Lucene search
K

6390 matches found

F5 Networks
F5 Networks
•added 2023/02/21 6:20 p.m.•30 views

K43205719: NTP input validation vulnerability CVE-2016-1550

Security Advisory Description An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key. CVE-2016-1550...

5.3CVSS6.7AI score0.03634EPSS
Exploits1Affected Software23
F5 Networks
F5 Networks
•added 2023/02/21 6:15 p.m.•30 views

K15797: Linux kernel vulnerability CVE-2012-4461

Security Advisory Description The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service kernel OOPS by using the KVMSETSREGS ioctl to set the X86CR4OSXSAVE bit in the guest cr4 register, then...

1.9CVSS5.7AI score0.00356EPSS
Exploits0Affected Software17
F5 Networks
F5 Networks
•added 2023/02/21 6:12 p.m.•30 views

K17155: TMM vulnerability CVE-2015-4638

Security Advisory Description The Traffic Management Microkernel TMM may restart and produce a core file when a FastL4 virtual server processes a fragmented packet. CVE-2015-4638 Impact The Traffic Management Microkernel TMM may restart and temporarily fail to process traffic. Security Advisory...

5CVSS6.5AI score0.01744EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 6:11 p.m.•30 views

K15751: OpenSSH vulnerability CVE-2007-0726

Security Advisory Description The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break...

5CVSS6.5AI score0.03873EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:9 p.m.•30 views

K16381: Linux kernel vulnerability CVE-2014-9683

Security Advisory Description Off-by-one error in the ecryptfsdecodefromfilename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service buffer overflow and system crash or possibly gain privileges via a crafted...

3.6CVSS6.5AI score0.00447EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:9 p.m.•30 views

K16380: FreeType vulnerabilities CVE-2014-9656 and CVE-2014-9659

Security Advisory Description CVE-2014-9656 The ttsbitdecoderloadimage function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a...

7.5CVSS8.1AI score0.07687EPSS
Exploits2Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 6:8 p.m.•30 views

K17170: Java vulnerability CVE-2015-4736

Security Advisory Description Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2015-4736 Impact There is no impact; F5 products are not affected by this...

9.3CVSS4.4AI score0.04455EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:7 p.m.•30 views

K13421245: TMM vulnerability CVE-2017-6162

Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, 11.2.1, in some cases TMM may crash when processing TCP traffic. This vulnerability affects T...

5.9CVSS5.9AI score0.01674EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 6:7 p.m.•30 views

K82252291: BIND vulnerability CVE-2020-8623

Security Advisory Description In BIND 9.10.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.10.5-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the...

7.5CVSS6.7AI score0.06348EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:6 p.m.•30 views

K52144175: libarchive vulnerability CVE-2019-18408

Security Advisory Description archivereadformatrarreaddata in archivereadsupportformatrar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVEFAILED situation, related to Ppmd7DecodeSymbol. CVE-2019-18408 Impact There is no impact; F5 products are not affected by this...

7.5CVSS6.2AI score0.0404EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 6:6 p.m.•30 views

K19157044: libtirpc vulnerability CVE-2013-1950

Security Advisory Description The svcdggetargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service rpcbind crash via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer. CVE-2013-1950 Impact Attackers may be able to perform a...

4.3CVSS6.6AI score0.0646EPSS
Exploits2Affected Software9
F5 Networks
F5 Networks
•added 2023/02/21 6:4 p.m.•30 views

K00032124: BIG-IP last hop kernel module vulnerability CVE-2015-5516

Security Advisory Description The BIG-IP last hop kernel module may leak memory when processing User Datagram Protocol UDP traffic. The memory leak may cause denial-of-service DoS conditions for the BIG-IP system. Impact The following configurations may allow a remote attacker to cause a memory...

7.4AI score
Exploits0Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 6:0 p.m.•30 views

K42406850: F5 SIRT response to the Ukraine crisis

Security Advisory Description Over the past few weeks, the world has watched as tensions have risen between Russia and Ukraine, and most recently, those tensions have escalated into a military conflict. F5 is deeply concerned for the safety of those in harm's way and the impact to everyone affect...

5.7AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 5:39 p.m.•30 views

K35424631: OpenSSH vulnerability CVE-2016-1907

Security Advisory Description The sshpacketreadpoll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service out-of-bounds read and application crash via crafted network traffic. CVE-2016-1907 Impact Remote attackers may be able to cause a denial-of-servi...

5.3CVSS7AI score0.14341EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 5:38 p.m.•30 views

K71059632: PHP vulnerability CVE-2015-8616

Security Advisory Description Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collatorsort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact by leveraging the...

8.6CVSS9.2AI score0.02173EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 5:28 p.m.•30 views

K14132811: Java vulnerability CVE-2015-4893

Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911. CVE-2015-4893...

