Lucene search
K

6392 matches found

F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•32 views

K04572666: systemd vulnerability CVE-2020-13776

Security Advisory Description systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete...

6.7CVSS6.2AI score0.00464EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•32 views

K32157421: MySQL vulnerability CVE-2016-3495

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. CVE-2016-3495 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Stat...

6.8CVSS4.5AI score0.02703EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:53 p.m.•32 views

K54358225: BIG-IP APM Portal Access vulnerability CVE-2017-0301

Security Advisory Description In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources,...

7.6CVSS7.7AI score0.00535EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:52 p.m.•32 views

K51182024: libxml2 2.7.8 vulnerability CVE-2010-4494

Security Advisory Description Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling...

7.5CVSS7.9AI score0.07533EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:52 p.m.•32 views

K63163637: BIG-IP TMUI vulnerability CVE-2021-23043

Security Advisory Description A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to access arbitrary files. CVE-2021-23043 Impact An authenticated attacker may exploit this vulnerability by sending a crafted request to the...

6.5CVSS6.4AI score0.01994EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:49 p.m.•32 views

K64343470: Linux kernel vulnerability CVE-2017-6874

Security Advisory Description Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service use-after-free and system crash or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that cause...

7CVSS6.3AI score0.00263EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•32 views

K23205024: MySQL Server Optimizer vulnerability CVE-2022-21438

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromis...

4.9CVSS5.1AI score0.01252EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:48 p.m.•32 views

K16861: BIG-IQ remote authentication vulnerability CVE-2015-4637

Security Advisory Description When remote authentication is configured on the BIG-IQ system for a LDAP server that allows anonymous BIND operations, a unauthenticated user may obtain an authentication token from the REST API for any known or guessed LDAP user account and will receive all the acce...

4.3CVSS6.9AI score0.01141EPSS
Exploits0Affected Software4
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•32 views

K33211839: TMM vulnerability CVE-2018-5500

Security Advisory Description Every Multipath TCP MCTCP connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP MCTCP feature enabled will be affected by this issue. CVE-2018-5500 Impact Over a period of time, the memory leak may lead to memory...

5.9CVSS5.9AI score0.0137EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•32 views

K04712583: Linux kernel vulnerability CVE-2021-40490

Security Advisory Description A race condition was discovered in ext4writeinlinedataend in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. CVE-2021-40490 Impact An attacker may be able to access shared resources by way of untrusted code sequences. Security Advisory...

7CVSS7.1AI score0.00303EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•32 views

K09208133: CUPS Vulnerabilities CVE-2018-4180, CVE-2018-4181

Security Advisory Description CVE-2018-4180 In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. CVE-2018-4181 In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access...

7.8CVSS6AI score0.00454EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•32 views

K44553214: Web application firewall vulnerability CVE-2021-23050

Security Advisory Description When a cross-site request forgery CSRF-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. CVE-2021-23050 Impact Traffic is disrupted until the bd process restarts. This vulnerability allows a remote...

7.5CVSS7.4AI score0.00468EPSS
Exploits0Affected Software3
F5 Networks
F5 Networks
•added 2023/02/21 6:47 p.m.•32 views

K90305959: Intel processor diagnostic tool vulnerability CVE-2019-11133

Security Advisory Description Improper access control in the IntelR Processor Diagnostic Tool before version 4.1.2.24 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access. CVE-2019-11133 Impact There is no...

7.8CVSS7.3AI score0.00411EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:46 p.m.•32 views

K26455071: BIG-IP HSB vulnerability CVE-2019-6604

Security Advisory Description Under certain conditions, hardware systems with a High-Speed Bridge HSB using non-default Layer 2 forwarding configurations may experience a lockup of the HSB. CVE-2019-6604 This vulnerability occurs when all of the following conditions are met: A VLAN group is...

6.8CVSS6.5AI score0.01017EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:46 p.m.•32 views

K61757346: BIG-IP Azure cloud vulnerability CVE-2017-6131

Security Advisory Description In some circumstances, a BIG-IP Azure cloud instance may contain a default administrative password which can be used to remotely log in to the BIG-IP system. The affected administrative account is the Azure instance administrative user created at deployment. The root...

9.8CVSS9.6AI score0.01141EPSS
Exploits0Affected Software9
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•32 views

K10930474: TMM vulnerability CVE-2017-6155

Security Advisory Description Malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure. CVE-2017-6155 Impact An attacker may be able to disrupt traff...

7.5CVSS7.5AI score0.01321EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•32 views

K94552980: Intel product vulnerabilities CVE-2020-0550 and CVE-2020-0551

Security Advisory Description CVE-2020-0550 Improper data forwarding in some data cache for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. The list of affected products is provided in intel-sa-00330:...

