Lucene search
K

6402 matches found

F5 Networks
F5 Networks
•added 2024/07/02 6:2 a.m.•40 views

K000140225: Codemirror vulnerability CVE-2020-7760

Security Advisory Description This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in...

7.5CVSS6.4AI score0.05197EPSS
Exploits1
F5 Networks
F5 Networks
•added 2024/06/05 4:13 p.m.•40 views

K000139917: Libxml2 vulnerability CVE-2022-40303

Security Advisory Description An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading ...

7.5CVSS6.7AI score0.22791EPSS
Exploits2
F5 Networks
F5 Networks
•added 2024/05/14 2:20 p.m.•40 views

K000139607: MySQL Server vulnerabilities CVE-2024-21013 and CVE-2024-21062

Security Advisory Description CVE-2024-21013 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces...

4.9CVSS4.6AI score0.00891EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/05/10 1:38 p.m.•40 views

K000139580: MySQL Server vulnerability CVE-2024-20998

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

4.9CVSS5.1AI score0.0097EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/05/08 12:52 p.m.•40 views

K000138728: BIG-IP IPsec vulnerability CVE-2024-33608

Security Advisory Description When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2024-33608 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote unauthenticated attacker to...

7.5CVSS6.9AI score0.00593EPSS
Exploits0Affected Software12
F5 Networks
F5 Networks
•added 2024/04/09 3:36 p.m.•40 views

K000139236: Apache Traffic Server HTTP/2 CONTINUATION DoS attack vulnerability CVE-2024-31309

Security Advisory Description HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. CVE-2024-31309 Impact There is no impact; F5 products are not affected by this...

7.5CVSS8AI score0.94615EPSS
Exploits1
F5 Networks
F5 Networks
•added 2024/03/21 5:44 p.m.•40 views

K000138977: ncurses vulnerability CVE-2022-29458

Security Advisory Description ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convertstrings in tinfo/readentry.c in the terminfo library. CVE-2022-29458 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Stat...

7.1CVSS6.5AI score0.01341EPSS
Exploits1
F5 Networks
F5 Networks
•added 2024/02/14 6:3 p.m.•40 views

K000138618: BIND vulnerability CVE-2023-5680

Security Advisory Description If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1...

5.3CVSS5.5AI score0.00624EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/02/14 1:47 p.m.•40 views

K000135946: BIG-IP PEM vulnerability CVE-2024-23982

Security Advisory Description When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023...

7.5CVSS7.6AI score0.00515EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/12/01 11:43 p.m.•40 views

K000137761: Apache ActiveMQ vulnerability CVE-2023-46604

Security Advisory Description The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in...

10CVSS8.3AI score0.99654EPSS
Exploits31
F5 Networks
F5 Networks
•added 2023/10/10 10:37 a.m.•40 views

K000133467: BIG-IP HTTP/2 vulnerability CVE-2023-40534

Security Advisory Description Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server and an iRule using the HTTPREQUEST event or Local Traffic Policy are associated with t...

7.5CVSS7.8AI score0.00538EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/10/09 4:59 p.m.•40 views

K000137188: AMD CPU vulnerability CVE-2021-26401

Security Advisory Description LFENCE/JMP mitigation V2-2 may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. CVE-2021-26401 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supporte...

5.6CVSS7.1AI score0.00288EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/09/04 5:30 a.m.•40 views

K000136079: Redis vulnerability CVE-2022-0543

Security Advisory Description It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a Debian-specific Lua sandbox escape, which could result in remote code execution. CVE-2022-0543 Impact There is no impact; F5 products are not affected by this...

10CVSS9.3AI score0.9967EPSS
Exploits10
F5 Networks
F5 Networks
•added 2023/05/24 9:20 p.m.•40 views

K000134768: Linux kernel vulnerability CVE-2022-4378

Security Advisory Description A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2022-4378 Impact A locally...

7.8CVSS7.1AI score0.00431EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/04/24 4:28 p.m.•40 views

K000133644: Linux kernel vulnerability CVE-2023-0266

Security Advisory Description A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRVCTLIOCTLELEMREAD|WRITE32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend...

7.9CVSS7.4AI score0.03702EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/27 3:9 a.m.•40 views

K000132764: SSL Certificates in Mozilla vulnerability CVE-2022-23491

Security Advisory Description Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being...

7.5CVSS6.3AI score0.00535EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 8:2 p.m.•40 views

K22843911: F5 Path MTU Discovery vulnerability CVE-2015-7759

Security Advisory Description BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1, when the TCP profile for a virtual server is configured with Congestion Metrics Cache enabled, allow remote attackers to cause a denial of service Traffic Management Microkernel TM...

