4AI score0.00528EPSS
Exploits0Affected Software10
F5 Networks
F5 Networks
•added 2023/01/26 9:45 p.m.•43 views

K000132267: BIND vulnerability CVE-2022-3736

Security Advisory Description BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10,...

7.5CVSS7.6AI score0.5017EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/01/04 12:54 a.m.•43 views

K34035645: Multiple Wireshark vulnerabilities

Security Advisory Description CVE-2018-7320 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets. CVE-2018-7321 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12,...

7.5CVSS7.2AI score0.02743EPSS
Exploits3
F5 Networks
F5 Networks
•added 2023/01/03 8:53 p.m.•43 views

K74114570: BIG-IP APM webtop vulnerability CVE-2018-15334

A cross-site request forgery CSRF vulnerability in the APM webtop, may allow attacker to force an APM webtop session to log out and require re-authentication. CVE-2018-15334 Impact A remote attacker may be able to force a BIG-IP APM webtop session to log out and require reauthentication. Security...

4.3CVSS4.9AI score0.00734EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2022/12/31 2:52 a.m.•43 views

K48351130: Linux kernel vulnerability CVE-2019-16714

Security Advisory Description In the Linux kernel before 5.2.14, rds6incinfocopy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. CVE-2019-16714 Impact This vulnerability may allow attackers to obtain...

7.5CVSS7.5AI score0.02701EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2016/09/20 12:0 a.m.•43 views

SOL10280318 - Zend Framework vulnerability CVE-2016-6233

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

9.8CVSS2.4AI score0.02047EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2016/08/05 12:0 a.m.•43 views

SOL06493172 - glibc vulnerability CVE-2016-3706

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS2.4AI score0.05926EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2016/06/01 12:0 a.m.•43 views

SOL33285044 - Oracle Java SE vulnerability CVE-2016-0695

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.9CVSS0.5AI score0.03397EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2016/05/17 12:0 a.m.•43 views

SOL53313971 - Samba vulnerabilities CVE-2016-2110 and CVE-2016-2115

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.9CVSS0.9AI score0.10232EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2016/05/10 12:0 a.m.•43 views

SOL47133310 - Samba vulnerability CVE-2016-2112

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.9CVSS1.1AI score0.09345EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2016/04/26 12:0 a.m.•43 views

SOL23822215 - glibc calloc vulnerability CVE-2015-5229

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS1.2AI score0.02238EPSS
Exploits0References3
F5 Networks
F5 Networks
•added 2016/02/29 12:0 a.m.•43 views

SOL93445609 - phpMyAdmin vulnerabilities

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

7.5CVSS2.6AI score0.02688EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2015/12/03 12:0 a.m.•43 views

SOL90230486 - Linux kernel vulnerability CVE-2015-7613

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

6.9CVSS1.1AI score0.00412EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2015/11/30 12:0 a.m.•43 views

SOL66871452 - PowerDNS vulnerability CVE-2015-5311

PowerDNS aka pdns Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service assertion failure and server crash via crafted query packets. CVE-2015-5311...

5CVSS5.9AI score0.67456EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2015/10/16 12:0 a.m.•43 views

SOL17453 - Subversion vulnerabilities CVE-2015-0248, CVE-2015-0251, and CVE-2015-3187

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

5CVSS2.7AI score0.12841EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2015/07/02 12:0 a.m.•43 views

SOL16878 - PAM vulnerabilities CVE-2011-3148 and CVE-2011-3149

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

4.6CVSS0.7AI score0.00696EPSS
Exploits0References6
F5 Networks
F5 Networks
•added 2015/07/02 12:0 a.m.•43 views

SOL16875 - file vulnerability CVE-2012-1571

file before 5.11 and libmagic allow remote attackers to cause a denial of service crash via a crafted Composite Document File CDF file that triggers 1 an out-of-bounds read or 2 an invalid pointer dereference. CVE-2012-1571...

4.3CVSS7.1AI score0.04117EPSS
Exploits1References3
F5 Networks
F5 Networks
•added 2015/05/11 12:0 a.m.•43 views

SOL16596 - Privilege escalation vulnerability CVE-2014-3215

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

6.9CVSS1.3AI score0.00357EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2015/04/01 12:0 a.m.•43 views

SOL16342 - GNU C Library (glibc) vulnerability CVE-2012-6656

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

5CVSS1.8AI score0.03439EPSS
Exploits1References2
F5 Networks
F5 Networks
•added 2015/01/26 12:0 a.m.•43 views

SOL16025 - Linux kernel SCTP vulnerability CVE-2014-3688

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

5CVSS1.3AI score0.0585EPSS
Exploits1References6
F5 Networks
F5 Networks
•added 2014/09/05 12:0 a.m.•43 views

SOL15567 - OpenSSL vulnerability CVE-2014-5139

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...

4.3CVSS1.8AI score0.19997EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2014/09/04 12:0 a.m.•43 views

SOL15553 - Kerberos vulnerability CVE-2014-4343

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

7.6CVSS1.4AI score0.06419EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2014/08/13 12:0 a.m.•43 views

SOL15461 - OpenSSL vulnerability CVE-2011-4619

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Note: SGC...

5CVSS1.3AI score0.16645EPSS
Exploits0References8
F5 Networks
F5 Networks
•added 2014/07/17 12:0 a.m.•43 views

SOL15427 - OpenSSL vulnerability CVE-2011-4354

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy...