5.6CVSS5.2AI score0.0104EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•32 views

K20281756: Libgcrypt vulnerability CVE-2017-7526

Security Advisory Description libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately mo...

6.8CVSS6.5AI score0.03885EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•32 views

K01002228: Linux kernel vulnerability CVE-2020-11725

Security Advisory Description DISPUTED sndctlelemadd in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info-owner line, which later affects a privatesizecount multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it cou...

7.8CVSS6.6AI score0.00511EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•32 views

K00025388: BIG-IP TMM AWS vulnerability CVE-2020-5856

Security Advisory Description While processing specifically crafted traffic using the default 'xnet' driver, BIG-IP Virtual Edition VE instances hosted in Amazon Web Services AWS may experience a Traffic Management Microkernel TMM restart. CVE-2020-5856 Impact A remote attacker may be able to...

7.5CVSS7.5AI score0.01044EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 6:35 p.m.•32 views

K24311131: MySQL vulnerability CVE-2016-3492

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. CVE-2016-3492 Impact There is no impact; F5 products are not...

6.8CVSS6.4AI score0.06499EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•32 views

K00265182: Custom monitor privilege escalation vulnerability CVE-2016-5020

Security Advisory Description F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification EAV monitor script. CVE-2016-5020 Impact An...

9CVSS8.5AI score0.03428EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•32 views

K13028514: NGINX Controller webserver vulnerability CVE-2020-5894

Security Advisory Description The NGINX Controller webserver does not invalidate the server-side session token after users log out. CVE-2020-5894 Impact An attacker that successfully extracted a valid session token can use it before it expires on the server-side, even if the valid user has logged...

8.1CVSS8.2AI score0.01019EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:34 p.m.•32 views

K37683194: Poppler vulnerability CVE-2018-13988

Security Advisory Description Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim...

6.5CVSS6.3AI score0.0315EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:32 p.m.•32 views

K62750376: RADIUS authentication vulnerability CVE-2018-5515

Security Advisory Description Using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event. CVE-2018-5515 Impact BIG-IP When a BIG-IP system receives a RADIUS authentication response from a IPv6 RADIUS server, the affected syst...

6.3CVSS5.2AI score0.03229EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:28 p.m.•32 views

K17201: Apache HTTP server vulnerability CVE-2008-0455

Security Advisory Description Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitra...

4.3CVSS5.7AI score0.6477EPSS
Exploits1Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 6:26 p.m.•32 views

K16877: libuser vulnerability CVE-2011-0002

Security Advisory Description Description libuser before 0.57 uses a cleartext password value of 1 !! or 2 x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values. CVE-2011-0002 Impact None. F5 products are not affected by this...

6.4CVSS6.4AI score0.0379EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 6:26 p.m.•32 views

K21230183: NTP vulnerability CVE-2015-7976

Security Advisory Description The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. CVE-2015-7976 Impact A remote user who uses the ntp...

4.3CVSS6.3AI score0.03512EPSS
Exploits0Affected Software22
F5 Networks
F5 Networks
•added 2023/02/21 6:25 p.m.•32 views

K17159: PAM vulnerability CVE-2009-2410

Security Advisory Description The localhandlercallback function in server/responder/pam/pamLOCALdomain.c in sssd 0.4.1 does not properly handle blank-password accounts in the SSSD BE database, which allows context-dependent attackers to obtain access by sending the account's username, in...

7.5CVSS6.5AI score0.01979EPSS
Exploits2
F5 Networks
F5 Networks
•added 2023/02/21 6:8 p.m.•32 views

K17170: Java vulnerability CVE-2015-4736

Security Advisory Description Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2015-4736 Impact There is no impact; F5 products are not affected by this...

9.3CVSS4.4AI score0.04455EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:7 p.m.•32 views

K53183580: TMM FastL4 vulnerability CVE-2019-6680

Security Advisory Description While processing traffic through a standard virtual server that targets a FastL4 virtual server VIP on VIP, hardware appliances may stop responding. CVE-2019-6680 Impact This vulnerability allows remote attackers to cause a denial of service DoS on the BIG-IP system...

7.8CVSS7.4AI score0.01062EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 6:6 p.m.•32 views

K03244804: XML vulnerability CVE-2017-9233

Security Advisory Description XML External Entity vulnerability in libexpat 2.2.0 and earlier Expat XML Parser Library allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. CVE-2017-9233 Impact BIG-IP Administrative interfaces,...

7.5CVSS8.6AI score0.09051EPSS
Exploits1Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 6:4 p.m.•32 views

K51324410: SAMBA vulnerabilities CVE-2015-7560 and CVE-2016-0771

Security Advisory Description CVE-2015-7560 The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then usin...

