Lucene search
K

6396 matches found

F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•38 views

K40378764: F5 tmsh vulnerability CVE-2019-6642

Security Advisory Description Authenticated users with the ability to upload files via scp, for example can escalate their privileges to allow root shell access from within the TMOS Shell tmsh interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp...

9CVSS8.7AI score0.01821EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•38 views

K05211147: Kernel vulnerabilities CVE-2014-8559, CVE-2015-0275, CVE-2015-1333, CVE-2015-3212, and CVE-2015-4700

Security Advisory Description CVE-2014-8559 The dwalk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of renamelock, which allows local users to cause a denial of service deadlock and system hang via a crafted application. CVE-2015-0275 The...

5.5CVSS5.8AI score0.00738EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•38 views

K77323091: Objective Systems ASN1C Compiler vulnerability CVE-2016-5080

Security Advisory Description Integer overflow in the rtxMemHeapAlloc function in asn1rta.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow, on a system running an application...

10CVSS9.7AI score0.10064EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•38 views

K12541829: Binutils vulnerability CVE-2019-9072

Security Advisory Description An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setupgroup in elf.c. CVE-2019-9072 Impact There is no impact; F5 products are not affected by this...

5.5CVSS7.2AI score0.01159EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•38 views

K93543114: BIG-IP APM vulnerability CVE-2022-27181

Security Advisory Description When APM is configured on a virtual server and the associated access profile is configured with APM AAA NTLM Auth, undisclosed requests can cause an increase in internal resource utilization. CVE-2022-27181 Impact System performance can degrade while the system is...

5.3CVSS5.4AI score0.00854EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•38 views

K12139752: BIG-IP SNMPD vulnerability CVE-2019-6608

Security Advisory Description Under certain conditions, the snmpd process may leak memory on a multi-blade BIG-IP Virtual Clustered Multiprocessing vCMP guest when processing authorized SNMP requests. CVE-2019-6608 Impact Over time, the snmpd process consumes excessive memory, forcing the BIG-IP...

7.1CVSS5.9AI score0.01035EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•38 views

K45435121: DNS Express vulnerability CVE-2018-5538

Security Advisory Description On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable "dnsexpress.notifyport" is set to...

4.3CVSS4.7AI score0.00782EPSS
Exploits0Affected Software4
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•38 views

K47527163: CGNAT/PPTP vulnerability CVE-2019-6611

Security Advisory Description When processing certain rare data sequences occurring in PPTP VPN traffic, the BIG-IP system may execute incorrect logic. The TMM may restart and produce a core file as a result of this condition. The BIG-IP system provisioned with the CGNAT module and configured wit...

7.5CVSS7.5AI score0.01766EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•38 views

K23731034: PHP & libGD vulnerability CVE-2016-10167

Security Advisory Description The gdImageCreateFromGd2Ctx function in gdgd2.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to cause a denial of service application crash via a crafted image file. CVE-2016-10167 Impact There is no impact; F5 products are not affected b...

5.5CVSS6.4AI score0.03736EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•38 views

K51740320: BIND vulnerability CVE-2019-6468

Security Advisory Description In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet ECS features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion...

7.5CVSS5.5AI score0.02539EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:32 p.m.•38 views

K42185012: Java vulnerability CVE-2017-10118

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticat...

7.5CVSS7.2AI score0.02972EPSS
Exploits0Affected Software8
F5 Networks
F5 Networks
•added 2023/02/21 6:32 p.m.•38 views

K55376430: NTP vulnerabilities CVE-2020-13817

Security Advisory Description The ntpd in the network time protocol NTP before 4.2.8p14, and in 4.3.x before 4.3.100, allows remote attackers to cause a denial-of-service DoS, either daemon exit or system time change, by predicting transmit timestamps for use in spoofed packets. The victim must b...

7.4CVSS6.6AI score0.04071EPSS
Exploits0Affected Software16
F5 Networks
F5 Networks
•added 2023/02/21 6:29 p.m.•38 views

K15862: Multiple cURL and libcurl vulnerabilities CVE-2014-0015, CVE-2014-0138, and CVE-2014-0139

Security Advisory Description CVE-2014-0015 cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. CVE-2014-0138 The default configuration in...

6.4CVSS6.7AI score0.05599EPSS
Exploits1Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 6:29 p.m.•38 views

K14468: Client-side component flaw CVE-2013-0150

Security Advisory Description A flaw in a BIG-IP APM or FirePass client-side F5-signed component may allow a third party to install files on the client machine. Impact Affected components may allow third party code execution on the affected client. There is no impact to the BIG-IP or FirePass hos...

