Lucene search
K

6390 matches found

F5 Networks
F5 Networks
added 2016/05/23 12:0 a.m.31 views

SOL14340611 - Java vulnerability CVE-2013-5782

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

10CVSS1.8AI score0.06295EPSS
Exploits0References8
F5 Networks
F5 Networks
added 2015/09/27 12:0 a.m.31 views

SOL17330 - GnuTLS vulnerability CVE-2015-3308

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS1.8AI score0.03921EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2015/08/14 12:0 a.m.31 views

SOL17124 - Linux kernel vulnerability CVE-2015-1465

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

7.8CVSS0.8AI score0.06511EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2015/07/02 12:0 a.m.31 views

SOL16880 - Libcap vulnerability CVE-2011-4099

The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors. CVE-2011-4099...

4.6CVSS4.8AI score0.00379EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2015/07/01 12:0 a.m.31 views

SOL16843 - NAT-PMP vulnerability VU#184540

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

2.7AI score
Exploits0References3
F5 Networks
F5 Networks
added 2014/11/27 12:0 a.m.31 views

SOL15880 - Libpng vulnerability CVE-2008-6218

Recommended action ARX If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate th...

7.1CVSS1.4AI score0.02313EPSS
Exploits0References6
F5 Networks
F5 Networks
added 2014/11/06 12:0 a.m.31 views

SOL15793 - PHP Posthandler vulnerability CVE-2014-3622

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...

9.8CVSS2AI score0.03121EPSS
Exploits1References13
F5 Networks
F5 Networks
added 2011/08/02 12:0 a.m.31 views

SOL12998 - OpenSSL vulnerability CVE-2011-1945

The elliptic curve cryptography ECC subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm ECDSA is used for the ECDHEECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine...

2.6CVSS7.1AI score0.0343EPSS
Exploits1
F5 Networks
F5 Networks
added 2007/09/04 12:0 a.m.31 views

SOL7854 - Web Applications Content Processing Scripts vulnerability

F5 Product Development tracked this issue as CR81839 and it was fixed in FirePass 6.0.2. For information about upgrading, refer to the FirePass release notes. Additionally, cumulative hotfix HF-552-10 has been issued for FirePass 5.5.2, cumulative hotfix HF-600-15 has been issued for FirePass 6.0...

0.7AI score
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2007/05/16 12:0 a.m.31 views

SOL5873 - PAM conversation stack corruption in OpenSSH - CVE-2003-0787

Information about this advisory is available at the following location: Note: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge...

7.5CVSS9.2AI score0.0166EPSS
Exploits0
F5 Networks
F5 Networks
added 2005/07/20 12:0 a.m.31 views

SOL4809 - tcpdump vulnerabilities - CAN-2005-1278, CAN-2005-1279, and CAN-2005-1280

F5 Networks Product Development tracked this issue as CR48152 and CR48153 and it was fixed in BIG-IP and 3-DNS version 4.5.13. This issue still exists in the BIG-IP and 3-DNS 4.6 software branch...

5CVSS4.7AI score0.18721EPSS
Exploits2
F5 Networks
F5 Networks
added 2026/03/30 12:41 a.m.30 views

K000160515: F5 System Scanner

Topic This article explains how to install and run the F5 System Scanner on BIG-IP and standard x8664 Linux systems. The F5 System Scanner supports the following BIG-IP versions hotfixes EHFs: BIG-IP versions released between October 2025 and May 5, 2026 EHFs released between October 2025 and Apr...

5.8AI score
Exploits0
F5 Networks
F5 Networks
added 2026/01/05 8:40 p.m.30 views

K000159002: Linux kernel vulnerability CVE-2025-39718

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skbput When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtiovsockskbrxput. Unfortunately,...

5.5CVSS6.2AI score0.00137EPSS
Exploits0
F5 Networks
F5 Networks
added 2025/10/14 2:46 a.m.30 views

K000156994: BusyBox vulnerability CVE-2016-2148

Security Advisory Description Heap-based buffer overflow in the DHCP client udhcpc in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION6RD parsing. CVE-2016-2148 Impact This vulnerability allows remote attackers to perform a Remote Code Executio...

9.8CVSS7.4AI score0.28429EPSS
Exploits4Affected Software13
F5 Networks
F5 Networks
added 2025/01/16 11:8 p.m.30 views

K000149329: PostgreSQL vulnerabilities CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, and CVE-2014-0063

Security Advisory Description CVE-2014-0060 PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users t...

6.5CVSS8.3AI score0.06666EPSS
Exploits4
F5 Networks
F5 Networks
added 2024/10/30 8:46 p.m.30 views

K000148349: Spring framework vulnerability CVE-2024-38819

Security Advisory Description The cve record for the cve id does not exist. CVE-2024-38819 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for potential vulnerability, and...

7.5CVSS6.3AI score0.54862EPSS
Exploits6
F5 Networks
F5 Networks
added 2024/09/17 11:8 p.m.30 views

K000141088: SQLite vulnerability CVE-2017-10989

Security Advisory Description The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. CVE-2017-10989 Impact...

