Lucene search
K

6359 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:45 p.m.28 views

K08654551: GnuPG vulnerability CVE-2019-13050

Security Advisory Description Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause ...

7.5CVSS7.2AI score0.02663EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.28 views

K04518313: BIG-IP APM network access VPN vulnerability CVE-2020-27724

Security Advisory Description In BIG-IP APM, on systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic over the tunnel. CVE-2020-27724 Impact This vulnerability may cause the Traffic Management Microkernel...

6.5CVSS6.3AI score0.00887EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.28 views

K62030064: libxml2 vulnerability CVE-2016-1833

Security Advisory Description The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

5.5CVSS6.8AI score0.02559EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.28 views

K69154630: BIG-IP Edge Client for Windows vulnerability CVE-2020-5898

Security Advisory Description The BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to a \\.\urvpndrv device causing the Windows kernel to crash. CVE-2020-5898...

5.5CVSS5.4AI score0.00261EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.28 views

K46535047: F5 TCP IPv6 vulnerability CVE-2016-9252

Security Advisory Description The Traffic Management Microkernel TMM in F5 BIG-IP systems before 11.5.4 HF3, 11.6.x before 11.6.1 HF2, and 12.x.x before 12.1.2 do not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial of service DoS through...

7.5CVSS7.5AI score0.0178EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.28 views

K19807532: BIND vulnerability CVE-2020-8619

Security Advisory Description The asterisk character "" is allowed in DNS zone files, where it is most commonly present as a wildcard at a terminal node of the Domain Name System graph. However, the RFCs do not require and BIND does not enforce that an asterisk character be present only at a...

4.9CVSS6.3AI score0.02088EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.28 views

K86272821: BIND vulnerability CVE-2016-9131

Security Advisory Description named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service assertion failure and daemon exit via a malformed response to an RTYPE ANY query. CVE-2016-9131 Impact When the BIND...

7.5CVSS7.7AI score0.40556EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.28 views

K55101404: TMM vulnerability CVE-2019-6590

Security Advisory Description Under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic. CVE-2019-6590 Impact BIG-IP This vulnerability may result as a denial-of-service DOS attack on the affected BIG-IP system when the system consumes...

7.1CVSS6AI score0.01473EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.28 views

K03863974: Apache LDAP vulnerability CVE-2018-1337

Security Advisory Description In Apache LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to...

9.8CVSS9.1AI score0.0531EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:16 p.m.28 views

K10898: DNSSEC BIND vulnerability - CVE-2009-4022

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

2.6CVSS7.4AI score0.07952EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:11 p.m.28 views

K15729: Associative array vulnerability CVE-2014-3631

Security Advisory Description The assocarraygc function in the associative-array implementation in lib/assocarray.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service NULL pointer dereference and system crash or...

7.2CVSS6.6AI score0.00963EPSS
Exploits4
F5 Networks
F5 Networks
added 2023/02/21 6:11 p.m.28 views

K12253: PHP vulnerability CVE-2010-2225

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

7.5CVSS9.8AI score0.05342EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:8 p.m.28 views

K15970: GnuTLS 3.x vulnerability CVE-2014-8564

Security Advisory Description The gnutlseccansix963export function in gnutlsecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service out-of-bounds write via a crafted 1 Elliptic Curve Cryptography ECC certificate or 2...

5CVSS6.5AI score0.03281EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:4 p.m.28 views

K00032124: BIG-IP last hop kernel module vulnerability CVE-2015-5516

Security Advisory Description The BIG-IP last hop kernel module may leak memory when processing User Datagram Protocol UDP traffic. The memory leak may cause denial-of-service DoS conditions for the BIG-IP system. Impact The following configurations may allow a remote attacker to cause a memory...

7.4AI score
Exploits0Affected Software18
F5 Networks
F5 Networks
added 2023/02/16 8:14 p.m.28 views

K000132635: OpenSSL vulnerability CVE-2022-4450

Security Advisory Description The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers...

7.5CVSS7.7AI score0.20444EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/01 1:26 p.m.28 views

K37708118: BIG-IP DNS profile vulnerability CVE-2023-22839

Security Advisory Description When a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests cause the Traffic Management Microkernel TMM to terminate. CVE-2023-22839 Impact Traffic is disrupted while the T...

7.5CVSS7.6AI score0.00626EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
added 2023/02/01 1:5 p.m.28 views

K20717585: BIG-IP APM OAuth vulnerability CVE-2023-22341

Security Advisory Description When the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel TMM to terminate: An OAuth Server that references an OAuth Provider An OAuth profile with the Authorization Endpoint set to '/'...

