Lucene search
K

6396 matches found

F5 Networks
F5 Networks
•added 2023/02/21 7:0 p.m.•38 views

K54431371: BIG-IP APM client for Linux and macOS vulnerability CVE-2018-5546

Security Advisory Description The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. CVE-2018-5546 Impact A...

7.8CVSS7.4AI score0.00453EPSS
Exploits1Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 7:0 p.m.•38 views

K44453423: IP-in-IP Packet Processing vulnerability CVE-2020-10136

Security Advisory Description Multiple products that implement the IP Encapsulation within IP standard RFC 2003, STD 1 decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface an...

5.3CVSS5.7AI score0.28537EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:59 p.m.•38 views

K52180214: MCPD vulnerability CVE-2016-7474

Security Advisory Description In some cases, the MCPD binary cache may allow a user with Advanced Shell access to temporarily obtain normally unrecoverable information. CVE-2016-7474 Impact A local user may have access to sensitive data such as passwords for recently created local user accounts a...

5.5CVSS5.6AI score0.00361EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 6:59 p.m.•38 views

K51197241: ICU vulnerability CVE-2020-10531

Security Advisory Description An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend function in common/unistr.cpp. CVE-2020-10531 Impact There is no impact; F5...

8.8CVSS8AI score0.02669EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:59 p.m.•38 views

K16356: BIND vulnerability CVE-2015-1349

Security Advisory Description named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service assertion failure and daemon exit, or daemon crash by triggering a...

5.4CVSS7.8AI score0.22168EPSS
Exploits0Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 6:55 p.m.•38 views

K25434422: NGINX Controller vulnerability CVE-2020-5899

Security Advisory Description Recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of...

7.8CVSS7.8AI score0.00185EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:55 p.m.•38 views

K73835689: Samba vulnerability CVE-2017-12150

Security Advisory Description It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text...

7.4CVSS6.6AI score0.13334EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:55 p.m.•38 views

K37428370: Intel Xeon access control vulnerability CVE-2019-0126

Security Advisory Description Insufficient access control in silicon reference firmware for IntelR XeonR Scalable Processor, IntelR XeonR Processor D Family may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. CVE-2019-0126 Impact Th...

7.2CVSS6.7AI score0.00401EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•38 views

K00183056: Samba vulnerability CVE-2017-12163

Security Advisory Description An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer,...

7.1CVSS6.1AI score0.0759EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•38 views

K57201259: Intel SGX vulnerabilities CVE-2019-14565, CVE-2019-14566

Security Advisory Description CVE-2019-14565 Insufficient initialization in IntelR SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via...

7.8CVSS7.4AI score0.00355EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•38 views

K51539421: BIG-IP SIP ALG profile vulnerability CVE-2022-26370

Security Advisory Description When a Session Initiation Protocol SIP message routing framework MRF application layer gateway ALG profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-26370 Impact...

7.5CVSS7.5AI score0.00764EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•38 views

K51758043: MySQL vulnerability CVE-2016-0639

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication. CVE-2016-0639 Impact There is no impact; F5 products ar...

10CVSS7.8AI score0.10144EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•38 views

K29215970: Linux kernel vulnerability CVE-2019-10125

Security Advisory Description An issue was discovered in aiopoll in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aiopollwake if an expected event is triggered immediately e.g., by the close of a pair of pipes after the return of vfspoll, and this will cause a...

10CVSS6.3AI score0.05258EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•38 views

K88628547: glibc vulnerability CVE-2019-6488

Security Advisory Description The string component in the GNU C Library aka glibc or libc6 through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for sizet in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as...

7.8CVSS7.9AI score0.00436EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•38 views

K62477129: MySQL vulnerability CVE-2016-5584

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. CVE-2016-5584 Impact There is no impact; F5 products a...

4.4CVSS6.5AI score0.01493EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•38 views

K00498403: Libgcrypt vulnerability CVE-2021-3345

Security Advisory Description gcrymdblockwrite in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later. CVE-2021-3345 Impact There is no impact; F5 products are not...

7.8CVSS7.9AI score0.01064EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•38 views

K34369533: Node.js vulnerability CVE-2018-7161

Security Advisory Description All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner th...

7.8CVSS7.6AI score0.07855EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:52 p.m.•38 views

K17528: NTP vulnerability CVE-2015-7850

Security Advisory Description ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service infinite loop or crash by pointing the key file at the log file. CVE-2015-7850 Impact Under certain specific conditions, an attacker can send a se...