5CVSS6.3AI score0.05288EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/10 8:57 p.m.•30 views

K000132492: SQLite vulnerability CVE-2022-46908

Security Advisory Description SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. CVE-2022-46908 Impact There is no impact; F5 produc...

7.3CVSS6.4AI score0.00425EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/01 1:30 p.m.•30 views

K06345931: F5OS vulnerability CVE-2023-22657

Security Advisory Description Processing F5OS tenant file names may allow for command injection. CVE-2023-22657 Impact An attacker may trick an administrator to upload a file with a specially crafted file name that injects commands. Security Advisory Status F5 Product Development has assigned ID...

7.8CVSS7.7AI score0.00443EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2023/01/04 12:39 a.m.•30 views

K92859602: BIG-IP TMM iRules vulnerability CVE-2016-5024

Security Advisory Description Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service Traffic Management Microkernel restart via crafted network traffic...

5.9CVSS5.9AI score0.01837EPSS
Exploits0Affected Software10
F5 Networks
F5 Networks
•added 2023/01/04 12:34 a.m.•30 views

K82851041: TMM vulnerability CVE-2017-6137

Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection i...

5.9CVSS5.7AI score0.0109EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
•added 2016/11/09 12:0 a.m.•30 views

SOL17119920 - BIG-IP ASM vulnerability CVE-2016-7472

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS2.7AI score0.04542EPSS
Exploits0References6
F5 Networks
F5 Networks
•added 2016/10/13 12:0 a.m.•30 views

SOL43267483 - PHP vulnerability CVE-2016-5766

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

8.8CVSS1.7AI score0.07495EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2016/02/22 12:0 a.m.•30 views

SOL74363721 - NTP vulnerability CVE-2015-7975

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

6.2CVSS0.7AI score0.0064EPSS
Exploits0References6
F5 Networks
F5 Networks
•added 2015/11/05 12:0 a.m.•30 views

SOL17563 - Apache Struts vulnerability CVE-2015-2992

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

6.1CVSS3.6AI score0.05618EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2015/11/02 12:0 a.m.•30 views

SOL17526 - NTP vulnerability CVE-2015-7848

Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue hotfix policy...

7.5CVSS2.4AI score0.06096EPSS
Exploits1References4
F5 Networks
F5 Networks
•added 2015/07/02 12:0 a.m.•30 views

SOL16877 - libuser vulnerability CVE-2011-0002

libuser before 0.57 uses a cleartext password value of 1 !! or 2 x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values. CVE-2011-0002...

6.4CVSS5.3AI score0.0379EPSS
Exploits1References3
F5 Networks
F5 Networks
•added 2015/07/01 12:0 a.m.•30 views

SOL16827 - Apache Struts vulnerability CVE-2015-1831

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

7.5CVSS0.6AI score0.06312EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2014/10/02 12:0 a.m.•30 views

SOL15642 - Samba vulnerability CVE-2013-4476

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

1.2CVSS3.4AI score0.00435EPSS
Exploits0References5
F5 Networks
F5 Networks
•added 2014/09/05 12:0 a.m.•30 views

SOL15500 - SSL acceleration card timing vulnerability CVE-2014-4024

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

5.9CVSS1.4AI score0.0162EPSS
Exploits0References6
F5 Networks
F5 Networks
•added 2014/05/02 12:0 a.m.•30 views

SOL15229 - BIG-IQ / BIG-IP privilege escalation vulnerability CVE-2014-3220

If the BIG-IQ 4.1 system is used to discover a BIG-IP 11.3.0 or 11.4.0 system, an authenticated user on the BIG-IP system may be able to modify the password of another user, including an administrator. Recommended Action If the previous table lists a version in the Versions known to be not...

9CVSS2.4AI score0.11003EPSS
Exploits1References5
F5 Networks
F5 Networks
•added 2010/06/18 12:0 a.m.•30 views

SOL11719 - Mitigating risk from SSH brute force login attacks

Vulnerability Description F5 products and versions that are affected by this Security Advisory F5 Product Development has determined that all products and versions are affected by the issue described in this security advisory. Note: For information about signing up to receive security notice...

0.2AI score
Exploits0
F5 Networks
F5 Networks
•added 2008/03/11 12:0 a.m.•30 views

SOL8508 - Cross-site scripting vulnerability in installControl.php3 page

A cross-site scripting XSS vulnerability exists in the FirePass installControl.php3 page, which is accessible prior to authentication. The installControl.php3 page fails to fully sanitize URL input before the web page content is sent to the browser. It is possible for an attacker to create web...

0.9AI score
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2004/12/13 12:0 a.m.•30 views

SOL1618 - Multiple SNMP vulnerabilities CA-2002-03

Information about this advisory is available at the following location:...

0.5AI score
Exploits0
F5 Networks
F5 Networks
•added 2004/06/04 12:0 a.m.•30 views

SOL3066 - OpenSSH buffer management vulnerability - CA-2003-24

For information about this vulnerability, refer to...

