Lucene search
K

6396 matches found

F5 Networks
F5 Networks
•added 2024/05/02 11:29 a.m.•37 views

K000139491: VMware EAP vulnerabilities CVE-2024-22245 and CVE-2024-22250

Security Advisory Description CVE-2024-22245 Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting a...

9.6CVSS8.6AI score0.01262EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/04/25 5:58 p.m.•37 views

K000139405: MySQL vulnerability CVE-2023-21950

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4.9CVSS5.1AI score0.00987EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/03/20 4:5 p.m.•37 views

K000138957: Libxml2 vulnerability CVE-2023-39615

Security Advisory Description Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that...

6.5CVSS7AI score0.00667EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
•added 2024/02/14 1:39 p.m.•37 views

K11453402: BIG-IP Cookie encryption security exposure

Security Advisory Description When HTTP Profile Cookie encryption is enabled, duplicate HTTP cookies may be passed on to back-end servers. This issue occurs when the following condition is met: The virtual server has an HTTP Profile with Cookie Encryption enabled. Impact The back-end pool member...

6.7AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/10/26 6:55 p.m.•37 views

K000137365: BIG-IP Configuration utility authenticated SQL injection vulnerability CVE-2023-46748

Security Advisory Description An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility. CVE-2023-46748 Impact This vulnerability may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP...

8.8CVSS10AI score0.04468EPSS
Exploits1Affected Software12
F5 Networks
F5 Networks
•added 2023/10/10 10:28 a.m.•37 views

K29141800: Multi-blade VIPRION Configuration utility session cookie vulnerability CVE-2023-40537

Security Advisory Description An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. CVE-2023-40537 Impact A remote unauthenticated attacker may be able to reuse, for a limited time, an...

8.1CVSS8.2AI score0.00457EPSS
Exploits0Affected Software12
F5 Networks
F5 Networks
•added 2023/09/27 2:5 p.m.•37 views

K000136907: BIG-IP APM Clients TunnelCrack vulnerability CVE-2023-43124

Security Advisory Description BIG-IP APM clients may send IP traffic outside of the VPN tunnel. CVE-2023-43124 Impact If a client machine connects to a malicious adjacent network device, such as a router or Wi-Fi hotspot, an attacker may be able to trick the client into sending IP traffic outside...

7.1CVSS6.5AI score0.00154EPSS
Exploits0Affected Software3
F5 Networks
F5 Networks
•added 2023/09/26 10:53 p.m.•37 views

K000137002: systemd vulnerability CVE-2020-13529

Security Advisory Description An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets...

6.1CVSS6.4AI score0.01399EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/07/11 4:25 p.m.•37 views

K000135446: Linux kernel vulnerability CVE-2023-3269

Security Advisory Description A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas VMAs is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kerne...

7.8CVSS7.6AI score0.01484EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/05/19 4:38 p.m.•37 views

K000134681: Spring Framework vulnerability CVE-2023-20861

Security Advisory Description In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition. CVE-2023-20861 Impac...

6.5CVSS6.9AI score0.0097EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
•added 2023/05/08 6:21 p.m.•37 views

K000134496: Jettison vulnerability CVE-2022-45685

Security Advisory Description A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service DoS via crafted JSON data. CVE-2022-45685 Impact System performance degradation can occur until the process is forced to restart. This vulnerability allows an attacker to cause a...

7.5CVSS8.2AI score0.01395EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
•added 2023/05/08 3:3 p.m.•37 views

K000133759: Python vulnerability CVE-2020-26116

Security Advisory Description http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of...

7.2CVSS7.2AI score0.0642EPSS
Exploits1Affected Software4
F5 Networks
F5 Networks
•added 2023/05/03 1:5 p.m.•37 views

K000133251: Overview of F5 vulnerabilities (May 2023)

Security Advisory Description On May 3, 2023, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...

8.8CVSS6AI score0.01474EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/04/05 4:36 p.m.•37 views

K000133409: Log4j vulnerability CVE-2023-26464

Security Advisory Description UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging...

7.5CVSS6.9AI score0.01905EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 8:2 p.m.•37 views

K14118520: MySQL vulnerabilities CVE-2019-2752, CVE-2019-2755, CVE-2019-2757, CVE-2019-2758, and CVE-2019-2774

Security Advisory Description CVE-2019-2752 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Options. Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

5.5CVSS5.5AI score0.03061EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 8:1 p.m.•37 views

K4809: tcpdump vulnerabilities CAN-2005-1278, CAN-2005-1279, and CAN-2005-1280

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.3AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 8:0 p.m.•37 views

K59197053: BIG-IP TLS 1.3 iRule vulnerability CVE-2022-34651

Security Advisory Description When an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-34651 Impact Traffic is disrupt...