6.5CVSS6.2AI score0.04973EPSS
Exploits0Affected Software22
F5 Networks
F5 Networks
•added 2023/02/21 6:51 p.m.•38 views

K81002094: PHP vulnerability CVE-2015-4148

Security Advisory Description The dosoapcall function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an...

5CVSS7.2AI score0.19961EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:49 p.m.•38 views

K04246541: MySQL vulnerabilities CVE-2019-2689, CVE-2019-2691, CVE-2019-2693, CVE-2019-2694, and CVE-2019-2695

Security Advisory Description CVE-2019-2689 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

6.5CVSS5.4AI score0.02099EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:49 p.m.•38 views

K22415133: cURL vulnerability CVE-2021-22898

Security Advisory Description curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcur...

3.1CVSS6.5AI score0.04385EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•38 views

K84884003: rsyslog vulnerability CVE-2019-17040

Security Advisory Description contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled. CVE-2019-17040 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...

9.8CVSS8.5AI score0.02415EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•38 views

K37121474: Binutils vulnerability CVE-2019-9073

Security Advisory Description An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in bfdelfslurpversiontables in elf.c. CVE-2019-9073 Impact There is no impact; F5 products are not affect...

5.5CVSS7.1AI score0.01097EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•38 views

K38742515: NTP vulnerability CVE-2018-7182

Security Advisory Description The ctlgetitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service out-of-bounds read via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. CVE-2018-7182 Impact There is no impact; F5 products a...

7.5CVSS6.8AI score0.2932EPSS
Exploits5
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•38 views

K10224912: PostgreSQL vulnerability CVE-2019-10208

Security Advisory Description A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE...

8.8CVSS7.9AI score0.0217EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•38 views

K61186963: cURL vulnerability CVE-2020-8285

Security Advisory Description curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. CVE-2020-8285 Impact A malicious FTP server can trigger a stack overflow and cause a denial-of-service DoS on the F5 product that ...

7.5CVSS6.8AI score0.09917EPSS
Exploits1Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•38 views

K71080411: Linux kernel vulnerability CVE-2021-4155

Security Advisory Description A data leak flaw was found in the way XFSIOCALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. CVE-2021-4155 Impact Ther...

5.5CVSS6.6AI score0.00286EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•38 views

K02652550: OpenSSL vulnerability CVE-2016-2180

Security Advisory Description The TSOBJprintbio function in crypto/ts/tslib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol TSP implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted...

7.5CVSS8.3AI score0.28533EPSS
Exploits1Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•38 views

K94563344: HTTP/2 ALPN vulnerability CVE-2019-6619

Security Advisory Description The Traffic Management Microkernel TMM may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation ALPN enabled and it processes traffic where the ALPN extension size is zero. CVE-2019-6619 Impact BIG-IP The Traffic Management...

7.5CVSS7.4AI score0.01766EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•38 views

K84891934: Oracle Access Manager vulnerability CVE-2018-2739 and CVE-2018-2587

Security Advisory Description CVE-2018-2739 Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware subcomponent: Web Server Plugin. Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated...

9.3CVSS7.7AI score0.02332EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•38 views

K14342624: MySQL vulnerability CVE-2016-5633

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-8290. CVE-2016-5633 Impact There is no impact; F5 products are...

4.9CVSS4.5AI score0.02471EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•38 views

K46121888: ssldump vulnerability CVE-2018-5519

Security Advisory Description Administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access for example, any user when licensed for Appliance Mode, this allows more permissive file access than...

5.5CVSS5.3AI score0.01039EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:46 p.m.•38 views

K25499204: Samba vulnerability CVE-2015-8467

Security Advisory Description The samldbcheckuseraccountcontrolacl function in dsdb/samdb/ldbmodules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote...

7.3AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:45 p.m.•38 views

K32450233: Linux kernel vulnerability CVE-2018-20854

Security Advisory Description An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant ctrl-phys out-of-bounds read. CVE-2018-20854 Impact There is no impact; F5 products are not affected by this vulnerability. Security...

7.8CVSS7.6AI score0.00391EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•38 views

K21121741: BIG-IP AFM SQL injection vulnerability CVE-2019-6658

Security Advisory Description A vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack. CVE-2019-6658 Impact An attacker may be able to extract table name enumeration and user account names. All other data available through the...

4.3CVSS5.5AI score0.00686EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•38 views

K16712298: libxml2 vulnerability CVE-2016-1834

Security Advisory Description Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service memory...

