Lucene search
K

6395 matches found

F5 Networks
F5 Networks
•added 2023/02/21 6:55 p.m.•35 views

K26311635: Wget vulnerability CVE-2017-6508

Security Advisory Description CRLF injection vulnerability in the urlparse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. CVE-2017-6508 Impact A remote attacker may be able to inject arbitrary...

6.1CVSS6.8AI score0.03086EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•35 views

K21595932: Samba vulnerability CVE-2018-1057

Security Advisory Description On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service...

8.8CVSS7.4AI score0.10308EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•35 views

K75269595: QEMU vulnerability CVE-2015-5166

Security Advisory Description Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice. CVE-2015-5166 Impact There is no impact; F5 products are not...

7.2CVSS8.3AI score0.00426EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•35 views

K71891773: BIG-IP APM VPN vulnerability CVE-2021-23002

Security Advisory Description The session ID is visible in the arguments of the f5vpn.exe command when VPN is launched from the browser on a Windows system. Addressing this issue requires both the client and server fixes. CVE-2021-23002 Impact An attacker with privileges to view the command line ...

4.5CVSS5.5AI score0.00339EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•35 views

K55539088: Intel SSD vulnerabilities CVE-2020-0584, CVE-2020-12309, CVE-2020-12310, CVE-2020-12311

Security Advisory Description CVE-2020-0584 Buffer overflow in firmware for IntelR SSD DC P4800X and P4801X Series, IntelR OptaneTM SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of service via local access. CVE-2020-12309 Insufficiently protected...

6.2CVSS4.3AI score0.00352EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•35 views

K37890841: BIG-IP APM logging disclosure vulnerability CVE-2019-19150

Security Advisory Description The BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled. CVE-2019-19150 Impact The BIG-IP APM system logs the client-session-id in the log files and is available to authenticated...

4.9CVSS5AI score0.00828EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•35 views

K69662152: Grep vulnerability CVE-2012-5667

Security Advisory Description Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow. CVE-2012-5667 Impact This vulnerability allows unauthorized...

4.4CVSS9.5AI score0.01022EPSS
Exploits6Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•35 views

K16101409: BIG-IP AFM vulnerability CVE-2022-23028

Security Advisory Description When global AFM SYN cookie protection TCP Half Open flood vector is activated in the AFM Device Dos or DOS profile, certain types of TCP connections will fail. CVE-2022-23028 Impact This vulnerability allows a remote attacker to cause a denial-of-service DoS on the...

5.3CVSS5.4AI score0.00889EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•35 views

K61095244: Intel software vulnerabilities CVE-2020-8705, CVE-2020-8744, CVE-2020-8745, CVE-2020-8756

Security Advisory Description CVE-2020-8705 Insecure default initialization of resource in IntelR Boot Guard in IntelR CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, IntelR TXE versions before 3.1.80 and 4.0.30, IntelR SPS versions before...

7.8CVSS6.9AI score0.00518EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:54 p.m.•35 views

K89509323: REST Framework vulnerability CVE-2019-6651

Security Advisory Description The BIG-IP/BIG-IQ Configuration utility login page may not follow best security practices when handling a malicious request. CVE-2019-6651 Impact The Configuration utility login page returns an inconsistent HTTP response when processing modified requests which may...

5.3CVSS5.5AI score0.01102EPSS
Exploits0Affected Software16
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•35 views

K55922302: XSS in F5 WebSafe Dashboard vulnerability CVE-2016-5236

Security Advisory Description Cross-Site-Scripting XSS vulnerabilities in F5 WebSafe Dashboard allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature. CVE-2016-5236 Impact An attacker with a privileged account may be able to inje...

5.4CVSS5.3AI score0.00636EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•35 views

K32460441: OpenSSL vulnerabilities CVE-2016-7053 and CVE-2016-7054

Security Advisory Description CVE-2016-7053 In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the...

7.5CVSS7.7AI score0.32389EPSS
Exploits3
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•35 views

K73122539: Java vulnerability CVE-2018-2790

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacke...

3.1CVSS3.3AI score0.05095EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•35 views

K96924184: BIG-IP HTTP profile vulnerability CVE-2022-23022

Security Advisory Description When an HTTP profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23022 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote, unauthenticated...

7.5CVSS7.4AI score0.0092EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:52 p.m.•35 views

K41774512: Intel CPU vulnerabilities CVE-2020-0528, CVE-2020-0529

Security Advisory Description CVE-2020-0528 Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation IntelR CoreTM Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. CVE-2020-0529...

7.8CVSS7.7AI score0.00345EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:51 p.m.•35 views

K81732330: Poppler vulnerability CVE-2013-4473

Security Advisory Description Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a source filename. CVE-2013-4473 Impact There is no impact; F5...