6.5CVSS6.4AI score0.12938EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:3 p.m.•32 views

K75136237: Privilege escalation vulnerability CVE-2015-7393

Security Advisory Description dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0...

7.4CVSS7.6AI score0.0034EPSS
Exploits0Affected Software21
F5 Networks
F5 Networks
•added 2023/02/21 5:28 p.m.•32 views

K14132811: Java vulnerability CVE-2015-4893

Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911. CVE-2015-4893...

5CVSS6.3AI score0.05288EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/10 8:57 p.m.•32 views

K000132492: SQLite vulnerability CVE-2022-46908

Security Advisory Description SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. CVE-2022-46908 Impact There is no impact; F5 produc...

7.3CVSS6.4AI score0.00425EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/01/25 10:11 p.m.•32 views

K000132245: libpng vulnerability CVE-2019-7317

Security Advisory Description pngimagefree in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because pngimagefreefunction is called under pngsafeexecute. CVE-2019-7317 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

5.3CVSS7.7AI score0.09393EPSS
Exploits3
F5 Networks
F5 Networks
•added 2022/12/31 12:56 a.m.•32 views

K32196386: Linux kernel vulnerability CVE-2019-19447

Security Advisory Description In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4putsuper in fs/ext4/super.c, related to dumporphanlist in fs/ext4/super.c. CVE-2019-19447 Impact There is no impact; F...

7.8CVSS6.8AI score0.03539EPSS
Exploits1
F5 Networks
F5 Networks
•added 2022/12/16 7:12 p.m.•32 views

K000130240: Intel BIOS vulnerability CVE-2022-26006

Security Advisory Description Improper input validation in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2022-26006 Impact A local attacker logged in as a privileged user can exploit the vulnerability t...

8.2CVSS6.8AI score0.00193EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2016/11/04 12:0 a.m.•32 views

SOL58243048 - Considerations for transferring files from F5 devices

Vulnerability Description The BIG-IP system uses Secure Vault, a secure SSL-encrypted storage system, to securely store sensitive data such as SSL key passphrases, users, and administrator and services passwords. However, files transferred from an F5 device may contain sensitive information such ...

0.3AI score
Exploits0References6
F5 Networks
F5 Networks
•added 2016/11/04 12:0 a.m.•32 views

SOL02026963 - LibTIFF vulnerability CVE-2016-3632

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

7.8CVSS2.8AI score0.03123EPSS
Exploits0References4
F5 Networks
F5 Networks
•added 2016/08/10 12:0 a.m.•32 views

SOL10133477 - BIG-IP IPsec IKE peer listener vulnerability CVE-2016-5736

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS1.5AI score0.02267EPSS
Exploits0References6
F5 Networks
F5 Networks
•added 2016/08/10 12:0 a.m.•32 views

SOL12401251 - BIG-IP file validation vulnerability CVE-2015-8022

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

8.5CVSS1.9AI score0.02674EPSS
Exploits0References6
F5 Networks
F5 Networks
•added 2016/06/08 12:0 a.m.•32 views

SOL00265182 - Custom monitor privilege escalation vulnerability CVE-2016-5020

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

9CVSS2.7AI score0.03428EPSS
Exploits0References8
F5 Networks
F5 Networks
•added 2016/05/23 12:0 a.m.•32 views

SOL35424631 - OpenSSH vulnerability CVE-2016-1907

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.3CVSS0.9AI score0.14341EPSS
Exploits0References3
F5 Networks
F5 Networks
•added 2015/12/16 12:0 a.m.•32 views

SOL34250741 - BIND vulnerability CVE-2015-8000

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5CVSS1.3AI score0.5469EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2015/09/27 12:0 a.m.•32 views

SOL17330 - GnuTLS vulnerability CVE-2015-3308

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS1.8AI score0.03921EPSS
Exploits0References2
F5 Networks
F5 Networks
•added 2015/09/15 12:0 a.m.•32 views

SOL17267 - XSS vulnerability in Apache CVE-2002-0840

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

7.5CVSS2.4AI score0.94006EPSS
Exploits0References3
F5 Networks
F5 Networks
•added 2015/08/25 12:0 a.m.•32 views

SOL17174 - OpenJDK vulnerability CVE-2015-4733

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

10CVSS2.4AI score0.05766EPSS
Exploits0References2
F5 Networks
F5 Networks
•added 2015/07/09 12:0 a.m.•32 views

SOL16939 - Multiple Wireshark vulnerabilities

CVE-2014-6421 Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service application crash via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. CVE-2014-6422 The SDP dissector ...

5CVSS7.2AI score0.03375EPSS
Exploits0References3
Total number of security vulnerabilities5000