Lucene search
K

6413 matches found

F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•42 views

K70191975: Apache Xerces vulnerability CVE-2016-4463

Security Advisory Description Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. CVE-2016-4463 Impact An attacker requires privileged access to a dynamically generated XML file to exploit one of th...

7.5CVSS6.7AI score0.14138EPSS
Exploits0Affected Software3
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•42 views

K21882212: Intel software vulnerabilities CVE-2020-8750 CVE-2020-12355

Security Advisory Description CVE-2020-8750 Use after free in Kernel Mode Driver for IntelR TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2020-12355 Authentication bypass by capture-replay in RPMB protocol...

7.8CVSS7.1AI score0.004EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•42 views

K19473400: Linux Kernel vulnerability CVE-2018-9516

Security Advisory Description In hiddebugeventsread of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product...

7.8CVSS7AI score0.00415EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•42 views

K48866433: PHP vulnerability CVE-2019-11046

Security Advisory Description In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeri...

5.3CVSS7AI score0.04082EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•43 views

K16506: NTP vulnerability CVE-2015-1799

Security Advisory Description The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service...

4.3CVSS6.3AI score0.00902EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•42 views

K66171422: BIG-IP APM redirect vulnerability CVE-2018-5548

Security Advisory Description An insecure AES ECB mode is used for origuri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts. CVE-2018-5548 Impact An...

6.1CVSS6.2AI score0.01445EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•42 views

K70938105: Expat XML library vulnerability CVE-2016-5300

Security Advisory Description The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete...

7.8CVSS7.2AI score0.06539EPSS
Exploits0Affected Software21
F5 Networks
F5 Networks
•added 2023/02/21 6:52 p.m.•42 views

K58502649: MySQL vulnerabilities CVE-2018-3123, CVE-2019-2566, CVE-2019-2580, CVE-2019-2581, CVE-2019-2584

Security Advisory Description CVE-2018-3123 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: libmysqld. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows unauthenticated...

5.9CVSS5.5AI score0.0266EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:52 p.m.•42 views

K13288506: Wget vulnerability CVE-2017-13090

Security Advisory Description The retr.c:fdreadbody function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then...

9.3CVSS8.2AI score0.36563EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:52 p.m.•42 views

K1648: OpenSSH array overflow - CAN-2002-0083

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

7.8AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:49 p.m.•42 views

K37451543: TMM vulnerability CVE-2021-23007

Security Advisory Description When the Traffic Management Microkernel TMM process handles certain undisclosed traffic, it may start dropping all fragmented IP traffic. CVE-2021-23007 Impact TMM incorrectly determines that the fragment memory limit has been reached and drops all fragments it...

5.3CVSS6.2AI score0.0158EPSS
Exploits1Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•42 views

K12985: BIND vulnerability CVE-2011-1910

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

5CVSS6.9AI score0.24638EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•42 views

K05328500: MySQL vulnerability CVE-2022-21490

Security Advisory Description Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged...

6.3CVSS6.2AI score0.78666EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•43 views

K62463634: glibc vulnerability CVE-2018-6485

Security Advisory Description An integer overflow in the implementation of the posixmemalign in memalign functions in the GNU C Library aka glibc or libc6 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption...

9.8CVSS8.2AI score0.04689EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•42 views

K96670746: NTP vulnerability CVE-2017-6464

Security Advisory Description NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service ntpd crash via a malformed mode configuration directive. CVE-2017-6464 Impact A remote, authenticated attacker may abuse this vulnerability using a crafted message to cau...

6.5CVSS7AI score0.05103EPSS
Exploits0Affected Software23
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•42 views

K42051445: BIG-IP Advanced WAF and ASM WebSocket vulnerability CVE-2021-23030

Security Advisory Description When a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. CVE-2021-23030 Impact Traffic is disrupted while the bd process restarts. This vulnerability allows a remote attacker to cause a denial-of-service DoS on the...

7.5CVSS7.5AI score0.00961EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•42 views

K11601010: Intel Processor vulnerability CVE-2021-33149

Security Advisory Description Observable behavioral discrepancy in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2021-33149 Impact This vulnerability may allow an authorized user to potentially enable information disclosure...

5.5CVSS5.2AI score0.00242EPSS
Exploits0Affected Software17
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•42 views

K30403302: ImageMagick vulnerabilities CVE-2015-8895 and CVE-2015-8896

Security Advisory Description CVE-2015-8895 Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service application crash via a crafted length value, which triggers a buffer overflow. CVE-2015-8896 Integer truncation issue in coders/pict...

