Lucene search
K

6396 matches found

F5 Networks
F5 Networks
•added 2023/02/21 6:55 p.m.•36 views

K27617652: BIG-IP APM OAuth failure response message vulnerability CVE-2018-15335

Security Advisory Description When APM is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended messa...

5.9CVSS6AI score0.01427EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:55 p.m.•36 views

K26311635: Wget vulnerability CVE-2017-6508

Security Advisory Description CRLF injection vulnerability in the urlparse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. CVE-2017-6508 Impact A remote attacker may be able to inject arbitrary...

6.1CVSS6.8AI score0.03086EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•36 views

K23439402: Debian package management system vulnerability CVE-2022-1664

Security Advisory Description Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a...

9.8CVSS9.2AI score0.02871EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•36 views

K75501541: MySQL vulnerabilities CVE-2019-2481, CVE-2019-2482, CVE-2019-2486, CVE-2019-2494, and CVE-2019-2495

Security Advisory Description CVE-2019-2481 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attack...

6.5CVSS5.5AI score0.03211EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•36 views

K24593421: Oracle Java SE vulnerability CVE-2018-2798

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows...

5.3CVSS4.3AI score0.078EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•36 views

K51428664: QEMU vulnerability CVE-2018-11806

Security Advisory Description mcat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. CVE-2018-11806 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently...

8.2CVSS7.7AI score0.00823EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•36 views

K92616530: Samba vulnerability CVE-2015-5296

Security Advisory Description Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream...

5.4CVSS6.5AI score0.07263EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•36 views

K42944216: Erlang vulnerability CVE-2017-1000385

Security Advisory Description The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS 1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key this is a variation of the Bleichenbacher attack...

5.9CVSS6AI score0.22098EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•36 views

K19194273: MySQL vulnerabilities CVE-2019-2778, CVE-2019-2780, CVE-2019-2784, CVE-2019-2785, and CVE-2019-2789

Security Advisory Description CVE-2019-2778 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with...

5.5CVSS4.9AI score0.02532EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•36 views

K55792317: BIG-IP management vulnerability CVE-2016-9250

Security Advisory Description In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism. CVE-2016-9250 Impact An unauthenticated user with access to the...

7.5CVSS7.6AI score0.00902EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•36 views

K04225025: tcpdump vulnerabilities CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, and CVE-2017-5342

Security Advisory Description CVE-2017-5202 The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnpprint. CVE-2017-5203 The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootpprint. CVE-2017-5204 The IPv6 parser in tcpdump before 4.9...

9.8CVSS8.6AI score0.05997EPSS
Exploits0Affected Software22
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•36 views

K72376285: Poppler vulnerability CVE-2017-18267

Security Advisory Description The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service infinite recursion via a crafted PDF file, as demonstrated by pdftops. CVE-2017-18267 Impact There is no impact; F5 products are not...

5.5CVSS5.8AI score0.01913EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•36 views

K52167636: TMM vulnerability CVE-2017-6153

Security Advisory Description Features in the BIG-IP system that utilize inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack. CVE-2017-6153 Impact BIG-IP systems deployed in Forward Proxy mode with the...

5.3CVSS5.6AI score0.01719EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•36 views

K36984830: Gdk-pixbuf vulnerability CVE-2017-2862

Security Advisory Description An exploitable heap overflow vulnerability exists in the gdkpixbufjpegimageloadincrement functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this...

8.8CVSS8.7AI score0.04599EPSS
Exploits3Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:52 p.m.•36 views

K21512823: MySQL vulnerabilities CVE-2018-2645, CVE-2018-2646, CVE-2018-2647, CVE-2018-2665, and CVE-2018-2667

Security Advisory Description CVE-2018-2645 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Performance Schema. Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with...

7.5CVSS6.7AI score0.03952EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:52 p.m.•36 views

K17238: Node.js vulnerability CVE-2015-5380

Security Advisory Description The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows...

7.5CVSS8.4AI score0.02995EPSS
Exploits0Affected Software16
F5 Networks
F5 Networks
•added 2023/02/21 6:52 p.m.•36 views

K19012930: TMM GTP vulnerability CVE-2021-23048

Security Advisory Description When GPRS Tunneling Protocol GTP iRules commands or a GTP profile is configured on a virtual server, undisclosed GTP messages can cause the Traffic Management Microkernel TMM to terminate. CVE-2021-23048. Impact Traffic is disrupted while the TMM process restarts. Th...

7.5CVSS7.4AI score0.00961EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:52 p.m.•36 views

K17494: PAM vulnerability CVE-2015-3238

Security Advisory Description The unixrunhelperbinary function in the pamunix module in Linux-PAM aka pam before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service hang via a large password. CVE-2015-3238 Impact This vulnerabili...

