Lucene search
K

6390 matches found

f5
f5
•added 2023/02/01 1:20 p.m.•26 views

K24572686: BIG-IP Virtual Edition vulnerability CVE-2023-23555

Security Advisory Description When FastL4 profile is configured on a virtual server in BIG-IP Virtual Edition, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2023-23555 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a...

7.5CVSS7.7AI score0.00626EPSS
Exploits0Affected Software13
f5
f5
•added 2023/02/01 1:20 p.m.•24 views

K34525368: BIG-IP SIP profile vulnerability CVE-2023-22340

Security Advisory Description When a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. CVE-2023-22340 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote unauthenticated attacker to cause ...

7.5CVSS7.6AI score0.00626EPSS
Exploits0Affected Software13
f5
f5
•added 2023/02/01 1:14 p.m.•25 views

K000130415: iControl SOAP vulnerability CVE-2023-22374

Security Advisory Description A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to...

8.5CVSS9.2AI score0.72646EPSS
Exploits0Affected Software13
f5
f5
•added 2023/02/01 1:12 p.m.•18 views

K83284425: iControl REST and tmsh vulnerability CVE-2023-22326

Security Advisory Description Incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell tmsh dig command which may allow an authenticated attacker with resource administrator role privilege to view sensitive information. CVE-2023-22326 Impact An authenticated...

4.9CVSS5.2AI score0.00521EPSS
Exploits0Affected Software13
f5
f5
•added 2023/02/01 1:10 p.m.•24 views

K17542533: BIG-IP Advanced WAF and ASM vulnerability CVE-2023-23552

Security Advisory Description When a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2023-23552 Impact System performance can degrade until the Traffic Management Microkernel TMM...

7.5CVSS7.5AI score0.01545EPSS
Exploits0Affected Software1
f5
f5
•added 2023/02/01 1:6 p.m.•24 views

K07143733: BIG-IP Edge Client for Windows vulnerability CVE-2023-22283

Security Advisory Description A DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires...

6.5CVSS6.9AI score0.00197EPSS
Exploits0Affected Software2
f5
f5
•added 2023/02/01 1:5 p.m.•28 views

K20717585: BIG-IP APM OAuth vulnerability CVE-2023-22341

Security Advisory Description When the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel TMM to terminate: An OAuth Server that references an OAuth Provider An OAuth profile with the Authorization Endpoint set to '/'...

7.5CVSS7.6AI score0.00626EPSS
Exploits0Affected Software1
f5
f5
•added 2023/02/01 1:4 p.m.•17 views

K46048342: BIG-IP AFM vulnerability CVE-2023-22281

Security Advisory Description When a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2023-22281 Impact Traffic is disrupted while the TMM process restarts. This...

7.5CVSS7.6AI score0.00626EPSS
Exploits0Affected Software1
f5
f5
•added 2023/02/01 1:2 p.m.•36 views

K76964818: BIG-IP Edge Client for Windows vulnerability CVE-2023-22358

Security Advisory Description A DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. CVE-2023-22358 Impact An attacker may exploit this vulnerability to use malicious Dynamic Link Libraries DLL to gain privilege escalation on the client Windows system. The installer loa...

7.8CVSS7.9AI score0.00217EPSS
Exploits0Affected Software2
f5
f5
•added 2023/02/01 12:59 p.m.•19 views

K08182564: BIG-IP SIP profile vulnerability CVE-2023-22842

Security Advisory Description When a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2023-22842 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote...

7.5CVSS7.6AI score0.00626EPSS
Exploits0Affected Software13
f5
f5
•added 2023/02/01 2:27 a.m.•25 views

K000132352: OpenAM Vulnerability CVE-2023-22320

Security Advisory Description OpenAM Web Policy Agent OpenAM Consortium Edition provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerabilityCWE-22. Furthermore, a crafted URL may be evaluated incorrectly. CVE-2023-22320 Impact There is no impact; F5 products are...