4.3CVSS4.9AI score0.01516EPSS
Exploits0Affected Software8
F5 Networks
F5 Networks
•added 2023/02/21 8:2 p.m.•40 views

K14051233: Linux kernel vulnerability CVE-2017-13715

Security Advisory Description The skbflowdissect function in net/core/flowdissector.c in the Linux kernel before 4.3 does not ensure that nproto, ipproto, and thoff are initialized, which allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via a...

10CVSS7.5AI score0.09652EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 8:2 p.m.•40 views

K11772107: BIG-IP and BIG-IQ cloud image vulnerability CVE-2016-2084

Security Advisory Description There is an issue with regenerating certificates and keys when deploying BIG-IP and BIG-IQ cloud images in Amazon Web Services AWS, Azure or Verizon cloud services environments. CVE-2016-2084 Note : CVE-2016-2084 impacts only BIG-IP or BIG-IQ AWS, Azure, or Verizon...

7.4CVSS7.6AI score0.00791EPSS
Exploits0Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 8:2 p.m.•40 views

K01276005: OpenSSL vulnerability CVE-2016-2182

Security Advisory Description The BNbn2dec function in crypto/bn/bnprint.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly have unspecified other impact via unknow...

9.8CVSS8.5AI score0.44218EPSS
Exploits1Affected Software26
F5 Networks
F5 Networks
•added 2023/02/21 8:2 p.m.•40 views

K78530002: Java vulnerability CVE-2013-5803

Security Advisory Description Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via...

2.6CVSS7.2AI score0.03864EPSS
Exploits0Affected Software4
F5 Networks
F5 Networks
•added 2023/02/21 8:1 p.m.•40 views

K15359: OpenSSL vulnerability CVE-2009-1378

Security Advisory Description Multiple memory leaks in the dtls1processoutofseqmessage function in ssl/d1both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service memory consumption via DTLS records that 1 are duplicates or 2 have sequence numbers muc...

5CVSS7.8AI score0.12746EPSS
Exploits12
F5 Networks
F5 Networks
•added 2023/02/21 8:1 p.m.•40 views

K14930: PHP vulnerability CVE-2011-4718

Security Advisory Description Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. CVE-2011-4718 Impact None Security Advisory Status To determine if your release is known to be vulnerable, the...

6.8CVSS8.4AI score0.036EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 8:0 p.m.•40 views

K21344224: Lazy FP state restore vulnerability CVE-2018-3665

Security Advisory Description System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. CVE-2018-3665 A Floating-Point FP state...

5.6CVSS7.5AI score0.00611EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 8:0 p.m.•40 views

K20541896: iControl REST and tmsh vulnerability CVE-2019-6621

Security Advisory Description On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ 7.0.0-7.1.0.2, 6.0.0-6.1.0, and 5.1.0-5.4.0, an undisclosed iControl REST worker is vulnerable to command injection by an admin/resource admin...

7.2CVSS7.4AI score0.01965EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•40 views

K15261: Apache Struts vulnerability CVE-2014-0112

Security Advisory Description ParametersInterceptor in Apache Struts before 2.3.16.2 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. CVE-2014-0112 Impact None. F5 products do...

7.5CVSS8.2AI score0.98094EPSS
Exploits6
F5 Networks
F5 Networks
•added 2023/02/21 7:56 p.m.•40 views

K23391972: cURL and libcurl vulnerability CVE-2016-8622

Security Advisory Description The URL percent-encoding decode function in libcurl before 7.51.0 is called curleasyunescape. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable...

9.8CVSS8.2AI score0.0467EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:56 p.m.•40 views

K46123931: cURL and libcurl vulnerability CVE-2016-8619

Security Advisory Description The function readdata in security.c in curl before version 7.51.0 is vulnerable to memory double free. CVE-2016-8619 Impact An attacker may use this vulnerability to exploit the usage of the cURL command with Kerberos authentication on custom BIG-IP monitors and/or t...

9.8CVSS7.9AI score0.04989EPSS
Exploits0Affected Software16
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•40 views

K23134279: Node.js vulnerability CVE-2016-2216

Security Advisory Description The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters...

7.5CVSS8.6AI score0.07013EPSS
Exploits0Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 7:53 p.m.•40 views

K15956: Linux kernel vulnerability CVE-2014-2568

Security Advisory Description Use-after-free vulnerability in the nfqnlzcopy function in net/netfilter/nfnetlinkqueuecore.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the...

2.9CVSS6.2AI score0.01015EPSS
Exploits2Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:51 p.m.•40 views

K86612211: Apache vulnerability CVE-2018-17189

Security Advisory Description In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

5.3CVSS6.2AI score0.19404EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:49 p.m.•40 views

K20145801: Mozilla NSS vulnerability CVE-2016-1979

Security Advisory Description Use-after-free vulnerability in the PK11ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services NSS before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified othe...

8.8CVSS9.6AI score0.02171EPSS
Exploits0Affected Software21
F5 Networks
F5 Networks
•added 2023/02/21 7:47 p.m.•40 views

K17381: OpenJDK vulnerability CVE-2014-0428

Security Advisory Description Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. CVE-2014-0428 Impact There is no impact; F5 products...