6.5CVSS6AI score0.02705EPSS
Exploits1Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 6:50 p.m.•36 views

K91240217: Linux kernel vulnerability CVE-2019-19076

Security Advisory Description A memory leak in the nfpabmu32knodereplace function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service memory consumption, aka CID-78beef629fd9. CVE-2019-19076 Impact There is no impact; F5...

7.1CVSS6.4AI score0.03171EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:49 p.m.•36 views

K45593826: LibTIFF vulnerabilities CVE-2015-8870, CVE-2016-5652, CVE-2016-9536, CVE-2016-9537, and CVE-2016-9540

Security Advisory Description CVE-2015-8870 Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service heap-based buffer over-read, or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or...

9.8CVSS9.3AI score0.04298EPSS
Exploits2Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•36 views

K16865: GNU C Library (glibc) vulnerability CVE-2015-1781

Security Advisory Description A buffer overflow flaw was found in the way glibc's gethostbynamer and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could u...

9.1AI score
Exploits0Affected Software20
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•36 views

K24358905: BIG-IP AFM virtual server vulnerability CVE-2022-23018

Security Advisory Description When a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23018 Impact Traffic is disrupted while the TMM process restarts. This...

7.5CVSS7.6AI score0.0092EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•36 views

K57774767: Linux kernel vulnerability CVE-2021-45469

Security Advisory Description In f2fssetxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. CVE-2021-45469 Impact There is no impact; F5 products are not affected by this vulnerability. Security...

7.8CVSS6.4AI score0.00549EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•36 views

K04234247: Resource Administrator or Administrator role authenticated local command execution vulnerability CVE-2021-23012

Security Advisory Description Lack of input validation for items used in system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash commands on BIG-IP. CVE-2021-23012 Impact In a standard BIG-IP deployment, a minor...

8.2CVSS8.4AI score0.00273EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•36 views

K35135935: Side-channel processor vulnerability CVE-2018-9056 (BranchScope)

Security Advisory Description Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table PHT, aka...

5.6CVSS5.4AI score0.00696EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•36 views

K12445504: Intel CSME vulnerabilities CVE-2020-0541, CVE-2020-0542, CVE-2020-0545

Security Advisory Description CVE-2020-0541 Out-of-bounds write in subsystem for IntelR CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2020-0542 Improper buffer restrictions in subsystem fo...

7.8CVSS6.3AI score0.00396EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:46 p.m.•36 views

K95117754: TMM vulnerability CVE-2019-6684

Security Advisory Description Under certain conditions, a multi-bladed BIG-IP Virtual Clustered Multiprocessing vCMP may drop broadcast packets when they are rebroadcast to the vCMP guest secondary blades. An attacker can leverage the fragmented broadcast IP packets to perform any type of...

7.5CVSS7.5AI score0.01044EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 6:46 p.m.•36 views

K51473743: MySQL Server C API vulnerability CVE-2017-3650

Security Advisory Description Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: C API. Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

4.3CVSS4.1AI score0.02152EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•36 views

K52206731: BIG-IP APM portal access vulnerability CVE-2018-15324

Security Advisory Description TMM may restart when processing a specially crafted request with APM portal access. CVE-2018-15324 Impact A remote attacker may be able to cause a traffic disruption or cause the BIG-IP system to fail over to a peer device in the device group if configured for high...

5.9CVSS5.9AI score0.0127EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•36 views

K55133295: cURL and libcurl vulnerability CVE-2019-5436

Security Advisory Description A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. CVE-2019-5436 Impact An attacker could cause a denial of service DoS or arbitrary code execution, if you use cURL to transfer data ...

7.8CVSS7.3AI score0.49739EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•36 views

K16445454: Vanilla Forums vulnerability CVE-2016-10073

Security Advisory Description The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request...

7.5CVSS7.6AI score0.83614EPSS
Exploits7
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•36 views

K14614344: libxml2 vulnerability CVE-2016-1840

Security Advisory Description Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of...

7.8CVSS7.8AI score0.03239EPSS
Exploits1Affected Software15
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•36 views

K11330536: BIG-IP Appliance mode vulnerability CVE-2019-6635

Security Advisory Description When the BIG-IP system is licensed for Appliance mode, a user with either the Administrator or the Resource Administrator role can bypass Appliance mode restrictions. CVE-2019-6635 Impact BIG-IP This vulnerability allows local attackers with high-level privileges to...

4.4CVSS4.8AI score0.00379EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•36 views

K67501282: Overview of F5 vulnerabilities (June 2021)

Security Advisory Description On June 1, 2021, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated Security Advisory article...

9CVSS7.2AI score0.05346EPSS
Exploits3
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•36 views

K53330207: GnuTLS vulnerability CVE-2014-8155

Security Advisory Description GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is 1 not yet valid or 2 no longer valid. CVE-2014-8155 Impact GnuT...