9.8CVSS8.1AI score0.08609EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2024/05/08 12:57 p.m.30 views

K000138913: BIG-IP Next CNF vulnerability CVE-2024-28132

Security Advisory Description Exposure of a Sensitive Information vulnerability exists in the Global Server Load Balancing GSLB container, which may allow an authenticated attacker with administrator role privileges to view sensitive information. CVE-2024-28132 Impact An authenticated attacker ma...

4.4CVSS6.5AI score0.00166EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2024/02/14 1:38 p.m.30 views

K000137675: BIG-IP HTTP/2 vulnerability CVE-2024-23314

Security Advisory Description When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel TMM to terminate. CVE-2024-23314 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote...

7.5CVSS7.6AI score0.00515EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
added 2023/12/11 9:50 p.m.30 views

K000137871: Linux kernel vulnerability CVE-2023-35001

Security Advisory Description Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nftbyteorder poorly handled vm register contents when CAPNETADMIN is in any user or network namespace CVE-2023-35001 Impact This vulnerability may allow an authenticated attacker with local access to...

7.8CVSS7.4AI score0.01508EPSS
Exploits2Affected Software1
F5 Networks
F5 Networks
added 2023/09/28 6:59 p.m.30 views

K000137038: BIND vulnerability CVE-2023-4236

Security Advisory Description A flaw in the networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9...

7.5CVSS8.2AI score0.0215EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/08/15 7:29 a.m.30 views

K000135853: Dell BSAFE Micro Edition vulnerability CVE-2020-35168

Security Advisory Description Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. CVE-2020-35168 Impact There is no impact; F5 products are not affected by this vulnerability...

9.8CVSS7.1AI score0.00483EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/08/02 12:49 p.m.30 views

K000134746: BIG-IP Edge Client for macOS vulnerability CVE-2023-38418

Security Advisory Description The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. CVE-2023-38418 Impact An attacker with an ability to run unprivileged arbitrary code on the target macOS client may be able to abuse an...

7.8CVSS8AI score0.00136EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
added 2023/07/24 6:40 p.m.30 views

K000135555: Java vulnerabilities CVE-2020-2756 and CVE-2020-2757

Security Advisory Description CVE-2020-2756 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows...

4.3CVSS6AI score0.04211EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
added 2023/07/03 12:27 p.m.30 views

K000135352: Heimdal vulnerability CVE-2022-3116

Security Advisory Description The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash. CVE-2022-3116 Impact There is no impact; F5...

7.5CVSS7.4AI score0.00885EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/06/30 3:14 a.m.30 views

K000135314: GO vulnerability CVE-2022-28327

Security Advisory Description The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. CVE-2022-28327 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Developme...

7.5CVSS7.4AI score0.04195EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 9:38 p.m.30 views

K000132703: HAProxy vulnerability CVE-2021-40346

Security Advisory Description An integer overflow exists in HAProxy 2.0 through 2.5 in htxaddheader that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. CVE-2021-40346 Impact There is no...

7.5CVSS8.1AI score0.57934EPSS
Exploits6
F5 Networks
F5 Networks
added 2023/02/21 8:2 p.m.30 views

K55143785: NSS vulnerability CVE-2017-7502

Security Advisory Description Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker. CVE-2017-7502 Impact There is no impact; F5 products are not affected by this vulnerability. Security...

7.5CVSS7.5AI score0.04302EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 8:1 p.m.30 views

K05510205: Linux kernel vulnerability CVE-2018-14678

Security Advisory Description An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xenfailsafecallback entry point in arch/x86/entry/entry64.S does not properly maintain RBX, which allows local users to cause a denial of service uninitialized memory usag...

7.8CVSS6.1AI score0.00409EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.30 views

K29149494: iControl REST vulnerability CVE-2019-6637

Security Advisory Description Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated...

6.5CVSS6.2AI score0.01461EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.30 views

K06430416: Zend Framework vulnerability CVE-2015-7695

Security Advisory Description The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query. CVE-2015-7695 Impact There is no impact; F5 products are not affected by this...

9.8CVSS9.7AI score0.02972EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.30 views

K62201098: BADoS vulnerability CVE-2018-5526

Security Advisory Description Under certain conditions, Behavioral DoS BADoS protection may fail during an attack. CVE-2018-5526 Impact BADoS protection does not function as intended. Security Advisory Status F5 Product Development has assigned IDs 714350 and 714369 BIG-IP to this vulnerability. ...

6.5CVSS6.6AI score0.02025EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.31 views

K34893234: BIG-IP APM Appliance mode vulnerability CVE-2022-31473

Security Advisory Description When running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps. A successful exploit can allow the attacker to cross a security boundary...

7.7CVSS7AI score0.01768EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:59 p.m.30 views

K95434410: TMM vulnerability CVE-2019-6629

Security Advisory Description Undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact...