7.5CVSS7.6AI score0.00626EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/01/26 7:54 p.m.28 views

K000132263: OpenJDK vulnerability CVE-2023-21843

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Sound. Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 a...

3.7CVSS4.8AI score0.01357EPSS
Exploits0
F5 Networks
F5 Networks
added 2016/11/21 12:0 a.m.28 views

SOL15535113 - MySQL vulnerability CVE-2016-5632

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

4.9CVSS2.7AI score0.02471EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2016/11/21 12:0 a.m.28 views

SOL21856463 - MySQL vulnerability CVE-2016-8289

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

4.7CVSS2.7AI score0.00336EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2016/11/21 12:0 a.m.28 views

SOL14342624 - MySQL vulnerability CVE-2016-5633

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

4.9CVSS2.7AI score0.02471EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2016/10/21 12:0 a.m.28 views

SOL09417637 - Samba vulnerability CVE-2015-3223

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

5.3CVSS2.9AI score0.06884EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2015/11/02 12:0 a.m.28 views

SOL17525 - NTP vulnerability CVE-2015-7853

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

9.8CVSS1.9AI score0.11781EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2015/08/26 12:0 a.m.28 views

SOL17170 - Java vulnerability CVE-2015-4736

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

9.3CVSS1.8AI score0.0523EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2015/07/06 12:0 a.m.28 views

SOL16861 - BIG-IQ remote authentication vulnerability CVE-2015-4637

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

4.3CVSS2.6AI score0.01141EPSS
Exploits0References7
F5 Networks
F5 Networks
added 2014/12/23 12:0 a.m.28 views

SOL15933 - NTP vulnerability CVE-2014-9296

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

5CVSS1.2AI score0.16161EPSS
Exploits1References4
F5 Networks
F5 Networks
added 2014/09/04 12:0 a.m.28 views

SOL15548 - Rsync sender.c vulnerability CVE-2007-4091

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

6.8CVSS3.3AI score0.03345EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2014/07/16 12:0 a.m.28 views

SOL15395 - OpenSSL vulnerability CVE-2012-0027

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...

5CVSS3.2AI score0.04992EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2012/11/29 12:0 a.m.28 views

SOL14046 - FirePass input validation vulnerability

Vulnerability Recommended Actions To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. F5 strongly recommends that you install HF-70-7 for FirePass 7.0.0 to address this vulnerability. Acknowledgements F5 wou...

2.3AI score
Exploits0References7Affected Software1
F5 Networks
F5 Networks
added 2026/05/25 1:54 p.m.27 views

K000161415: Craft CMS vulnerability CVE-2025-32432

Security Advisory Description Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is ...

10CVSS7.7AI score0.99803EPSS
Exploits14
F5 Networks
F5 Networks
added 2026/03/30 12:41 a.m.27 views

K000160515: F5 System Scanner

Topic This article explains how to install and run the F5 System Scanner on BIG-IP and standard x8664 Linux systems. The F5 System Scanner supports the following BIG-IP versions hotfixes EHFs: BIG-IP versions released between October 2025 and May 5, 2026 EHFs released between October 2025 and Apr...

5.8AI score
Exploits0
F5 Networks
F5 Networks
added 2025/05/19 2:42 a.m.27 views

K000151397: Apache Tomcat vulnerabilities CVE-2025-31650, CVE-2025-31651

Security Advisory Description CVE-2025-31650 Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger a...

9.8CVSS7.6AI score0.66933EPSS
Exploits6
F5 Networks
F5 Networks
added 2025/05/14 4:19 p.m.27 views

K000151329: MySQL vulnerabilities CVE-2025-30704, CVE-2025-30705, and CVE-2025-30706

Security Advisory Description CVE-2025-30704 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Components Services. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows high privileged attacker wit...

7.5CVSS5.5AI score0.00774EPSS
Exploits0
F5 Networks
F5 Networks
added 2025/02/09 8:8 a.m.27 views

K000149722: Apache MINA vulnerability CVE-2024-52046

Security Advisory Description The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending...

10CVSS7.7AI score0.23932EPSS
Exploits0
F5 Networks
F5 Networks
added 2025/02/05 2:20 p.m.27 views

K000148587: BIG-IP iControl REST and tmsh vulnerability CVE-2025-20029

Security Advisory Description A command injection vulnerability exists in iControl REST and the BIG-IP TMOS Shell tmsh, which may allow an authenticated attacker to execute arbitrary system commands. CVE-2025-20029 Impact An authenticated attacker may exploit this vulnerability by sending a craft...

8.8CVSS6.9AI score0.07844EPSS
Exploits2Affected Software12
F5 Networks
F5 Networks
added 2025/01/28 8:49 a.m.27 views

K000149511: Oracle Java vulnerability CVE-2025-21502

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK:...