7.5CVSS7.3AI score0.00722EPSS
Exploits0
f5
f5
•added 2023/01/31 6:56 p.m.•110 views

K86488846: Sudo vulnerability CVE-2021-3156

Security Advisory Description Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. CVE-2021-3156 Impact A local attacker can exploit the vulnerability to escalate thei...

7.8CVSS7.9AI score0.99295EPSS
Exploits81Affected Software1
f5
f5
•added 2023/01/30 6:44 a.m.•28 views

K000132333: Python vulnerability CVE-2019-9674

Security Advisory Description Lib/zipfile. py in Python through 3.7.2 allows remote attackers to cause a denial of service resource consumption via a ZIP bomb. CVE-2019-9674 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

7.5CVSS7.1AI score0.05535EPSS
Exploits0
f5
f5
•added 2023/01/27 1:26 a.m.•48 views

K000132268: BIND vulnerability CVE-2022-3924

Security Advisory Description This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option stale-answer-client-timeout, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding...

7.5CVSS7.5AI score0.15989EPSS
Exploits0
f5
f5
•added 2023/01/26 9:45 p.m.•42 views

K000132267: BIND vulnerability CVE-2022-3736

Security Advisory Description BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10,...

7.5CVSS7.6AI score0.5017EPSS
Exploits0
f5
f5
•added 2023/01/26 9:2 p.m.•48 views

K000132266: BIND vulnerability CVE-2022-3094

Security Advisory Description Sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This, in turn, may cause named to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of...

7.5CVSS7.2AI score0.13108EPSS
Exploits0
f5
f5
•added 2023/01/26 7:54 p.m.•28 views

K000132263: OpenJDK vulnerability CVE-2023-21843

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Sound. Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 a...

3.7CVSS4.8AI score0.01357EPSS
Exploits0
f5
f5
•added 2023/01/25 10:11 p.m.•32 views

K000132245: libpng vulnerability CVE-2019-7317

Security Advisory Description pngimagefree in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because pngimagefreefunction is called under pngsafeexecute. CVE-2019-7317 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

5.3CVSS7.7AI score0.09393EPSS
Exploits3
f5
f5
•added 2023/01/25 6:15 p.m.•34 views

K000130546: Gzip vulnerability CVE-2022-1271

Security Advisory Description An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs d...

8.8CVSS7.5AI score0.04271EPSS
Exploits0Affected Software1
f5
f5
•added 2023/01/25 4:16 a.m.•73 views

K000132230: Java SE vulnerability CVE-2023-21835

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily...

5.3CVSS5.3AI score0.01836EPSS
Exploits0
f5
f5
•added 2023/01/24 11:55 p.m.•432 views

K04305530: SCP vulnerability CVE-2020-15778

Security Advisory Description scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers"...

7.8CVSS7.5AI score0.12996EPSS
Exploits6Affected Software17
f5
f5
•added 2023/01/24 11:29 p.m.•415 views

K21192332: Apache HTTP Server vulnerability CVE-2022-31813

Security Advisory Description Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. CVE-2022-31813 Impact An...

9.8CVSS9.1AI score0.0314EPSS
Exploits1Affected Software1
f5
f5
•added 2023/01/24 10:1 p.m.•103 views

K52341555: Samba vulnerability CVE-2022-3592

Security Advisory Description A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix...

6.5CVSS5.8AI score0.02431EPSS
Exploits0
f5
f5
•added 2023/01/24 5:16 p.m.•170 views

K83120834: Diffie-Hellman key agreement protocol weaknesses CVE-2002-20001 & CVE-2022-40735

Security Advisory Description The Diffie-Hellman Key Agreement Protocol allows remote attackers from the client side to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a DHEater attack. The client needs very...

7.5CVSS7.2AI score0.23061EPSS
Exploits1Affected Software18
f5
f5
•added 2023/01/24 2:31 a.m.•6 views

K000132202: PyJWT vulnerability CVE-2017-11424

Security Advisory Description In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is...