7.5CVSS8.1AI score0.07126EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:49 p.m.•35 views

K86162657: Intel Linux Bluetooth Drivers vulnerabilities CVE-2020-12321, CVE-2020-12322

Security Advisory Description CVE-2020-12321 Improper buffer restriction in some IntelR Wireless BluetoothR products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. CVE-2020-12322 Improper input validation in some IntelR...

8.8CVSS7.7AI score0.0097EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:49 p.m.•35 views

K11818407: REST Framework vulnerability CVE-2019-6602

Security Advisory Description The Configuration utility login page may not follow best security practices when handling a malicious request. CVE-2019-6602 Impact BIG-IP The Configuration utility login page returns an inconsistent HTTP response when processing modified requests; this may provide...

7.5CVSS7.7AI score0.01779EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:49 p.m.•35 views

K42793451: MySQL vulnerabilities CVE-2019-2634, CVE-2019-2635, CVE-2019-2636, CVE-2019-2644, and CVE-2019-2681

Security Advisory Description CVE-2019-2634 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure...

5.1CVSS4.9AI score0.02415EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•35 views

K14386: BIND vulnerability CVE-2013-2266

Security Advisory Description libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service memory consumption via a crafted regular expression, as demonstrated by a...

7.8CVSS6.7AI score0.42851EPSS
Exploits1Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•35 views

K38016814: PHP and libgd vulnerabilities CVE-2016-5116, CVE-2016-6128, CVE-2016-6132, and CVE-2016-6214

Security Advisory Description CVE-2016-5116 gdxbm.c in the GD Graphics Library aka libgd before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service stack-based buffer...

9.1CVSS7.2AI score0.06805EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•35 views

K43540241: MySQL vulnerabilities CVE-2019-2620, CVE-2019-2623, CVE-2019-2624, CVE-2019-2625, and CVE-2019-2626

Security Advisory Description CVE-2019-2620 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via...

5.3CVSS5.1AI score0.02232EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•35 views

K17327: GnuTLS RSA PKCS signature vulnerability CVE-2015-0282

Security Advisory Description GnuTLS before 3.1.0 does not verify that the RSA PKCS 1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. CVE-2015-0282 Impact This vulnerability may allow remot...

5CVSS7.6AI score0.01397EPSS
Exploits0Affected Software20
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•35 views

K16576941: ISC BIND vulnerability CVE-2018-5737

Security Advisory Description A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching...

7.5CVSS6.1AI score0.10355EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•35 views

K97002210: NGINX Controller vulnerability CVE-2021-23018

Security Advisory Description Intra-cluster communication does not use TLS. The services within the NGINX Controller namespace are using cleartext protocols inside the cluster. CVE-2021-23018 Impact Attackers with access to cluster may have the ability to read and modify the data being sent betwe...

7.4CVSS7.2AI score0.00544EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:46 p.m.•35 views

K14969: BIG-IP Edge and FirePass client information leakage vulnerability CVE-2013-6024

Security Advisory Description The Edge Client components in F5 BIG-IP APM, BIG-IP Edge Gateway, and FirePass allow attackers to obtain sensitive information from process memory via unspecified vectors. CVE-2013-6024 Impact An attacker with sufficient local privileges on a client machine running...

4.4CVSS6.6AI score0.00357EPSS
Exploits0Affected Software3
F5 Networks
F5 Networks
•added 2023/02/21 6:46 p.m.•35 views

K51473743: MySQL Server C API vulnerability CVE-2017-3650

Security Advisory Description Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: C API. Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

4.3CVSS4.1AI score0.02152EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•35 views

K06635145: BIG-IP Edge Client session ID vulnerability

Security Advisory Description BIG-IP Edge Client exposes the current session ID as part of the request URI when sending Keep-Alive' requests over an SSL channel. This approach can lead to exploit vulnerabilities in man-in-the-middle MITM SSL terminating proxies, which log the complete URI in thei...

6.5AI score
Exploits0Affected Software3
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•35 views

K25353544: libidn vulnerability CVE-2016-6263

Security Advisory Description The stringpreputf8nfkcnormalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via crafted UTF-8 data. CVE-2016-6263 Impact This vulnerability may allow attackers to cause a...

7.5CVSS7.6AI score0.0391EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•35 views

K14614344: libxml2 vulnerability CVE-2016-1840

Security Advisory Description Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of...

7.8CVSS7.8AI score0.03239EPSS
Exploits1Affected Software15
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•35 views

K55625065: MySQL vulnerability CVE-2016-5624

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML. CVE-2016-5624 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...