7.2AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:27 p.m.•38 views

K8424: Java Runtime Environment Vulnerability - CVE-2008-0657

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

10CVSS6.6AI score0.02839EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:19 p.m.•38 views

K16829: Linux vulnerability CVE-2014-7825

Security Advisory Description kernel/trace/tracesyscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service out-of-bounds read and OOPS or bypass the ASLR protection mechanis...

7.8CVSS5.2AI score0.00568EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:19 p.m.•38 views

K9592: bzip2 vulnerability CVE-2008-1372

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

4.3CVSS9.1AI score0.04519EPSS
Exploits2
F5 Networks
F5 Networks
•added 2023/02/21 6:12 p.m.•38 views

K15250: BIND vulnerability CVE-2014-3214

Security Advisory Description The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a DNS query that triggers a response with unspecified attributes...

5CVSS7.5AI score0.17259EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:9 p.m.•38 views

K15933: NTP vulnerability CVE-2014-9296

Security Advisory Description The receive function in ntpproto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets. CVE-2014-9296 Impact None. No F5...

5CVSS6.7AI score0.16161EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:7 p.m.•38 views

K05909237: BouncyCastle Java crypto vulnerability CVE-2017-13098

Security Advisory Description BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private...

7.5CVSS6.6AI score0.24282EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:6 p.m.•38 views

K21435974: TMUI XSS vulnerability CVE-2021-23037

Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2021-23037 Impact An attacker may exploit this...

9.6CVSS7.9AI score0.00824EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 5:35 p.m.•38 views

K66504414: Foomatic vulnerability CVE-2010-5325

Security Advisory Description Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service memory corruption and crash or possibly execute arbitrary code via a long job title. CVE-2010-5325 Impact There ...

9.8CVSS9.9AI score0.05483EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 5:33 p.m.•38 views

K02360853: NTP vulnerabilities CVE-2015-5194 and CVE-2015-5195

Security Advisory Description CVE-2015-5194 The logconfigcommand function in ntpparser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service ntpd crash via crafted logconfig commands. CVE-2015-5195 ntpopenssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attacke...

7.5CVSS7.6AI score0.07483EPSS
Exploits0Affected Software22
F5 Networks
F5 Networks
•added 2023/02/21 5:29 p.m.•38 views

K21632201: Linux kernel vulnerability CVE-2011-5321

Security Advisory Description The ttyopen function in drivers/tty/ttyio.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via crafted acce...

5.5CVSS5.9AI score0.0037EPSS
Exploits0Affected Software23
F5 Networks
F5 Networks
•added 2023/01/10 9:51 p.m.•38 views

K000130541: Grub2 vulnerability CVE-2022-28734

Security Advisory Description Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte...

8.1CVSS7.7AI score0.01131EPSS
Exploits0
F5 Networks
F5 Networks
•added 2022/12/31 1:23 a.m.•38 views

K64571774: BIG-IP virtual server TCP sequence numbers vulnerability CVE-2020-5947

Security Advisory Description On specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. CVE-2020-5947 Impact Attackers may be able to spoof TCP packet...

4.3CVSS4.8AI score0.00688EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
•added 2022/12/16 9:48 p.m.•38 views

K11509465: Apache mod_http2 vulnerability CVE-2018-1302

Security Advisory Description When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usua...

5.9CVSS6.5AI score0.13436EPSS
Exploits0
F5 Networks
F5 Networks
•added 2016/11/15 12:0 a.m.•38 views

SOL37540306 - Mozilla Network Security Services use-after-free vulnerability CVE-2016-1978

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

7.5CVSS2.4AI score0.02386EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2016/11/08 12:0 a.m.•38 views

SOL21485342 - Configuration utility CSRF vulnerability

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

1AI score
Exploits0References7Affected Software14
F5 Networks
F5 Networks
•added 2016/10/20 12:0 a.m.•38 views

SOL47006155 - libTIFF vulnerability CVE-2016-3990

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

7.8CVSS2.8AI score0.03886EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2016/09/06 12:0 a.m.•38 views

SOL52439336 - FreeType vulnerabilities CVE-2014-9746 and CVE-2014-9747

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

9.8CVSS1.6AI score0.03287EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2016/08/09 12:0 a.m.•38 views

