Lucene search
K

6396 matches found

F5 Networks
F5 Networks
•added 2023/02/21 6:32 p.m.•37 views

K77671456: BIG-IP TMM vulnerability CVE-2018-5510

Security Advisory Description The Traffic Management Microkernel TMM may restart when processing a specific sequence of packets on IPv6 virtual servers. CVE-2018-5510 Note : This vulnerability does not affect IPv4 virtual servers. Impact The Traffic Management Microkernel TMM generates a core fil...

7.5CVSS7.5AI score0.01054EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:28 p.m.•37 views

K39794285: The BIG-IP system may fail to properly parse HTTP headers that are prepended by whitespace (non RFC2616 compliant)

Security Advisory Description The BIG-IP system may fail to properly parse HTTP headers that are prepended by whitespace. This issue occurs when all of the following conditions are met: A virtual server is associated with an HTTP profile. The BIG-IP system receives a specially crafted HTTP reques...

6.5AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:27 p.m.•37 views

K8424: Java Runtime Environment Vulnerability - CVE-2008-0657

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

10CVSS6.6AI score0.02839EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:20 p.m.•37 views

K24613253: NTP vulnerability CVE-2016-2516

Security Advisory Description NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service ntpd abort by using the same IP address multiple times in an unconfig directive. CVE-2016-2516 Impact An attacker may be able to compromise the...

7.1CVSS6.6AI score0.08948EPSS
Exploits0Affected Software21
F5 Networks
F5 Networks
•added 2023/02/21 6:18 p.m.•37 views

K62655427: libjpeg-turbo vulnerability CVE-2013-6630

Security Advisory Description The getdht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table DHT JPEG...

5CVSS7AI score0.02131EPSS
Exploits0Affected Software9
F5 Networks
F5 Networks
•added 2023/02/21 6:14 p.m.•37 views

K22216037: TMM vulnerability CVE-2016-9245

Security Advisory Description Malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "Normalize URI" configuration options used in iRules...

5.9CVSS6AI score0.01377EPSS
Exploits0Affected Software10
F5 Networks
F5 Networks
•added 2023/02/21 6:13 p.m.•37 views

K15169: PHP vulnerability CVE-2013-4113

Security Advisory Description ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the xmlparseintostruct...

6.8CVSS9.9AI score0.05186EPSS
Exploits0Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 6:12 p.m.•37 views

K15305: OpenSSL vulnerability CVE-2004-0975

Security Advisory Description The derchop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. CVE-2004-0975 Impact None. F5 products are not affected by this vulnerability...

2.1CVSS5.6AI score0.00415EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:12 p.m.•37 views

K16355: Multiple MySQL vulnerabilities

Security Advisory Description CVE-2015-0382 Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381. CVE-2015-0381...

4.3CVSS6.1AI score0.10066EPSS
Exploits0Affected Software15
F5 Networks
F5 Networks
•added 2023/02/21 6:10 p.m.•37 views

K15984: Linux kernel vulnerability CVE-2013-7265

Security Advisory Description The pnrecvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory...

4.9CVSS5.8AI score0.00461EPSS
Exploits0Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 6:7 p.m.•37 views

K54167061: TMM SSL profile vulnerability CVE-2019-6592

Security Advisory Description TMM may restart and produce a core file when validating SSL certificates in Client SSL or Server SSL profiles. CVE-2019-6592 Impact BIG-IP The Traffic Management Microkernel TMM may restart and temporarily fail to process traffic. BIG-IQ, Enterprise Manager, F5...

9.1CVSS9.1AI score0.01037EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:7 p.m.•37 views

K35195140: BIG-IQ Access Manager role vulnerability CVE-2017-6152

Security Advisory Description A local BIG-IQ user with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password. CVE-2017-6152 Impact This vulnerability allows increased privileges for user accounts with the Access...

6.7CVSS6.5AI score0.0032EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:7 p.m.•37 views

K83384802: glibc vulnerability CVE-2016-5417

Security Advisory Description Memory leak in the resvinit function in the IPv6 name server management code in libresolv in GNU C Library aka glibc or libc6 before 2.24 allows remote attackers to cause a denial of service memory consumption by leveraging partial initialization of internal resolver...

7.5CVSS7.5AI score0.03361EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 5:34 p.m.•37 views

K15095307: BDF parsing vulnerability CVE-2012-5669

Security Advisory Description The bdfparseglyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read...

4.3CVSS7.3AI score0.03857EPSS
Exploits0Affected Software16
F5 Networks
F5 Networks
•added 2023/02/21 4:17 p.m.•37 views

K14733: Apache HTTP server vulnerability CVE-2013-1896

Security Advisory Description moddav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE request in which the URI is configured for handling by the moddavs...