6.5CVSS6.5AI score0.04625EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•35 views

K15479471: Mozilla NSS vulnerability CVE-2016-2834

Security Advisory Description Mozilla Network Security Services NSS before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service memory corruption and application crash or possibly have unspecified other impact via unknown vectors. CVE-2016-2834 Impact...

9.3CVSS9AI score0.0338EPSS
Exploits0Affected Software23
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•35 views

K52950150: CUPS vulnerability CVE-2014-9679

Security Advisory Description Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. CVE-2014-9679 Impact There is no impact; F5...

6.8CVSS8.2AI score0.04633EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•35 views

K23675185: Apache Qpid vulnerabilities CVE-2016-3094 and CVE-2016-4432

Security Advisory Description CVE-2016-3094 PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service broker termination via a crafted authentication attempt, which triggers an uncaught...

9.1CVSS6.8AI score0.08148EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•35 views

K10630493: Apache Tomcat vulnerability CVE-2018-8020

Security Advisory Description Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists multiple entries of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing...

7.4CVSS7AI score0.04199EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•35 views

K08613310: BIND vulnerability CVE-2017-3145

Security Advisory Description BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. CVE-2017-3145 Impact BIG-IP A remote attacker can use this flaw to make...

7.5CVSS7.2AI score0.27725EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•35 views

K48220300: libxml2 vulnerability CVE-2016-1836

Security Advisory Description Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML...

5.5CVSS6.7AI score0.03926EPSS
Exploits0Affected Software15
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•35 views

K63427774: Multiple Oracle Java SE vulnerabilities

Security Advisory Description CVE-2016-5542 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries. CVE-2016-5554 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and...

9.6CVSS7.2AI score0.05437EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•35 views

K10092301: BIND vulnerability CVE-2019-6471

Security Advisory Description A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 - 9.11.7, 9.12.0 - 9.12.4-P1, 9.14.0 - 9.14.2. Also all releases of the BIND 9.13 developmen...

5.9CVSS6.2AI score0.03271EPSS
Exploits0Affected Software16
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•35 views

K42378447: IPsec IKEv1 vulnerability CVE-2018-5389

Security Advisory Description The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1...

5.9CVSS6.1AI score0.03038EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•35 views

K16383: Linux RPM vulnerability CVE-2013-6435

Security Advisory Description Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d...

7.6CVSS8AI score0.07669EPSS
Exploits0Affected Software21
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•35 views

K51392553: libpixman vulnerability CVE-2013-1591

Security Advisory Description Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fastcompositescaledbilinear functi...

10CVSS9.6AI score0.03626EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•35 views

K16852653: TMM vulnerability CVE-2022-32455

Security Advisory Description When a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel TMM to terminate. CVE-2022-32455 Impact Traffic is disrupte...

7.5CVSS7.7AI score0.00453EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:33 p.m.•35 views

K14574: PHP vulnerability CVE-2012-1172

Security Advisory Description PHP has been cited with the following vulnerability, which may be locally exploitable on some F5 products: The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid open square bracket characters in name values, which makes it...

5.8CVSS9.2AI score0.06365EPSS
Exploits2Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 6:32 p.m.•35 views

K30552262: GhostScript vulnerabilities CVE-2013-5653, CVE-2016-7977, CVE-2016-7979, and CVE-2016-8602

Security Advisory Description CVE-2013-5653 The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. CVE-2016-7977 Ghostscript before 9.21 might allow remote attackers to bypass the SAFER...

9.8CVSS8.3AI score0.06419EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:32 p.m.•35 views

K23203045: BIG-IP Advanced WAF and ASM REST API vulnerability CVE-2021-23014

Security Advisory Description BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API, which might allow authenticated users with guest privileges to upload files. CVE-2021-23014 Impact If an attacker has network access to the BIG-...

8.8CVSS8.3AI score0.00804EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 6:30 p.m.•35 views

K15493: OpenSSH vulnerability CVE-2006-5229

Security Advisory Description OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid one...

2.6CVSS5.8AI score0.54212EPSS
Exploits9
F5 Networks
F5 Networks
•added 2023/02/21 6:30 p.m.•35 views

K10674: Netscape reuse cipher change bug - Qualsys QID 38284

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

6.4AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:29 p.m.•35 views

K92800352: NTP vulnerability CVE-2016-4953

Security Advisory Description ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service ephemeral-association demobilization by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. CVE-2016-4953 Impact There is no impact; F5 products...

7.5CVSS7AI score0.17245EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:29 p.m.•35 views

K33820305: runc vulnerability CVE-2021-30465

Security Advisory Description runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack th...

8.5CVSS6.7AI score0.06604EPSS
Exploits0
Total number of security vulnerabilities5000