7.5CVSS7.5AI score0.00681EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 8:0 p.m.•37 views

K05123525: ConfigSync vulnerability CVE-2019-6649

Security Advisory Description F5 BIG-IP and Enterprise Manager may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings. CVE-2019-6649 Impact The vulnerability is only present when the system is configured for high availability ...

9.1CVSS8.7AI score0.01295EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 8:0 p.m.•37 views

K17227: BIND vulnerability CVE-2015-5986

Security Advisory Description An incorrect boundary check in openpgpkey61.c can cause named to terminate due to a REQUIRE assertion failure. This defect can be deliberately exploited by an attacker who can provide a maliciously constructed response in answer to a query. CVE-2015-5986 Impact A...

7.1CVSS7.4AI score0.26071EPSS
Exploits0Affected Software19
F5 Networks
F5 Networks
•added 2023/02/21 7:59 p.m.•37 views

K41900062: Linux kernel vulnerability CVE-2017-15127

Security Advisory Description A flaw was found in the hugetlbmcopyatomicpte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VMSHARED hugetlbfs mapping could trigger a local denial of service BUG. CVE-2017-15127 Impact There is no impact; F5 product...

5.5CVSS5.7AI score0.00379EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•37 views

K47234311: Intel SPS vulnerability CVE-2019-0089

Security Advisory Description Improper data sanitization vulnerability in subsystem in IntelR SPS before versions SPSE504.00.04.381.0, SPSE304.01.04.054.0, SPSSoC-A04.00.04.181.0, and SPSSoC-X04.00.04.086.0 may allow a privileged user to potentially enable escalation of privilege via local access...

6.7CVSS7AI score0.00382EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•37 views

K20038622: Multiple Apache Tomcat vulnerabilities

Security Advisory Description CVE-2013-1976 The 1 tomcat5, 2 tomcat6, and 3 tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a...

6.9CVSS8.1AI score0.11975EPSS
Exploits7
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•37 views

K23489380: Java vulnerability CVE-2017-10135

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows...

5.9CVSS6.8AI score0.02598EPSS
Exploits0Affected Software9
F5 Networks
F5 Networks
•added 2023/02/21 7:56 p.m.•37 views

K25893729: Apache Dubbo vulnerability CVE-2021-25641

Security Advisory Description Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions before 2.7.8 or 2.6.9, an attacker can choose which serialization id the Provider will use by tampering with the byte preamb...

9.8CVSS9.4AI score0.17666EPSS
Exploits2
F5 Networks
F5 Networks
•added 2023/02/21 7:56 p.m.•37 views

K34527393: LibTIFF vulnerabilities CVE-2016-9533, CVE-2016-9534, and CVE-2016-9535

Security Advisory Description CVE-2016-9533 tifpixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow." CVE-2016-9534 tifwrite.c in libtiff 4.0.6 has an issue in the error code...

9.8CVSS8.6AI score0.04767EPSS
Exploits1Affected Software3
F5 Networks
F5 Networks
•added 2023/02/21 7:56 p.m.•37 views

K35155453: Multiple LibTIFF vulnerabilities

Security Advisory Description CVE-2015-8683 The putcontig8bitCIELab function in tifgetimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service out-of-bounds read via a packed TIFF image. CVE-2015-8665 tifgetimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of...

8.8CVSS8.3AI score0.05669EPSS
Exploits2Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 7:56 p.m.•37 views

K13290208: NSS vulnerability CVE-2020-12403

Security Advisory Description A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and strictly enforcing tag...

9.1CVSS7.8AI score0.01541EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•38 views

K54358814: Apache mod_remoteip vulnerability CVE-2020-11985

Security Advisory Description IP address spoofing when proxying using modremoteip and modrewrite For configurations using proxying with modremoteip and certain modrewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server...

5.3CVSS6.3AI score0.06808EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•37 views

K45644893: Martian address filtering vulnerability CVE-2019-6654

Security Advisory Description The BIG-IP system fails to perform martian address filtering as defined in RFC 1812, section 5.3.7 for control plane tasks on the management interface. This may allow attackers on an adjacent system to force the BIG-IP system into processing packets with spoofed sour...

4.3CVSS4.9AI score0.00476EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•37 views

K41036924: Linux kernel vulnerability CVE-2014-7843

Security Advisory Description The clearuser function in arch/arm64/lib/clearuser.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service system crash by reading one byte beyond a /dev/zero page boundary. CVE-2014-7843 Impact There is no impact; F5...