10CVSS5.5AI score0.06051EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:47 p.m.•40 views

K16505: NTP vulnerability CVE-2015-1798

Security Advisory Description The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC...

1.8CVSS6.3AI score0.02219EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:45 p.m.•40 views

K30409575: ISC DHCP vulnerability CVE-2016-2774

Security Advisory Description ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service INSIST assertion failure or request-processing outage by establishing many sessions...

7.1CVSS6.7AI score0.73622EPSS
Exploits0Affected Software6
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•40 views

K16912: BIND vulnerability CVE-2015-4620

Security Advisory Description name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit by constructing...

7.8CVSS7.8AI score0.37872EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 7:33 p.m.•40 views

K15922322: MySQL vulnerability CVE-2016-8288

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin. CVE-2016-8288 Impact There is no impact; F5 products are not affected by this...

4.9CVSS5.1AI score0.01619EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:29 p.m.•40 views

K15785: Kerberos vulnerability CVE-2013-6800

Security Advisory Description An unspecified third-party database module for the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.10.x allows remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash via a crafted request, a different vulnerability...

4CVSS6.8AI score0.02608EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:27 p.m.•40 views

K17453: Subversion vulnerabilities CVE-2015-0248, CVE-2015-0251, and CVE-2015-3187

Security Advisory Description CVE-2015-0248 The 1 moddavsvn and 2 svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service assertion failure and abort via crafted parameter combinations related to dynamically evaluated revisi...

5CVSS7.3AI score0.12841EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:27 p.m.•40 views

K15885: GNU C Library vulnerability CVE-2011-1071

Security Advisory Description The GNU C Library aka glibc or libc6 before 2.12.2 and Embedded GLIBC EGLIBC allow context-dependent attackers to execute arbitrary code or cause a denial of service memory consumption via a long UTF8 string that is used in an fnmatch call, aka a "stack extension...

5.1CVSS5.8AI score0.14323EPSS
Exploits1Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 7:26 p.m.•40 views

K1907: mod_ssl and Apache_SSL buffer overflow - CAN-2002-0082

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

7.5CVSS6.4AI score0.29878EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:26 p.m.•40 views

K12915342: Linux kernel vulnerability CVE-2018-14625

Security Advisory Description A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect and close function may allow an attacker using the AFVSOCK protocol to gather a 4 byte informatio...

7CVSS6.2AI score0.00333EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:8 p.m.•40 views

K15358: OpenSSL vulnerability CVE-2009-0590

Security Advisory Description The ASN1STRINGprintex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service invalid memory access and application crash via vectors that trigger printing of a 1 BMPString or 2 UniversalString with an invalid encoded length...

5CVSS8.4AI score0.06194EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:7 p.m.•40 views

K14410: Multiple MySQL vulnerabilities

Security Advisory Description For BIG-IP systems using the MySQL database, the following MySQL vulnerabilities may allow local users to gain knowledge of sensitive information, manipulate certain data, or cause a Denial of Service DoS: CVE-2011-2262 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101...

5.5CVSS5.3AI score0.03309EPSS
Exploits0Affected Software7
F5 Networks
F5 Networks
•added 2023/02/21 7:3 p.m.•40 views

K15345: GnuTLS vulnerability CVE-2014-3466

Security Advisory Description Buffer overflow in the readserverhello function in lib/gnutlshandshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service memory corruption or possibly execute arbitrary code via a long session id...

6.8CVSS9.3AI score0.11221EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:1 p.m.•40 views

K16821: Apache Axis vulnerability CVE-2014-3596

Security Advisory Description The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers v...

5.8CVSS7.3AI score0.05806EPSS
Exploits0Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 7:0 p.m.•40 views

K09417637: Samba vulnerability CVE-2015-3223

Security Advisory Description The ldbwildcardcompare function in ldbmatch.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service infini...

5.3CVSS6.5AI score0.06884EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:0 p.m.•40 views

K27638900: Apache Struts vulnerability CVE-2017-15707

Security Advisory Description In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. CVE-2017-15707 Impact There is no impact; F5 products are not affecte...

6.2CVSS6.6AI score0.04889EPSS
Exploits2
F5 Networks
F5 Networks
•added 2023/02/21 7:0 p.m.•40 views

K01311152: Linux kernel vulnerabilities CVE-2020-36322 and CVE-2021-28950

Security Advisory Description CVE-2020-36322 An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fusedogetattr calls makebadinode in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability w...

5.5CVSS6.3AI score0.00378EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:59 p.m.•40 views

K21057235: libpng out-of-bounds read vulnerability CVE-2015-7981

Security Advisory Description The pngconverttorfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds...

5CVSS7.8AI score0.06359EPSS
Exploits1Affected Software21
Total number of security vulnerabilities5000