Lucene search
+L

6421 matches found

f5
f5
•added 2023/02/21 7:47 p.m.•39 views

K17386: vCMP DoS vulnerability CVE-2015-6546

Security Advisory Description An attacker sourcing malicious traffic from a network adjacent to the BIG-IP system may be able to cause a denial-of-service DoS condition on a vCMP host and the vCMP guests running on it. The vulnerability cannot be exploited outside of the local network segment or ...

6.1CVSS6.3AI score0.00721EPSS
Exploits0Affected Software13
f5
f5
•added 2023/02/21 7:42 p.m.•39 views

K3568: DNS denial of service vulnerability - CAN-2004-0789

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

5CVSS6.5AI score0.02765EPSS
Exploits0
f5
f5
•added 2023/02/21 7:40 p.m.•39 views

K73455417: obs-service-extract_file package vulnerability CVE-2016-4007

Security Advisory Description Multiple unspecified vulnerabilities in the obs-service-extractfile package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal...

10CVSS9.6AI score0.02474EPSS
Exploits0
f5
f5
•added 2023/02/21 7:39 p.m.•39 views

K74759095: SafeNet External Network HSM script vulnerability CVE-2017-6165

Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM...

9.8CVSS9.4AI score0.01925EPSS
Exploits0Affected Software11
f5
f5
•added 2023/02/21 7:33 p.m.•39 views

K15903: Multiple PHP vulnerabilities

Security Advisory Description Description CVE-2012-3365 The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors. CVE-2012-2329 Buffer overflow in the apacherequestheaders function in sapi/cgi/cgimain.c in PHP 5.4...

7.5CVSS9.3AI score0.62649EPSS
Exploits21
f5
f5
•added 2023/02/21 7:33 p.m.•39 views

K11091514: MySQL vulnerability CVE-2016-5626

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. CVE-2016-5626 Impact There is no impact; F5 products are not affected by this...

6.5CVSS6.4AI score0.06045EPSS
Exploits0
f5
f5
•added 2023/02/21 7:33 p.m.•39 views

K09408132: glibc vulnerability CVE-2011-1659

Security Advisory Description Integer overflow in posix/fnmatch.c in the GNU C Library aka glibc or libc6 2.13 and earlier allows context-dependent attackers to cause a denial of service application crash via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a...

5CVSS5AI score0.02856EPSS
Exploits1Affected Software10
f5
f5
•added 2023/02/21 7:29 p.m.•39 views

K12130880: BIG-IP APM client for Linux and macOS vulnerability CVE-2018-15332

Security Advisory Description The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition. CVE-2018-15332 Impact A...

7CVSS6.7AI score0.00319EPSS
Exploits0Affected Software2
f5
f5
•added 2023/02/21 7:29 p.m.•39 views

K15784: Kerberos vulnerability CVE-2013-1418

Security Advisory Description The setupserverrealm function in main.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted...

4.3CVSS6.8AI score0.05508EPSS
Exploits0Affected Software1
f5
f5
•added 2023/02/21 7:27 p.m.•39 views

K12650: PHP vulnerability CVE-2010-4645

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

5CVSS9AI score0.15103EPSS
Exploits1
f5
f5
•added 2023/02/21 7:27 p.m.•39 views

K3279: Heap-based buffer overflow in mod_proxy - CAN-2004-0492

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

10CVSS7.8AI score0.33639EPSS
Exploits0
f5
f5
•added 2023/02/21 7:5 p.m.•39 views

K17248: OpenSSL vulnerability CVE-2010-0742

Security Advisory Description The Cryptographic Message Syntax CMS implementation in crypto/cms/cmsasn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or...

7.5CVSS8.3AI score0.07834EPSS
Exploits2Affected Software9
f5
f5
•added 2023/02/21 7:4 p.m.•39 views

K08421805: GStreamer vulnerability CVE-2016-9635

Security Advisory Description Heap-based buffer overflow in the flxdecodedeltafli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash by providing a skip count that goes...

9.8CVSS9.3AI score0.09267EPSS
Exploits1
f5
f5
•added 2023/02/21 7:2 p.m.•39 views

K68942513: Java vulnerability CVE-2013-5780

Security Advisory Description Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via...