7.5CVSS8AI score0.04566EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•42 views

K14382: OpenSSH vulnerability CVE-2008-3259

Security Advisory Description OpenSSH before 5.1 sets the SOREUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port by way of a bind to a single IP address, as demonstrated on the HP-UX...

1.2CVSS7.7AI score0.00328EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:46 p.m.•42 views

K42526507: BIG-IP TMUI vulnerability CVE-2021-23041

Security Advisory Description A DOM based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. CVE-2021-23041 Impact An attacker may exploit this...

6.1CVSS5.7AI score0.00581EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:46 p.m.•42 views

K42315210: Linux kernel vulnerability CVE-2011-5327

Security Advisory Description In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcmloop.c tcmloopmakenaatpg function could result in at least memory corruption. CVE-2011-5327 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisor...

9.8CVSS6AI score0.03676EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•42 views

K33484369: Linux kernel vulnerability CVE-2021-20194

Security Advisory Description There is a vulnerability in the linux kernel versions higher than 5.2 if kernel compiled with config params CONFIGBPFSYSCALL=y , CONFIGBPF=y , CONFIGCGROUPS=y , CONFIGCGROUPBPF=y , CONFIGHARDENEDUSERCOPY not set, and BPF hook to getsockopt is registered. As result of...

7.8CVSS7.2AI score0.004EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•42 views

K67472032: BIG-IP network failover vulnerability CVE-2020-5860

Security Advisory Description In a High Availability HA network failover in Device Service Cluster DSC, the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security TLS. CVE-2020-5860 Impact An attacker may be...

8.1CVSS7.8AI score0.00828EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•42 views

K75934136: Linux kernel vulnerability CVE-2020-36313

Security Advisory Description An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvmhost.h, and virt/kvm/kvmmain.c. CVE-2020-36313 Impact Ther...

7.8CVSS6.3AI score0.0032EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•42 views

K57536416: Kernel vulnerability CVE-2019-14835

Security Advisory Description A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid...

7.8CVSS7.5AI score0.00627EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•42 views

K49902412: nghttp vulnerability CVE-2018-1000168

Security Advisory Description nghttp2 version = 1.10.0 and nghttp2 = 1.31.1. CVE-2018-1000168 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for potential vulnerability,...

7.5CVSS7.6AI score0.10649EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•42 views

K55335001: Linux kernel vulnerability CVE-2019-15239

Security Advisory Description In the Linux kernel, a certain net/ipv4/tcpoutput.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to ...

7.8CVSS7.1AI score0.00589EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•42 views

K49348053: cURL vulnerability CVE-2017-8818

Security Advisory Description curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service out-of-bounds access and application crash or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library. CVE-2017-881...

9.8CVSS9.6AI score0.03995EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•42 views

K43650115: Linux kernel vulnerability CVE-2016-0723

Security Advisory Description Race condition in the ttyioctl function in drivers/tty/ttyio.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service use-after-free and system crash by making a TIOCGETD ioctl call during...

6.8CVSS6.9AI score0.00382EPSS
Exploits0Affected Software25
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•42 views

K75004031: Python vulnerability CVE-2016-1000110

Security Advisory Description The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. CVE-2016-1000110 Impact There is no impact; F5 products are not affected by this...

6.1CVSS7.4AI score0.04689EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•42 views

K15244523: 389-ds-base vulnerability CVE-2021-4091

Security Advisory Description A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash. CVE-2021-4091 Impact There is no impact; F5 products ar...

7.5CVSS6.5AI score0.02014EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•42 views

K12487579: Apache vulnerabilities CVE-2018-1282, CVE-2018-1284, CVE-2018-1295, CVE-2018-1308, and CVE-2018-1315

Security Advisory Description CVE-2018-1282 This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation. CVE-2018-1284 In Apache Hive 0.6.0 to 2.3.2,...

9.8CVSS6.6AI score0.20937EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•42 views

K42059040: Binutils vulnerability CVE-2019-9075

Security Advisory Description An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in bfdarchive64bitslurparmap in archive64.c. CVE-2019-9075 Impact Successful exploitation of this vulnerability could...