4.3CVSS8.4AI score0.29484EPSS
Exploits3Affected Software1
F5 Networks
F5 Networks
•added 2023/02/08 7:2 p.m.•37 views

K000132457: ImageMagick vulnerability CVE-2022-44268

Security Advisory Description ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image e.g., for resize, the resulting image could have embedded the content of an arbitrary. file if the magick binary has permissions to read it. CVE-2022-44268 Impact BIG-IP AAM, Edg...

6.5CVSS7.4AI score0.89855EPSS
Exploits28
F5 Networks
F5 Networks
•added 2022/12/31 3:6 a.m.•37 views

K68151373: IP Intelligence Feed List TMUI vulnerability CVE-2019-6636

Security Advisory Description On BIG-IP AFM, ASM 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. Th...

8.5CVSS8.5AI score0.00932EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2022/12/31 2:42 a.m.•37 views

K98008862: OpenLDAP vulnerability CVE-2019-13565

Security Advisory Description An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any...

7.5CVSS6.8AI score0.05015EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2016/11/21 12:0 a.m.•37 views

SOL11091514 - MySQL vulnerability CVE-2016-5626

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

6.5CVSS2.7AI score0.06045EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2016/11/15 12:0 a.m.•37 views

SOL37540306 - Mozilla Network Security Services use-after-free vulnerability CVE-2016-1978

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

7.5CVSS2.4AI score0.02386EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2016/11/08 12:0 a.m.•37 views

SOL21485342 - Configuration utility CSRF vulnerability

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

1AI score
Exploits0References7Affected Software14
F5 Networks
F5 Networks
•added 2016/10/20 12:0 a.m.•37 views

SOL40496533 - PHP vulnerability CVE-2016-3132

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

9.8CVSS2.5AI score0.11674EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2016/05/26 12:0 a.m.•37 views

SOL41613034 - NTP vulnerability CVE-2016-2519

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.9CVSS0.7AI score0.06865EPSS
Exploits0References3
F5 Networks
F5 Networks
•added 2016/05/25 12:0 a.m.•37 views

SOL45427159 - NTP authentication bypass vulnerability CVE-2016-1551

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

3.7CVSS1.9AI score0.02233EPSS
Exploits1References10
F5 Networks
F5 Networks
•added 2016/03/16 12:0 a.m.•37 views

SOL06223540 - F5 TCP vulnerability CVE-2015-8240

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS2.6AI score0.01765EPSS
Exploits0References6
F5 Networks
F5 Networks
•added 2015/10/15 12:0 a.m.•37 views

SOL17386 - vCMP DoS vulnerability CVE-2015-6546

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading the vCMP host to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than...

6.1CVSS1.9AI score0.00721EPSS
Exploits0References8
F5 Networks
F5 Networks
•added 2015/08/14 12:0 a.m.•37 views

SOL17115 - Multiple MySQL vulnerabilities

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column...

5.7CVSS0.7AI score0.09984EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2015/08/12 12:0 a.m.•37 views

SOL17114 - NTP vulnerability CVE-2015-5146

A flaw was found in the way ntpd processed certain remote configuration packets. CVE-2015-5146 - pending An attacker could use a specially crafted package to cause ntpd to become unresponsive when all of the following conditions are met: The ntpd configuration has enabled remote configuration. Th...

5.3CVSS6.1AI score0.04095EPSS
Exploits0References12
F5 Networks
F5 Networks
•added 2015/07/02 12:0 a.m.•37 views

SOL16882 - OpenLDAP vulnerability CVE-2013-4449

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy...

4.3CVSS3.5AI score0.10913EPSS
Exploits1References3
F5 Networks
F5 Networks
•added 2015/06/04 12:0 a.m.•37 views

SOL16718 - libTIFF vulnerability CVE-2010-2596

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

4.3CVSS0.8AI score0.02239EPSS
Exploits1References13
F5 Networks
F5 Networks
•added 2015/04/24 12:0 a.m.•37 views

SOL16506 - NTP vulnerability CVE-2015-1799

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

4.3CVSS1.5AI score0.00902EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2015/02/12 12:0 a.m.•37 views

SOL16124 - OpenSSL vulnerability CVE-2015-0206

The SOD process is only vulnerable if the failover.secure db variable is enabled; the db variable is disabled by default. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed...

5CVSS1.3AI score0.59319EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2014/11/26 12:0 a.m.•37 views

SOL15878 - bzip2 vulnerability CVE-2010-0405

Recommended action BIG-IP and Enterprise Manager If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate...