7.5CVSS7.5AI score0.01309EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:59 p.m.30 views

K4256: RADIUS integer overflow vulnerability CAN-2005-0108

Security Advisory Description Apache modauthradius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service crash via a RADIUSREPLYMESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument. Note: Versions that a...

6.4AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:58 p.m.30 views

K14632915: TMM vulnerability CVE-2019-6603

Security Advisory Description Malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs. CVE-2019-6603 Impact This vulnerability...

7.5CVSS7.8AI score0.01782EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
added 2023/02/21 7:58 p.m.30 views

K06440657: BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2021-23001

Security Advisory Description The upload functionality in BIG-IP Advanced WAF and ASM allows an authenticated user to upload files to the BIG-IP system using a call to an undisclosed iControl REST endpoint. CVE-2021-23001 Impact An authenticated malicious user can upload malicious files to use in...

4.3CVSS5.3AI score0.00572EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
added 2023/02/21 7:58 p.m.30 views

K99038439: NodeJS vulnerability CVE-2012-2330

Security Advisory Description The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero...

6.4CVSS6.5AI score0.02595EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 7:57 p.m.30 views

K51543541: QEMU vulnerability CVE-2018-7858

Security Advisory Description Quick Emulator aka QEMU, when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service out-of-bounds access and QEMU process crash by leveraging incorrect region calculation when updating VGA display...

5.5CVSS6.2AI score0.00637EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:56 p.m.30 views

K47284724: iControl vulnerability CVE-2016-9256

Security Advisory Description Permissions enforced by iControl can lag behind the actual permissions assigned to a user if the rolemap is not reloaded between the time the permissions are changed and the time of the user's next request. This is a race condition that occurs rarely in normal usage;...

7.5CVSS7.5AI score0.01041EPSS
Exploits0Affected Software10
F5 Networks
F5 Networks
added 2023/02/21 7:56 p.m.30 views

K71612511: Kernel vulnerability CVE-2016-8106

Security Advisory Description A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions. CVE-2016-8106 Impact There ...

5.9CVSS6.2AI score0.05129EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:56 p.m.31 views

K55031185: demangler in GNU Libiberty vulnerability CVE-2016-6131

Security Advisory Description The demangler in GNU Libiberty allows remote attackers to cause a denial of service infinite loop, stack overflow, and crash via a cycle in the references of remembered mangled types. CVE-2016-6131 Impact There is no impact; F5 products are not affected by this...

7.5CVSS7.5AI score0.04619EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:55 p.m.30 views

K31445234: Intel I210 network adapter vulnerability CVE-2020-0523

Security Advisory Description Improper access control in the firmware for the IntelR Ethernet I210 Controller series of network adapters before version 3.30 may potentially allow a privileged user to enable a denial of service via local access. CVE-2020-0523 Impact The BIG-IP management network...

4.4CVSS4.5AI score0.00241EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
added 2023/02/21 7:55 p.m.30 views

K68292031: Intel CPU vulnerability CVE-2018-3658

Security Advisory Description Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access. CVE-2018-3658 Impact There is no impact; F5 products are...

5.3CVSS5.8AI score0.03303EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:54 p.m.30 views

K11561403: Intel CPU vulnerability CVE-2018-3657

Security Advisory Description Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access. CVE-2018-3657 Impact There is no impact; F5 products ar...

7.2CVSS7.1AI score0.00582EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:51 p.m.30 views

K17443: Perl vulnerability CVE-2007-5116

Security Advisory Description Buffer overflow in the polymorphic opcode support in the Regular Expression Engine regcomp.c in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode UTF characters in a regular expression. CVE-2007-5116 Impact There...

7.5CVSS9.6AI score0.0483EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:46 p.m.30 views

K15553: Kerberos vulnerability CVE-2014-4343

Security Advisory Description Double free vulnerability in the initctxreselect function in the SPNEGO initiator in lib/gssapi/spnego/spnegomech.c in MIT Kerberos 5 aka krb5 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service memory corruption or possibly execu...

7.6CVSS8.7AI score0.06419EPSS
Exploits0Affected Software3
F5 Networks
F5 Networks
added 2023/02/21 7:38 p.m.30 views

K16494: phpMyAdmin vulnerability CVE-2015-2206

Security Advisory Description libraries/selectlang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it...

5CVSS9.3AI score0.03263EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:37 p.m.30 views

K42891424: Grep vulnerability CVE-2015-1345

Security Advisory Description The bmexectrans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service out-of-bounds heap read and crash via crafted input when using the -F option. CVE-2015-1345 Impact A local user may cause a denial-of-service DoS by way of...

2.1CVSS8.5AI score0.00486EPSS
Exploits1Affected Software11
F5 Networks
F5 Networks
added 2023/02/21 7:36 p.m.30 views

K16479: Linux kernel vulnerability CVE-2009-4537

Security Advisory Description drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to 1 cause a denial of service temporary network outage via a packet with a...

7.8CVSS4.8AI score0.05889EPSS
Exploits1Affected Software11
Total number of security vulnerabilities5000