SOL48448204 - PHP vulnerability CVE-2016-6207

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

6.5CVSS2.5AI score0.06256EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2016/07/18 12:0 a.m.•38 views

SOL14510263 - IPv6 Neighbor Discovery crafted packet vulnerability CVE-2016-1409

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

7.5CVSS2.9AI score0.03823EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2016/05/25 12:0 a.m.•38 views

SOL43205719 - NTP input validation vulnerability CVE-2016-1550

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.3CVSS1.6AI score0.03634EPSS
Exploits1References12
F5 Networks
F5 Networks
•added 2016/03/04 12:0 a.m.•38 views

SOL09052213 - glibc vulnerability CVE-2015-8777

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.5CVSS3.6AI score0.0057EPSS
Exploits1References10
F5 Networks
F5 Networks
•added 2016/02/22 12:0 a.m.•38 views

SOL21230183 - NTP vulnerability CVE-2015-7976

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

4.3CVSS2.2AI score0.03512EPSS
Exploits0References11
F5 Networks
F5 Networks
•added 2016/02/19 12:0 a.m.•38 views

SOL11785283 - GnuPG vulnerability CVE-2012-6085

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.8CVSS1.8AI score0.02912EPSS
Exploits1References5
F5 Networks
F5 Networks
•added 2016/01/20 12:0 a.m.•38 views

SOL49580002 - BIG-IP file validation vulnerability CVE-2015-8021

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

4.3CVSS1.1AI score0.01352EPSS
Exploits0References9
F5 Networks
F5 Networks
•added 2015/10/16 12:0 a.m.•38 views

SOL17445 - Linux kernel vulnerability CVE-2015-4700

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

4.9CVSS3.4AI score0.00451EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2015/09/11 12:0 a.m.•38 views

SOL17255 - D-Bus vulnerability CVE-2014-3477

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

4CVSS1.4AI score0.00444EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2015/09/09 12:0 a.m.•38 views

SOL17181 - BIND vulnerability CVE-2015-5722

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.8CVSS2.2AI score0.33652EPSS
Exploits0References6
F5 Networks
F5 Networks
•added 2015/09/03 12:0 a.m.•38 views

SOL17218 - Libvirt vulnerability CVE-2014-8135

The storageVolUpload function in storage/storagedriver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service NULL pointer dereference and daemon crash via a crafted offset value in a "virsh vol-upload" command. CVE-2014-8135...

2.1CVSS7.7AI score0.00467EPSS
Exploits1References5
F5 Networks
F5 Networks
•added 2015/08/18 12:0 a.m.•38 views

SOL17047 - ICMP packet processing vulnerability CVE-2015-5058

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.8CVSS1.7AI score0.01908EPSS
Exploits0References7
F5 Networks
F5 Networks
•added 2015/08/12 12:0 a.m.•38 views

SOL17126 - Apache Struts vulnerability CVE-2014-7809

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

6.8CVSS0.9AI score0.03486EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2015/07/08 12:0 a.m.•38 views

SOL16865 - GNU C Library (glibc) vulnerability CVE-2015-1781

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Although the BIG-IP, BIG-IQ, and Enterprise Manager software contains the vulnerable code, BIG-IP, BIG-IQ, and Enterprise...

6.8CVSS1AI score0.05012EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2015/07/02 12:0 a.m.•38 views

SOL16879 - Apache Portable Runtime vulnerability CVE-2011-1928

The fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service infinite loop via a URI that does not match unspecified types of wildcard patterns, as demonstrated by...

4.3CVSS3.8AI score0.30406EPSS
Exploits5References3
F5 Networks
F5 Networks
•added 2015/06/29 12:0 a.m.•38 views

SOL16819 - Linux kernel vulnerability CVE-2015-3331

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

9.3CVSS0.9AI score0.10108EPSS
Exploits0References10
F5 Networks
F5 Networks
•added 2015/05/29 12:0 a.m.•38 views

SOL16704 - cURL and libcurl vulnerability CVE-2015-3143

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column...

5CVSS1.4AI score0.16222EPSS
Exploits1References6
F5 Networks
F5 Networks
•added 2015/04/13 12:0 a.m.•38 views

SOL16428 - setroubleshoot vulnerability CVE-2015-1815

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

10CVSS1.1AI score0.16335EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2015/04/09 12:0 a.m.•38 views

SOL16344 - Apache Tomcat vulnerability CVE-2014-0227

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

6.4CVSS1AI score0.21045EPSS
Exploits0References3
Total number of security vulnerabilities5000