5.1CVSS2AI score0.03297EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2014/10/23 12:0 a.m.•37 views

SOL15743 - BIND vulnerability CVE-2011-2465

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

2.6CVSS2.6AI score0.0888EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2014/09/04 12:0 a.m.•37 views

SOL15546 - glibc vulnerability CVE-2014-4043

Recommended Action None Supplemental Information CVE-2014-4043 SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

7.5CVSS7.1AI score0.03922EPSS
Exploits3References5
F5 Networks
F5 Networks
•added 2014/04/03 12:0 a.m.•37 views

SOL15131 - BIND vulnerability CVE-2010-0218

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy...

5CVSS3.7AI score0.03572EPSS
Exploits0References3
F5 Networks
F5 Networks
•added 2009/12/22 12:0 a.m.•37 views

SOL10898 - DNSSEC BIND vulnerability - CVE-2009-4022

Vulnerability description and product information: Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled CD, allows remote attackers to conduct DNS...

2.6CVSS7.7AI score0.07952EPSS
Exploits1
F5 Networks
F5 Networks
•added 2024/11/20 11:47 p.m.•36 views

K000148646: libarchive vulnerability CVE-2018-1000879

Security Advisory Description libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards release v3.3.0 onwards contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archiveacl.c, archiveaclfromtextl that can result in Crash/DoS. This attack appear ...

6.5CVSS6.2AI score0.03367EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/08/30 8:23 a.m.•36 views

K000140901: glibc vulnerability CVE-2024-2961

Security Advisory Description The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable...

7.3CVSS7.2AI score0.8833EPSS
Exploits16
F5 Networks
F5 Networks
•added 2024/07/25 6:20 p.m.•36 views

K000140433: MySQL vulnerability CVE-2024-21176

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Thread Pooling. Supported versions that are affected are 8.4.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to...

5.3CVSS5AI score0.00696EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/07/03 8:30 p.m.•36 views

K000140251: Python vulnerabilities CVE-2022-48564 and CVE-2022-48566

Security Advisory Description CVE-2022-48564 readints in plistlib . py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. CVE-2022-48566 An issue was discovered in comparedigest in...

6.5CVSS7.1AI score0.01447EPSS
Exploits2
F5 Networks
F5 Networks
•added 2024/05/14 2:14 p.m.•36 views

K000139606: MySQL Server vulnerabiliity CVE-2024-21047

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4.9CVSS5.1AI score0.00928EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/05/08 1:9 p.m.•36 views

K000138894: BIG-IP Configuration utility XSS vulnerability CVE-2024-33604

Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. CVE-2024-33604 Impact An attacker may exploit this...

6.1CVSS5.5AI score0.00314EPSS
Exploits0Affected Software12
F5 Networks
F5 Networks
•added 2024/05/07 2:55 p.m.•36 views

K000139533: MySQL vulnerability CVE-2024-21090

Security Advisory Description Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

7.5CVSS6AI score0.00721EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/03/20 4:5 p.m.•36 views

K000138957: Libxml2 vulnerability CVE-2023-39615

Security Advisory Description Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that...

6.5CVSS7AI score0.00667EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
•added 2024/03/15 4:35 p.m.•36 views

K000138931: Intel CPU vulnerability CVE-2023-32666

Security Advisory Description On-chip debug and test interface with improper access control in some 4th Generation IntelR XeonR Processors when using IntelR SGX or IntelR TDX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-32666 Impact There is...

7.2CVSS6.9AI score0.00153EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/02/14 1:19 p.m.•36 views

K000137595: BIG-IP AFM signature matching vulnerability CVE-2024-21771

Security Advisory Description For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel TMM restarting and traffic disruption. CVE-2024-21771 Impact When attackers exploit this...

7.5CVSS7.5AI score0.00515EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2024/02/07 4:56 p.m.•36 views

K000138517: Python-Pillow vulnerability CVE-2023-44271

Security Advisory Description An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an...

7.5CVSS6.5AI score0.01038EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/02/02 5:49 a.m.•36 views

K000138461: MIT Kerberos 5 vulnerability CVE-2023-39975

Security Advisory Description kdc/dotgsreq.c in MIT Kerberos 5 aka krb5 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another. CVE-2023-39975 Impact There is no impact...

8.8CVSS7.2AI score0.01229EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/12/12 7:49 p.m.•36 views

K000137887: Oracle GraalVM vulnerability CVE-2023-22091

Security Advisory Description Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Compiler. Supported versions that are affected are Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3...

4.8CVSS3.9AI score0.00365EPSS
Exploits0
Total number of security vulnerabilities5000