9.3CVSS7.8AI score0.04622EPSS
Exploits1Affected Software15
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•38 views

K00843201: Grafana vulnerability CVE-2019-15043

Security Advisory Description In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana. CVE-2019-15043 Impact An unauthorized user may be able to leverage the Grafana...

7.5CVSS6.5AI score0.63388EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•38 views

K40378764: F5 tmsh vulnerability CVE-2019-6642

Security Advisory Description Authenticated users with the ability to upload files via scp, for example can escalate their privileges to allow root shell access from within the TMOS Shell tmsh interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp...

9CVSS8.7AI score0.01821EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•38 views

K05211147: Kernel vulnerabilities CVE-2014-8559, CVE-2015-0275, CVE-2015-1333, CVE-2015-3212, and CVE-2015-4700

Security Advisory Description CVE-2014-8559 The dwalk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of renamelock, which allows local users to cause a denial of service deadlock and system hang via a crafted application. CVE-2015-0275 The...

5.5CVSS5.8AI score0.00738EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•38 views

K77323091: Objective Systems ASN1C Compiler vulnerability CVE-2016-5080

Security Advisory Description Integer overflow in the rtxMemHeapAlloc function in asn1rta.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow, on a system running an application...

10CVSS9.7AI score0.10064EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•38 views

K12541829: Binutils vulnerability CVE-2019-9072

Security Advisory Description An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setupgroup in elf.c. CVE-2019-9072 Impact There is no impact; F5 products are not affected by this...

5.5CVSS7.2AI score0.01159EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•38 views

K93543114: BIG-IP APM vulnerability CVE-2022-27181

Security Advisory Description When APM is configured on a virtual server and the associated access profile is configured with APM AAA NTLM Auth, undisclosed requests can cause an increase in internal resource utilization. CVE-2022-27181 Impact System performance can degrade while the system is...

5.3CVSS5.4AI score0.00854EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•38 views

K12139752: BIG-IP SNMPD vulnerability CVE-2019-6608

Security Advisory Description Under certain conditions, the snmpd process may leak memory on a multi-blade BIG-IP Virtual Clustered Multiprocessing vCMP guest when processing authorized SNMP requests. CVE-2019-6608 Impact Over time, the snmpd process consumes excessive memory, forcing the BIG-IP...

7.1CVSS5.9AI score0.01035EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•38 views

K45435121: DNS Express vulnerability CVE-2018-5538

Security Advisory Description On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable "dnsexpress.notifyport" is set to...

4.3CVSS4.7AI score0.00782EPSS
Exploits0Affected Software4
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•38 views

K47527163: CGNAT/PPTP vulnerability CVE-2019-6611

Security Advisory Description When processing certain rare data sequences occurring in PPTP VPN traffic, the BIG-IP system may execute incorrect logic. The TMM may restart and produce a core file as a result of this condition. The BIG-IP system provisioned with the CGNAT module and configured wit...

7.5CVSS7.5AI score0.01766EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•38 views

K23731034: PHP & libGD vulnerability CVE-2016-10167

Security Advisory Description The gdImageCreateFromGd2Ctx function in gdgd2.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to cause a denial of service application crash via a crafted image file. CVE-2016-10167 Impact There is no impact; F5 products are not affected b...

5.5CVSS6.4AI score0.03736EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•38 views

K51740320: BIND vulnerability CVE-2019-6468

Security Advisory Description In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet ECS features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion...

7.5CVSS5.5AI score0.02539EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:32 p.m.•38 views

K42185012: Java vulnerability CVE-2017-10118

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticat...

7.5CVSS7.2AI score0.02972EPSS
Exploits0Affected Software8
F5 Networks
F5 Networks
•added 2023/02/21 6:32 p.m.•38 views

K55376430: NTP vulnerabilities CVE-2020-13817

Security Advisory Description The ntpd in the network time protocol NTP before 4.2.8p14, and in 4.3.x before 4.3.100, allows remote attackers to cause a denial-of-service DoS, either daemon exit or system time change, by predicting transmit timestamps for use in spoofed packets. The victim must b...

7.4CVSS6.6AI score0.04071EPSS
Exploits0Affected Software16
F5 Networks
F5 Networks
•added 2023/02/21 6:29 p.m.•38 views

K15862: Multiple cURL and libcurl vulnerabilities CVE-2014-0015, CVE-2014-0138, and CVE-2014-0139

Security Advisory Description CVE-2014-0015 cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. CVE-2014-0138 The default configuration in...

6.4CVSS6.7AI score0.05599EPSS
Exploits1Affected Software18
Total number of security vulnerabilities5000