0.5AI score
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2026/06/04 6:40 a.m.•29 views

K000161576: Linux kernel vulnerabilities CVE-2025-39841 and CVE-2025-39727

Security Advisory Description CVE-2025-39841 In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the ...

7.8CVSS6.8AI score0.00167EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/09/29 9:38 p.m.•29 views

K000156685: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2014-9808 ImageMagick allows remote attackers to cause a denial of service segmentation fault and application crash via a crafted dpc image. CVE-2014-9809 ImageMagick allows remote attackers to cause a denial of service segmentation fault and application crash vi...

7.8CVSS7.5AI score0.01625EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/05/19 12:0 a.m.•29 views

K000151412: Apache Tomcat vulnerability CVE-2025-31650

Security Advisory Description CVE-2025-31650 Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger a...

9.8CVSS7.5AI score0.66933EPSS
Exploits6Affected Software36
F5 Networks
F5 Networks
•added 2025/03/24 12:13 a.m.•29 views

K000150505: LuaJIT vulnerabilities CVE-2019-19391, CVE-2020-15890, CVE-2020-24372

Security Advisory Description CVE-2019-19391 In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and options are mishandled...

9.1CVSS6.9AI score0.02862EPSS
Exploits2
F5 Networks
F5 Networks
•added 2025/03/14 10:42 p.m.•29 views

K000150394: Intel QuickAssist Technology vulnerabilities CVE-2024-29223, CVE-2023-32277, CVE-2024-31153, and CVE-2024-31858

Security Advisory Description CVE-2024-29223 Uncontrolled search path for some IntelR QuickAssist Technology software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2023-32277 Untrusted Pointer Dereference in I/O subsystem...

7.8CVSS6.5AI score0.00238EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/02/28 7:47 p.m.•29 views

K000150185: TCP/IP protocol vulnerabilities CVE-2024-7595, CVE-2024-7596, CVE-2025-23018, and CVE-2025-23019

Security Advisory Description CVE-2024-7595 GRE and GRE6 Protocols RFC2784 do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected...

6.5CVSS5.6AI score0.01552EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/11/26 2:7 a.m.•29 views

K000148713: libssh2 vulnerabilities CVE-2019-3858 and CVE-2019-3862

Security Advisory Description CVE-2019-3858 An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

9.1CVSS7.5AI score0.08114EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2024/11/12 5:28 p.m.•29 views

K000148511: WebKitGTK and WPE WebKit vulnerability CVE-2023-42950

Security Advisory Description A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.3AI score0.01069EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/11/11 2:38 p.m.•29 views

K000148485: qt vulnerabilities CVE-2017-10905 and CVE-2014-0190

Security Advisory Description CVE-2017-10905 A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. CVE-2014-0190 The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of...

6.8CVSS5.5AI score0.03957EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/10/30 11:21 p.m.•29 views

K000148343: Diffie-Hellman key exchange protocol vulnerability CVE-2024-41996

Security Advisory Description Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers from the client side to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client...

7.5CVSS7.6AI score0.01083EPSS
Exploits0Affected Software16
F5 Networks
F5 Networks
•added 2024/10/28 8:45 p.m.•29 views

K000148290: Moment.JS vulnerabilities CVE-2017-18214 and CVE-2022-24785

Security Advisory Description CVE-2017-18214 The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. CVE-2022-24785 Moment.js is a JavaScript date library for parsing, validating,...

7.5CVSS6.4AI score0.05664EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/10/21 12:22 a.m.•29 views

K000141528: glibc vulnerability CVE-2024-33600

Security Advisory Description nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's nscd cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cach...

5.9CVSS6.7AI score0.01216EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/10/07 4:47 a.m.•29 views

K000141358: Multiple libpng vulnerabilities

Security Advisory Description CVE-2016-3751 Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining...

10CVSS8.4AI score0.04692EPSS
Exploits3
F5 Networks
F5 Networks
•added 2024/09/05 9:33 p.m.•29 views

K000140953: libarchive vulnerability CVE-2023-30571

Security Advisory Description Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask call inside archivewritediskposix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask...

5.3CVSS5.2AI score0.00192EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2024/08/19 4:4 p.m.•29 views

K000140742: MySQL vulnerability CVE-2024-21179

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4.9CVSS5.2AI score0.00682EPSS
Exploits0
F5 Networks
F5 Networks
•added 2024/08/14 1:21 p.m.•29 views

K000139938: BIG-IP Next Central Manager vulnerability CVE-2024-37028

Security Advisory Description BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. CVE-2024-37028 Impact An unauthenticated attacker can exploit this vulnerability to lock out a BIG-IP Next Central Manager webUI account that has never been logged...

6.3CVSS6.8AI score0.00448EPSS
Exploits0Affected Software1
Total number of security vulnerabilities5000