7.5CVSS6.9AI score0.01804EPSS
Exploits0
f5
f5
•added 2023/01/21 3:59 a.m.•9 views

K000132174: Python Mailcap vulnerability CVE-2015-20107

Security Advisory Description In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lac...

8CVSS7.1AI score0.07269EPSS
Exploits1
f5
f5
•added 2023/01/20 7:8 p.m.•337 views

K44030142: OpenSSL vulnerabilities CVE-2022-3786 and CVE-2022-3602

Security Advisory Description CVE-2022-3786 A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an...

7.5CVSS8.5AI score0.92488EPSS
Exploits6
f5
f5
•added 2023/01/20 6:36 p.m.•41 views

K61903372: OpenSSL vulnerability CVE-2021-23839

Security Advisory Description OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support...

4.3CVSS6.2AI score0.02961EPSS
Exploits0Affected Software3
f5
f5
•added 2023/01/13 5:28 p.m.•164 views

K14052032: OpenSSH vulnerability CVE-2018-15919

Security Advisory Description Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such...

5.3CVSS6.7AI score0.03557EPSS
Exploits1
f5
f5
•added 2023/01/12 5:18 a.m.•425 views

K55879220: Overview of F5 vulnerabilities (May 2022)

Security Advisory Description On May 4, 2022, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...

9.8CVSS6.9AI score0.99956EPSS
Exploits63
f5
f5
•added 2023/01/12 4:58 a.m.•73 views

K52322100: Authenticated F5 BIG-IP Guided Configuration integrity check in Appliance mode vulnerability CVE-2022-25946

Security Advisory Description When running in Appliance mode, an authenticated attacker with Administrator role privileges may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. CVE-2022-25946 Impact In Appliance mode, an authenticate...

8.7CVSS6.4AI score0.00382EPSS
Exploits0Affected Software3
f5
f5
•added 2023/01/10 9:51 p.m.•38 views

K000130541: Grub2 vulnerability CVE-2022-28734

Security Advisory Description Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte...

8.1CVSS7.7AI score0.01131EPSS
Exploits0
f5
f5
•added 2023/01/10 6:53 p.m.•7 views

K69940053: BIG-IP iRules vulnerability CVE-2022-41833

Security Advisory Description When an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel TMM to terminate. CVE-2022-41833 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows ...

7.5CVSS7AI score0.00616EPSS
Exploits0Affected Software13
f5
f5
•added 2023/01/10 8:25 a.m.•6 views

K000130545: Python-pip vulnerability CVE-2018-20225

Security Advisory Description DISPUTED An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitati...

7.8CVSS6.9AI score0.01736EPSS
Exploits0
f5
f5
•added 2023/01/09 5:55 p.m.•4 views

K000130533: libpng vulnerability CVE-2019-6129

Security Advisory Description DISPUTED pngcreateinfostruct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer." CVE-2019-6129 Impact There is no impact; F5 products are not affected by this...

6.5CVSS6.9AI score0.01387EPSS
Exploits1
f5
f5
•added 2023/01/09 9:47 a.m.•27 views

K56412001: BIG-IP SSL OCSP Authentication profile vulnerability CVE-2023-22323

Security Advisory Description When OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. CVE-2023-22323 Impact System performance can degrade until the Traffic Management Microkernel TMM process is either forced to...

7.5CVSS7.7AI score0.00663EPSS
Exploits0Affected Software13
f5
f5
•added 2023/01/09 8:25 a.m.•24 views

K58550078: BIG-IP HTTP profile vulnerability CVE-2023-22302

Security Advisory Description When an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic Management Microkernel TMM to terminate. CVE-2023-22302 Impact...

5.9CVSS6AI score0.0053EPSS
Exploits0Affected Software13
f5
f5
•added 2023/01/06 5:27 p.m.•63 views

K13518: Multiple PHP vulnerabilities

Security Advisory Description The following PHP vulnerabilities require malicious user input in order to be exploited. For each item in the list, the affected command or component is not used by any F5 product, or its inputs are sanitized to prevent exploitation: CVE-2012-2376 CVE-2012-2311...