5.8CVSS3.8AI score0.04044EPSS
Exploits0References3
F5 Networks
F5 Networks
•added 2014/06/19 12:0 a.m.•43 views

SOL15345 - GnuTLS vulnerability CVE-2014-3466

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

6.8CVSS2.8AI score0.11221EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2013/01/21 12:0 a.m.•43 views

SOL14138 - XML External Entity Injection (XXE) from authenticated source vulnerability CVE-2012-2997

Vulnerability Recommended Actions To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column. Acknowledgements F5 would like to acknowledge SEC Consult Vulnerability Lab for bringing this issue to our attention, and for following the...

4CVSS2.9AI score0.06443EPSS
Exploits2References7
F5 Networks
F5 Networks
•added 2008/02/06 12:0 a.m.•43 views

SOL8406 - The BIG-IP ASM web management interface cross-site scripting vulnerability CVE-2008-0539

The F5 BIG-IP ASM web management interface contains a cross-site scripting vulnerability in the Security Report function. The vulnerability is within the BIG-IP ASM portion of the Configuration utility and can be accessed successfully only if the browser user is authenticated and the BIG-IP ASM...

4.3CVSS0.1AI score0.07213EPSS
Exploits1
F5 Networks
F5 Networks
•added 2008/01/13 12:0 a.m.•43 views

SOL8178 - MySQL vulnerabilities CVE-2007-5925, CVE-2007-5969, and CVE-2007-6303

Information about these advisories is available at the following locations: An authenticated user who can issue SQL commands could crash the database server. A malicious user with filesystem access could cause data loss on the filesystem. VIEW definition updates do not occur correctly, allowing a...

7.1CVSS9.3AI score0.1426EPSS
Exploits4
F5 Networks
F5 Networks
•added 2007/11/18 12:0 a.m.•43 views

SOL8108 - OpenSSL vulnerability CVE-2007-3108

F5 Product Development has determined that the BIG-IP and Enterprise Manager products use a vulnerable version of OpenSSL; however, the vulnerable code is not used in either TMM or in Apache on the BIG-IP system. The vulnerability is considered to be a local vulnerability and cannot be exploited...

1.2CVSS6.8AI score0.00409EPSS
Exploits1
F5 Networks
F5 Networks
•added 2007/06/18 12:0 a.m.•43 views

SOL7544 - Full-width and half-width Unicode encoded data bypasses IDS/IPS security controls, VU #739224

Unicode is a system for encoding characters of a character set, which is used in networked applications. IDS/IPS or other security devices may fail to decode and recognize the characters that represent an attack if encoded in Unicode, and pass the characters to a target device. If the target devi...

2.1AI score
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2026/06/09 1:51 a.m.•42 views

K000161639: Apache HTTP Server mod_http2 (HTTP/2 Bomb) vulnerability CVE-2026-49975

Security Advisory Description Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67. CVE-2026-49975 Impact For products with None in the...

7.5CVSS5.5AI score0.11471EPSS
Exploits8
F5 Networks
F5 Networks
•added 2026/06/04 3:51 p.m.•42 views

K000161578: Linux kernel vulnerability CVE-2025-38085

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugepmdunshare vs GUP-fast race hugepmdunshare drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table...

4.7CVSS6.1AI score0.00111EPSS
Exploits0Affected Software4
F5 Networks
F5 Networks
•added 2024/09/06 12:0 a.m.•42 views

K000140961: libarchive vulnerability CVE-2021-23177

Security Advisory Description An improper link resolution flaw while extracting an archive can lead to changing the access control list ACL of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A...

7.8CVSS8.1AI score0.00367EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
•added 2024/09/03 4:40 p.m.•42 views

K000140908: MySQL Server vulnerability CVE-2024-21134

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Connection Handling. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via...

4.3CVSS4.7AI score0.00777EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/08/19 12:28 a.m.•42 views

K000140735: Oracle MySQL vulnerabilities CVE-2024-21160, CVE-2024-21162, and CVE-2024-21173

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4.9CVSS5.2AI score0.0085EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/07/22 9:16 a.m.•42 views

K000140399: MySQL vulnerabilities CVE-2024-21130, CVE-2024-21142, CVE-2024-21166, and CVE-2024-21185

Security Advisory Description CVE-2024-21130 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access...

5.9CVSS5.3AI score0.00863EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/05/31 5:23 p.m.•42 views

K000139859: Envoy vulnerability CVE-2024-30255

Security Advisory Description Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send a...

7.5CVSS6.8AI score0.8781EPSS
Exploits1
F5 Networks
F5 Networks
•added 2024/05/16 3:14 a.m.•42 views

K000139637: Expat vulnerability CVE-2024-28757

Security Advisory Description libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate. CVE-2024-28757 Impact An attacker may be able to use an XML Entity Expansion attack, consuming all system resources...

7.5CVSS7.2AI score0.02006EPSS
Exploits1Affected Software12
F5 Networks
F5 Networks
•added 2024/05/08 12:45 p.m.•42 views

K000139037: TMM vulnerability CVE-2024-25560

Security Advisory Description When a DNS profile is applied to a virtual server, undisclosed DNS traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2024-25560 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote unauthenticated...

7.5CVSS7.1AI score0.00524EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2024/05/02 11:24 a.m.•42 views

K000139489: PostgreSQL JDBC Driver vulnerability CVE-2024-1597

Security Advisory Description pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a...

10CVSS8.2AI score0.0481EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/04/01 4:5 p.m.•42 views

K000139140: util-linux vulnerability CVE-2024-28085

Security Advisory Description wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not...

3.3CVSS6.4AI score0.02242EPSS
Exploits3
Total number of security vulnerabilities5000