4.8CVSS5.3AI score0.00971EPSS
Exploits0
F5 Networks
F5 Networks
added 2024/12/19 11:19 p.m.27 views

K000149073: PostgreSQL vulnerabilities CVE-2021-3393, CVE-2015-5289, and CVE-2017-8806

Security Advisory Description CVE-2021-3393 An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose...

6.4CVSS6.6AI score0.05045EPSS
Exploits2
F5 Networks
F5 Networks
added 2024/12/07 1:52 a.m.27 views

K000148898: PostgreSQL vulnerabilities CVE-2021-23214, CVE-2019-9193, CVE-2019-10210, CVE-2019-10128, and CVE-2019-10127

Security Advisory Description CVE-2021-23214 When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL...

9CVSS7.6AI score0.91877EPSS
Exploits18
F5 Networks
F5 Networks
added 2024/11/26 2:7 a.m.27 views

K000148713: libssh2 vulnerabilities CVE-2019-3858 and CVE-2019-3862

Security Advisory Description CVE-2019-3858 An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

9.1CVSS7.5AI score0.08114EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2024/11/11 2:38 p.m.27 views

K000148485: qt vulnerabilities CVE-2017-10905 and CVE-2014-0190

Security Advisory Description CVE-2017-10905 A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. CVE-2014-0190 The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of...

6.8CVSS5.5AI score0.03957EPSS
Exploits0
F5 Networks
F5 Networks
added 2024/10/29 9:5 p.m.27 views

K000148313: MySQL vulnerabilities CVE-2024-21247, CVE-2024-21209, and CVE-2024-21231

Security Advisory Description CVE-2024-21247 Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker wit...

3.8CVSS4.6AI score0.00879EPSS
Exploits0
F5 Networks
F5 Networks
added 2024/10/21 12:22 a.m.27 views

K000141528: glibc vulnerability CVE-2024-33600

Security Advisory Description nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's nscd cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cach...

5.9CVSS6.7AI score0.01216EPSS
Exploits0
F5 Networks
F5 Networks
added 2024/09/06 8:9 a.m.27 views

K000140978: libarchive vulnerability CVE-2019-11463

Security Advisory Description A memory leak in archivereadformatzipcleanup in archivereadsupportformatzip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVELZMAH typo. NOTE: this only affects users who downloaded the development...

5.5CVSS5.8AI score0.01302EPSS
Exploits1
F5 Networks
F5 Networks
added 2024/09/05 9:33 p.m.27 views

K000140953: libarchive vulnerability CVE-2023-30571

Security Advisory Description Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask call inside archivewritediskposix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask...

5.3CVSS5.2AI score0.00192EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2024/05/16 6:54 a.m.27 views

K000139646: MySQL Server vulnerabilities CVE-2024-21052 and CVE-2024-21053

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQ...

4.9CVSS5.1AI score0.00962EPSS
Exploits0
F5 Networks
F5 Networks
added 2024/05/13 8:3 p.m.27 views

K000139592: libxml2 vulnerability CVE-2023-29469

Security Advisory Description An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs...

6.5CVSS8.1AI score0.01013EPSS
Exploits0Affected Software10
F5 Networks
F5 Networks
added 2023/10/10 9:58 a.m.27 views

K06110200: BIG-IP and BIG-IQ TACACS+ audit log vulnerability CVE-2023-43485

Security Advisory Description When TACACS+ audit forwarding is configured on a BIG-IP or BIG-IQ system, shared secret is logged in plaintext in the audit log. CVE-2023-43485 Impact An authenticated attacker with at least auditor role privileges can view shared secret. There is no data plane...

5.5CVSS5.8AI score0.00171EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
added 2023/05/25 5:21 p.m.27 views

K000134802: Kubernetes vulnerability CVE-2020-10749

Security Advisory Description A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle MitM attacks. A malicious container can exploit this flaw by sending rogue IPv6 router...

6CVSS6.5AI score0.02428EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/05/24 10:48 a.m.27 views

K000134764: Java SE vulnerabilities CVE-2018-2941 and CVE-2018-2973

Security Advisory Description CVE-2018-2941 Vulnerability in the Java SE component of Oracle Java SE subcomponent: JavaFX. Supported versions that are affected are Java SE: 7u181, 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

8.3CVSS7.2AI score0.04676EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/05/22 4:50 p.m.27 views

K000134724: MySQL vulnerability CVE-2023-21935

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromis...

4.9CVSS5AI score0.01388EPSS
Exploits0
Total number of security vulnerabilities5000