10CVSS8.3AI score0.99998EPSS
Exploits77
f5
f5
•added 2023/01/06 9:11 a.m.•54 views

K13325942: Appliance mode iControl REST vulnerability CVE-2022-41800

Security Advisory Description When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary...

8.7CVSS8.5AI score0.62406EPSS
Exploits8Affected Software13
f5
f5
•added 2023/01/06 8:58 a.m.•35 views

K000130512: SQLite vulnerability CVE-2022-35737

Security Advisory Description SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. CVE-2022-35737 Impact An authenticated remote attacker can exploit this vulnerability by sending a specially crafted...

7.5CVSS7.7AI score0.17981EPSS
Exploits2Affected Software3
f5
f5
•added 2023/01/06 3:40 a.m.•57 views

K000130509: Thunderbird vulnerability CVE-2021-43529

Security Advisory Description Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates wit...

9.8CVSS7.7AI score0.00469EPSS
Exploits0
f5
f5
•added 2023/01/06 3:2 a.m.•154 views

K97843387: Overview of F5 vulnerabilities (November 2022)

Security Advisory Description On November 16, 2022, F5 announced the following issues. This document is intended to serve as an overview of these issues to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. Distributed Cloud and Manage...

9AI score
Exploits0
f5
f5
•added 2023/01/06 2:40 a.m.•76 views

K94221585: iControl SOAP vulnerability CVE-2022-41622

Security Advisory Description BIG-IP and BIG-IQ are vulnerable to cross-site request forgery CSRF attacks through iControl SOAP. CVE-2022-41622 Impact An attacker may trick users who have at least resource administrator role privilege and are authenticated through basic authentication in iControl...

8.8CVSS9.3AI score0.87987EPSS
Exploits7Affected Software14
f5
f5
•added 2023/01/05 6:33 p.m.•6 views

K000130500: AMD processors vulnerability CVE-2022-23825

Security Advisory Description Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. CVE-2022-23825 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...

6.5CVSS8.6AI score0.00785EPSS
Exploits0
f5
f5
•added 2023/01/05 1:24 a.m.•47 views

K85054496: BIG-IP DNS resolver vulnerability CVE-2022-28708

Security Advisory Description When a BIG-IP DNS resolver-enabled, HTTP-Explicit or SOCKS profile is configured on a virtual server, an undisclosed DNS response can cause the Traffic Management Microkernel TMM process to terminate. CVE-2022-28708 Impact Traffic is disrupted while the TMM process...

5.9CVSS5.9AI score0.00762EPSS
Exploits0Affected Software15
f5
f5
•added 2023/01/04 11:17 p.m.•55 views

K17115: Multiple MySQL vulnerabilities

Security Advisory Description CVE-2015-0405 Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA. CVE-2015-0423 Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remo...

5.7CVSS6AI score0.09984EPSS
Exploits0Affected Software10
f5
f5
•added 2023/01/04 11:2 p.m.•64 views

K95313044: Multiple Java vulnerabilities

Security Advisory Description CVE-2013-3829 Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentialit...

10CVSS7.3AI score0.17606EPSS
Exploits0Affected Software1
f5
f5
•added 2023/01/04 10:50 p.m.•17 views

K8863: Cross-Site Scripting (XSS) vulnerabilities in the FirePass Administrative Console

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

6.5AI score
Exploits0
f5
f5
•added 2023/01/04 9:7 p.m.•9 views

K000130469: node.js systeminformation vulnerability CVE-2021-21315

Security Advisory Description The System Information Library for Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Proble...

7.8CVSS7.5AI score0.9024EPSS
Exploits4
f5
f5
•added 2023/01/04 7:47 p.m.•41 views

K55347921: Linux kernel vulnerability CVE-2017-7477

Security Advisory Description Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAXSKBFRAGS+1 size in conjunction with the...

7CVSS7AI score0.00387EPSS
Exploits0
Total number of security vulnerabilities6390