4.3CVSS6.9AI score0.03433EPSS
Exploits0Affected Software5
f5
f5
•added 2023/02/21 7:0 p.m.•39 views

K37111863: NodeJS vulnerability CVE-2018-12120

Security Advisory Description Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the...

8.1CVSS8AI score0.04277EPSS
Exploits0Affected Software14
f5
f5
•added 2023/02/21 7:0 p.m.•39 views

K47605350: MySQL vulnerability CVE-2016-5631

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached. CVE-2016-5631 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...

4.9CVSS5.5AI score0.02471EPSS
Exploits0
f5
f5
•added 2023/02/21 7:0 p.m.•39 views

K44453423: IP-in-IP Packet Processing vulnerability CVE-2020-10136

Security Advisory Description Multiple products that implement the IP Encapsulation within IP standard RFC 2003, STD 1 decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface an...

5.3CVSS5.7AI score0.28537EPSS
Exploits0
f5
f5
•added 2023/02/21 7:0 p.m.•39 views

K04327352: Multiple MySQL data manipulation language vulnerabilities

Security Advisory Description CVE-2017-3634 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network acces...

6.5CVSS6.2AI score0.03198EPSS
Exploits0
f5
f5
•added 2023/02/21 6:59 p.m.•39 views

K51197241: ICU vulnerability CVE-2020-10531

Security Advisory Description An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend function in common/unistr.cpp. CVE-2020-10531 Impact There is no impact; F5...

8.8CVSS8AI score0.02669EPSS
Exploits0
f5
f5
•added 2023/02/21 6:59 p.m.•39 views

K16356: BIND vulnerability CVE-2015-1349

Security Advisory Description named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service assertion failure and daemon exit, or daemon crash by triggering a...

5.4CVSS7.8AI score0.22168EPSS
Exploits0Affected Software18
f5
f5
•added 2023/02/21 6:58 p.m.•39 views

K15551553: OpenSSL vulnerability CVE-2017-3730

Security Advisory Description In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack...

7.5CVSS7.5AI score0.55294EPSS
Exploits5
f5
f5
•added 2023/02/21 6:55 p.m.•39 views

K21274200: Linux kernel vulnerability CVE-2017-16914

Security Advisory Description The "stubsendretsubmit" function drivers/usb/usbip/stubtx.c in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service NULL pointer dereference via a specially crafted USB over IP packet. CVE-2017-16914 Impact...

7.1CVSS5.9AI score0.04373EPSS
Exploits0Affected Software1
f5
f5
•added 2023/02/21 6:55 p.m.•39 views

K71522481: Java vulnerability CVE-2021-2163

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition:...

5.3CVSS5.5AI score0.03566EPSS
Exploits0
f5
f5
•added 2023/02/21 6:54 p.m.•39 views

K20722197: Samba vulnerability CVE-2017-2619

Security Advisory Description Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. CVE-2017-2619 Impact There is no impact; F5 products are not affected b...

7.5CVSS6.7AI score0.11181EPSS
Exploits3
f5
f5
•added 2023/02/21 6:54 p.m.•39 views

K24301698: TMUI XSS vulnerability CVE-2021-23027

Security Advisory Description A DOM based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2021-23027 Impact An attacker may exploit this...

6.1CVSS6AI score0.00581EPSS
Exploits0Affected Software13
f5
f5
•added 2023/02/21 6:54 p.m.•39 views

K55518036: GO vulnerability CVE-2021-31525

Security Advisory Description net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. CVE-2021-31525 Impact There...

5.9CVSS7.4AI score0.03692EPSS
Exploits0
f5
f5
•added 2023/02/21 6:53 p.m.•39 views

K72403108: tcpdump vulnerabilities CVE-2016-7926, CVE-2016-7932, and CVE-2016-7938

Security Advisory Description CVE-2016-7926 The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertypeprint. CVE-2016-7932 The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2checkchecksum. CVE-2016-7938 The ZeroMQ parser in tcpdump...