4.3CVSS7.4AI score0.01046EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•36 views

K24353255: Binutils vulnerabilities CVE-2018-18605, CVE-2018-18606, and CVE-2018-18607

Security Advisory Description CVE-2018-18605 A heap-based buffer over-read issue was discovered in the function secmergehashlookup in merge.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31, because bfdaddmergesection mishandles section merges when size i...

5.5CVSS6.4AI score0.0232EPSS
Exploits3Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•36 views

K29500533: TMUI XSS vulnerability CVE-2022-23013

Security Advisory Description A DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2022-23013 Impact An attacker may exploit this...

8.8CVSS7.7AI score0.00797EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•36 views

K64944965: Linux kernel vulnerability CVE-2019-19075

Security Advisory Description A memory leak in the ca8210probe function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service memory consumption by triggering ca8210getplatformdata failures, aka CID-6402939ec86e. CVE-2019-19075 Impact...

7.8CVSS7.1AI score0.03989EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•36 views

K26899353: libcurl vulnerability CVE-2016-8621

Security Advisory Description The curlgetdate function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. CVE-2016-8621 Impact Custom monitors or shell scripts using curl to download content with a malformed time stamp may be...

7.5CVSS7.5AI score0.04927EPSS
Exploits0Affected Software24
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•36 views

K16383: Linux RPM vulnerability CVE-2013-6435

Security Advisory Description Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d...

7.6CVSS8AI score0.07669EPSS
Exploits0Affected Software21
F5 Networks
F5 Networks
•added 2023/02/21 6:32 p.m.•36 views

K02663161: BIND vulnerability CVE-2020-8622

Security Advisory Description In BIND 9.0.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a...

6.5CVSS6.9AI score0.05545EPSS
Exploits0Affected Software15
F5 Networks
F5 Networks
•added 2023/02/21 6:32 p.m.•36 views

K03165684: vCMP vulnerability CVE-2018-5518

Security Advisory Description Malicious root users with access to a vCMP guest can disrupt service on adjacent vCMP guests running on the same host. Exploiting this vulnerability causes the vcmpd process on the adjacent vCMP guest to restart and produce a core file. This issue is only exploitable...

5.4CVSS5.4AI score0.00427EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:31 p.m.•36 views

K54470776: MySQL vulnerabilities CVE-2019-2585, CVE-2019-2587, CVE-2019-2589, CVE-2019-2592, and CVE-2019-2593

Security Advisory Description CVE-2019-2585 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4.9CVSS5.1AI score0.0235EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:30 p.m.•36 views

K16882: OpenLDAP vulnerability CVE-2013-4449

Security Advisory Description Description The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service slapd crash by unbinding immediately after a search request, which triggers rwmconndestroy to free the...

4.3CVSS5.3AI score0.10913EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:29 p.m.•36 views

K16108: BIND vulnerability CVE-2014-8680

Security Advisory Description The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service assertion failure and named exit via vectors related to 1 the lack of GeoIP databases for both IPv4 and IPv6, or 2 IPv6 support with certain options...

5.4CVSS7.4AI score0.08987EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:29 p.m.•36 views

K15892: Oracle Database Server vulnerabilities CVE-2013-3751, CVE-2013-3774, CVE-2014-4236, CVE-2014-4237, and CVE-2014-4245

Security Advisory Description CVE-2013-3751 Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. CVE-2013-3774 Unspecified...

9CVSS6.1AI score0.03672EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:28 p.m.•36 views

K17189: Apache HTTP server vulnerability CVE-2008-0456

Security Advisory Description CRLF injection vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP...

2.6CVSS6.8AI score0.19036EPSS
Exploits1Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 6:26 p.m.•36 views

K8420: ClamAV buffer overflow vulnerabilities - CVE-2007-6335, CVE-2007-6336

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

7.5CVSS9.6AI score0.18382EPSS
Exploits4
F5 Networks
F5 Networks
•added 2023/02/21 6:26 p.m.•36 views

K16878: PAM vulnerabilities CVE-2011-3148 and CVE-2011-3149

Security Advisory Description Description CVE-2011-3148 Stack-based buffer overflow in the assembleline function in modules/pamenv/pamenv.c in Linux-PAM aka pam before 1.1.5 allows local users to cause a denial of service crash and possibly execute arbitrary code via a long string of white spaces...

4.6CVSS7.1AI score0.00696EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:20 p.m.•36 views

K45427159: NTP authentication bypass vulnerability CVE-2016-1551

Security Advisory Description ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, an...

3.7CVSS6.2AI score0.02233EPSS
Exploits1Affected Software22
Total number of security vulnerabilities5000