7.8CVSS7.8AI score0.01697EPSS
Exploits1Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•42 views

K52514501: MySQL vulnerabilities CVE-2019-2596, CVE-2019-2606, CVE-2019-2607, CVE-2019-2614, and CVE-2019-2617

Security Advisory Description CVE-2019-2596 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

4.9CVSS5.2AI score0.0281EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•42 views

K41102235: Tomcat vulnerability CVE-2021-43980

Security Advisory Description The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to...

3.7CVSS7.1AI score0.01912EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•43 views

K04884013: NGINX Controller vulnerability CVE-2021-23019

Security Advisory Description The NGINX Controller Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package. CVE-2021-23019 Impact The Administrator password is exposed in the NGINX support package. This password leak occurs only when you enabled...

7.8CVSS7.6AI score0.00239EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•42 views

K73078449: Moveable Type vulnerability CVE-2021-20837

Security Advisory Description Movable Type 7 r.5002 and earlier Movable Type 7 Series, Movable Type 6.8.2 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.5002 and earlier Movable Type Advanced 7 Series, Movable Type Advanced 6.8.2 and earlier Movable Type Advanced 6 Series, Movable...

9.8CVSS9.5AI score0.88144EPSS
Exploits11
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•42 views

K28280935: Linux kernel vulnerability CVE-2018-18386

Security Advisory Description drivers/tty/ntty.c in the Linux kernel before 4.14.11 allows local attackers who are able to access pseudo terminals to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ. CVE-2018-18386 Impact There is no...

3.3CVSS5.7AI score0.00413EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•42 views

K95065016: glibc vulnerability CVE-2018-11236

Security Advisory Description stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and,...

9.8CVSS9.2AI score0.074EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•42 views

K53197140: BIG-IP iControl REST and tmsh vulnerabilities CVE-2022-26835

Security Advisory Description Directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell tmsh commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files...

4.9CVSS5.2AI score0.01775EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•42 views

K41815723: Java SE vulnerability CVE-2017-10078

Security Advisory Description Vulnerability in the Java SE component of Oracle Java SE subcomponent: Scripting. The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java S...

8.1CVSS7.5AI score0.02402EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:32 p.m.•42 views

K54212139: Kernel vulnerability CVE-2017-0861

Security Advisory Description Use-after-free vulnerability in the sndpcminfo function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. CVE-2017-0861 Impact There is no impact; F5 products are not affected by this vulnerability. Security Adviso...

7.8CVSS7.1AI score0.00427EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:29 p.m.•42 views

K16117: Multiple libvirt vulnerabilities

Security Advisory Description CVE-2013-4292 libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service memory consumption via a large number of domain migrate parameters in certain RPC calls in 1 daemon/remote.c and 2 remote/remotedriver.c. CVE-2013-4399 The remoteClientFreeFunc...

7.2CVSS8AI score0.02791EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:26 p.m.•42 views

K3631: Stack-based buffer overflow in Apache - CAN-2004-0488

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

7.5CVSS7.8AI score0.37681EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:18 p.m.•42 views

K75253136: GnuPG vulnerability CVE-2013-4242

Security Advisory Description GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. CVE-2013-4242 Impact A local user may obtain...

1.9CVSS5.1AI score0.00533EPSS
Exploits0Affected Software19
F5 Networks
F5 Networks
•added 2023/02/21 6:17 p.m.•42 views

K12794: GNU C Library vulnerability CVE-2010-4052

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this Solution have not been evaluated for...

5CVSS8.6AI score0.51298EPSS
Exploits12
F5 Networks
F5 Networks
•added 2023/02/21 6:17 p.m.•42 views

K12793: GNU C Library vulnerability CVE-2010-4051

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

5CVSS6AI score0.39995EPSS
Exploits12
F5 Networks
F5 Networks
•added 2023/02/21 6:17 p.m.•42 views

K5278: Apache mod_ssl SSLVerifyClient bypass - CAN-2005-2700

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...

10CVSS6.5AI score0.30576EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:15 p.m.•42 views

K34352169: Apache Struts vulnerability CVE-2012-0393

Security Advisory Description The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object. CVE-2012-0393...

6.4CVSS9AI score0.38261EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:14 p.m.•42 views

K22454130: Linux kernel vulnerability CVE-2020-29534

Security Advisory Description An issue was discovered in the Linux kernel before 5.9.3. iouring takes a non-refcounted reference to the filesstruct of the process that submitted a request, causing execve to incorrectly optimize unsharefd, aka CID-0f2122045b94. CVE-2020-29534 Impact There is no...

7.8CVSS5.8AI score0.00454EPSS
Exploits1
Total number of security vulnerabilities5000