9.8CVSS8.6AI score0.03198EPSS
Exploits0Affected Software21
f5
f5
•added 2023/02/21 6:53 p.m.•39 views

K00498403: Libgcrypt vulnerability CVE-2021-3345

Security Advisory Description gcrymdblockwrite in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later. CVE-2021-3345 Impact There is no impact; F5 products are not...

7.8CVSS7.9AI score0.01064EPSS
Exploits0
f5
f5
•added 2023/02/21 6:53 p.m.•39 views

K53931245: BIG-IP SSL profile vulnerability CVE-2018-5524

Security Advisory Description Under certain conditions, virtual servers configured with Client SSL or Server SSL profiles that make use of network hardware security module HSM functionality are exposed and impacted by this issue. CVE-2018-5524 Impact Malformed Transport Layer Security TLS request...

5.3CVSS5.4AI score0.01719EPSS
Exploits0Affected Software11
f5
f5
•added 2023/02/21 6:52 p.m.•39 views

K17528: NTP vulnerability CVE-2015-7850

Security Advisory Description ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service infinite loop or crash by pointing the key file at the log file. CVE-2015-7850 Impact Under certain specific conditions, an attacker can send a se...

6.5CVSS6.2AI score0.04973EPSS
Exploits0Affected Software22
f5
f5
•added 2023/02/21 6:52 p.m.•39 views

K20134942: SSL Forward Proxy vulnerability CVE-2018-5527

Security Advisory Description A remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel TMM to leak memory. As a result, system memory usage...

7.8CVSS7.5AI score0.02577EPSS
Exploits0Affected Software13
f5
f5
•added 2023/02/21 6:49 p.m.•39 views

K04246541: MySQL vulnerabilities CVE-2019-2689, CVE-2019-2691, CVE-2019-2693, CVE-2019-2694, and CVE-2019-2695

Security Advisory Description CVE-2019-2689 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

6.5CVSS5.4AI score0.02099EPSS
Exploits0
f5
f5
•added 2023/02/21 6:49 p.m.•39 views

K58235223: BIG-IP APM access policy vulnerability CVE-2022-35245

Security Advisory Description When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-35245 Impact Traffic is disrupted while TMM restarts. This vulnerability allows an attacker to cause a...

7.5CVSS7.3AI score0.00681EPSS
Exploits0Affected Software1
f5
f5
•added 2023/02/21 6:49 p.m.•39 views

K22415133: cURL vulnerability CVE-2021-22898

Security Advisory Description curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcur...

3.1CVSS6.5AI score0.04385EPSS
Exploits1
f5
f5
•added 2023/02/21 6:48 p.m.•39 views

K37121474: Binutils vulnerability CVE-2019-9073

Security Advisory Description An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in bfdelfslurpversiontables in elf.c. CVE-2019-9073 Impact There is no impact; F5 products are not affect...

5.5CVSS7.1AI score0.01097EPSS
Exploits1
f5
f5
•added 2023/02/21 6:48 p.m.•39 views

K61186963: cURL vulnerability CVE-2020-8285

Security Advisory Description curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. CVE-2020-8285 Impact A malicious FTP server can trigger a stack overflow and cause a denial-of-service DoS on the F5 product that ...

7.5CVSS6.8AI score0.09917EPSS
Exploits1Affected Software18
f5
f5
•added 2023/02/21 6:48 p.m.•39 views

K71080411: Linux kernel vulnerability CVE-2021-4155

Security Advisory Description A data leak flaw was found in the way XFSIOCALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. CVE-2021-4155 Impact Ther...

5.5CVSS6.6AI score0.00286EPSS
Exploits0
f5
f5
•added 2023/02/21 6:47 p.m.•39 views

K01587042: BIG-IP SPDY and HTTP/2 profile vulnerability CVE-2016-7475

Security Advisory Description Under some circumstances, the Traffic Management Microkernel TMM may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles. CVE-2016-7475 Impact In many cases, the pool members will tear down these network connections...

7.5CVSS7.4AI score0.01321EPSS
Exploits0Affected Software8
f5
f5
•added 2023/02/21 6:47 p.m.•39 views

K94563344: HTTP/2 ALPN vulnerability CVE-2019-6619

Security Advisory Description The Traffic Management Microkernel TMM may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation ALPN enabled and it processes traffic where the ALPN extension size is zero. CVE-2019-6619 Impact BIG-IP The Traffic Management...