4.9CVSS5.6AI score0.00374EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:53 p.m.•37 views

K15881: Libpng vulnerability CVE-2011-3048

Security Advisory Description The pngsettext2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted text chunk in a PNG image file,...

6.8CVSS9.1AI score0.06593EPSS
Exploits0Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 7:52 p.m.•37 views

K15807: cURL and libcurl vulnerability CVE-2014-1263

Security Advisory Description curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.50...

4.3CVSS6.3AI score0.02862EPSS
Exploits2
F5 Networks
F5 Networks
•added 2023/02/21 7:49 p.m.•37 views

K15546: glibc vulnerability CVE-2014-4043

Security Advisory Description Description posixspawnfileactionsaddopen in glibc prior to version 2.20 fails to copy the path argument. The result of not copying is that programs can easily trigger use-after-free bugs, or other situations where the path is mutated. Impact None. No F5 products are...

7.5CVSS7.1AI score0.03922EPSS
Exploits3
F5 Networks
F5 Networks
•added 2023/02/21 7:47 p.m.•37 views

K2617: Reverse name resolution vulnerability in SSH - CVE-2003-0386

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

7.5CVSS8AI score0.05766EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:45 p.m.•37 views

K74571223: Apache Struts vulnerability CVE-2016-8738

Security Advisory Description In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. CVE-2016-87...

5.9CVSS5.7AI score0.03347EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:42 p.m.•37 views

K3568: DNS denial of service vulnerability - CAN-2004-0789

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

5CVSS6.5AI score0.02765EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•37 views

K4351: BIND 9.3.0 denial of service vulnerability CAN-2005-0034

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.6AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•37 views

K14434: OpenSSH vulnerability CVE-2006-5794

Security Advisory Description Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker authentication verification, which might allow attackers to bypass authentication. As of 2006-11-08, it is believed that this issue is only exploitable by leveragin...

7.5CVSS7AI score0.02681EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:40 p.m.•37 views

K8924: Linux kernel vulnerability CVE-2007-3843

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

4.3CVSS6.3AI score0.02624EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:40 p.m.•37 views

K17257: D-Bus vulnerability CVE-2014-3639

Security Advisory Description Description The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service incomplete connection consumption and prevention of new connections via a large number of incomple...

2.1CVSS5.2AI score0.00403EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:38 p.m.•37 views

K12998: OpenSSL vulnerability CVE-2011-1945

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

2.6CVSS7.7AI score0.0343EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:34 p.m.•37 views

K94105604: Linux kernel vulnerability CVE-2015-7872

Security Advisory Description The keygcunusedkeys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service OOPS via crafted keyctl commands. CVE-2015-7872 Impact A local user may be able to cause a denial-of-service DoS attack on the system ...

2.1CVSS6AI score0.00508EPSS
Exploits0Affected Software23
F5 Networks
F5 Networks
•added 2023/02/21 7:34 p.m.•37 views

K30502720: Apache Tomcat vulnerability CVE-2021-41079

Security Advisory Description Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop...

7.5CVSS7.5AI score0.07182EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:32 p.m.•37 views

K5725: pam_ldap password policy control vulnerability CAN-2005-2641

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.4AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:31 p.m.•37 views

K16320: OpenSSL vulnerability CVE-2015-0289

Security Advisory Description Description The PKCS7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service NULL pointer dereference and...

5CVSS6.9AI score0.0837EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 7:30 p.m.•37 views

K17475: Linux kernel vulnerability CVE-2015-5707

Security Advisory Description Integer overflow in the sgstartreq function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iovcount value in a write request. CVE-2015-5707...

4.6CVSS7.4AI score0.00493EPSS
Exploits0Affected Software20
F5 Networks
F5 Networks
•added 2023/02/21 7:30 p.m.•37 views

K24202220: OpenJDK vulnerability CVE-2019-2894

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Security. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker wi...

4.3CVSS4.8AI score0.03159EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:29 p.m.•37 views

K15552: MIT Kerberos 5 vulnerability CVE-2014-4341

Security Advisory Description MIT Kerberos 5 aka krb5 before 1.12.2 allows remote attackers to cause a denial of service buffer over-read and application crash by injecting invalid tokens into a GSSAPI application session. CVE-2014-4341 Impact A remote attacker may be able to cause a denial of...

5CVSS8.1AI score0.07138EPSS
Exploits0Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 7:27 p.m.•37 views

K12650: PHP vulnerability CVE-2010-4645

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

5CVSS9AI score0.15103EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:25 p.m.•37 views

K16946: Boost memory allocator vulnerability CVE-2012-2677

Security Advisory Description Integer overflow in the orderedmalloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to ...

5CVSS9AI score0.03889EPSS
Exploits1Affected Software19
Total number of security vulnerabilities5000