7.5CVSS7.4AI score0.01766EPSS
Exploits0
f5
f5
•added 2023/02/21 6:47 p.m.•39 views

K14342624: MySQL vulnerability CVE-2016-5633

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-8290. CVE-2016-5633 Impact There is no impact; F5 products are...

4.9CVSS4.5AI score0.02471EPSS
Exploits0
f5
f5
•added 2023/02/21 6:47 p.m.•39 views

K68785753: ImageMagick vulnerability CVE-2015-8898

Security Advisory Description The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted image file. CVE-2015-8898 Impact BIG-IP systems that use a WebAcceleration profile configured wit...

5.5CVSS7.7AI score0.01991EPSS
Exploits0Affected Software2
f5
f5
•added 2023/02/21 6:35 p.m.•39 views

K97285349: XSS vulnerability in the BIG-IP and Enterprise Manager Configuration utilities CVE-2016-7469

Security Advisory Description A stored cross-site scripting XSS vulnerability in the BIG-IP Configuration utility device name change page allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cau...

5.4CVSS5.2AI score0.00947EPSS
Exploits0Affected Software16
f5
f5
•added 2023/02/21 6:35 p.m.•39 views

K68609614: Linux kernel vulnerability CVE-2011-0699

Security Advisory Description Integer signedness error in the btrfsioctlspaceinfo function in the Linux kernel 2.6.37 allows local users to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted slot value. CVE-2011-0699 Impact There is no...

7CVSS6.6AI score0.00315EPSS
Exploits0
f5
f5
•added 2023/02/21 6:35 p.m.•39 views

K46401178: BIG-IP Configuration utility vulnerability CVE-2019-6599

Security Advisory Description Improper escaping of values in an undisclosed page of the BIG-IP Configuration utility may result in an improper handling on the JSON response when it is injected by a malicious script through a remote cross-site scripting XSS attack. CVE-2019-6599 Impact BIG-IP and...

6.1CVSS6.2AI score0.0081EPSS
Exploits0
f5
f5
•added 2023/02/21 6:35 p.m.•39 views

K31211252: glibc vulnerability CVE-2014-9761

Security Advisory Description Multiple stack-based buffer overflows in the GNU C Library aka glibc or libc6 before 2.23 allow context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a long argument to the 1 nan, 2 nanf, or 3 nanl function...

9.8CVSS8.8AI score0.05506EPSS
Exploits2Affected Software23
f5
f5
•added 2023/02/21 6:35 p.m.•39 views

K62602089: Binutils vulnerabilities CVE-2018-20002 and CVE-2018-20657

Security Advisory Description CVE-2018-20002 The bfdgenericreadminisymbols function in syms.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service memory consumption, as demonstrated by...

7.5CVSS6.5AI score0.04037EPSS
Exploits2Affected Software1
f5
f5
•added 2023/02/21 6:35 p.m.•39 views

K31573032: Tomcat vulnerability CVE-2020-13943

Security Advisory Description If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made...

4.3CVSS7.2AI score0.57286EPSS
Exploits0
f5
f5
•added 2023/02/21 6:34 p.m.•39 views

K31022653: Spring Framework vulnerability CVE-2018-1257

Security Advisory Description Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or...

6.5CVSS6.9AI score0.03279EPSS
Exploits0
f5
f5
•added 2023/02/21 6:34 p.m.•39 views

K56061418: glibc vulnerability CVE-2016-6323

Security Advisory Description The makecontext function in the GNU C Library aka glibc or libc6 before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI 32-bit platforms, which might allow context-dependent attackers to cause a denial of service hang, as demonstrated by...

7.5CVSS7.6AI score0.03841EPSS
Exploits0
f5
f5
•added 2023/02/21 6:34 p.m.•39 views

K16016: Linux kernel SCTP vulnerability CVE-2014-7841

Security Advisory Description The sctpprocessparam function in net/sctp/smmakechunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service NULL pointer dereference and system crash via a malformed INIT chunk...

5CVSS6.4AI score0.0523EPSS
Exploits1Affected Software20
Total number of security vulnerabilities5000