Lucene search
K

6413 matches found

F5 Networks
F5 Networks
•added 2023/02/21 7:58 p.m.•67 views

K42454663: PHP vulnerability CVE-2015-8874

Security Advisory Description Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.CVE-2015-8874 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status ...

7.5CVSS8.3AI score0.08276EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:58 p.m.•41 views

K44110411: BIG-IP SIP ALG vulnerability CVE-2022-23025

Security Advisory Description When a SIP ALG profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23025 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows an unauthenticated remot...

7.5CVSS7.5AI score0.00904EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:58 p.m.•35 views

K35815741: Intel CSME and TXE vulnerability CVE-2019-0086

Security Advisory Description Insufficient access control vulnerability in Dynamic Application Loader software for IntelR CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and IntelR TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local...

7.8CVSS8AI score0.00358EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:58 p.m.•69 views

K21561554: Linux kernel vulnerability security/apparmor CVE-2019-18814

Security Advisory Description An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aalabelparse fails in aaauditruleinitin security/apparmor/audit.c. CVE-2019-18814 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisor...

9.8CVSS6.3AI score0.02503EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:58 p.m.•23 views

K30105730: Intel SPS vulnerability CVE-2019-0099

Security Advisory Description Insufficient access control vulnerability in subsystem in IntelR SPS before version SPSE305.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVE-2019-0099 Impact Traffix SDC An attacker with physical...

6.8CVSS7.3AI score0.00401EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:58 p.m.•187 views

K25206238: Apache Commons FileUpload vulnerability CVE-2016-1000031

Security Advisory Description Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution CVE-2016-1000031 Impact Remote attackers can run arbitrary code on the vulnerable device. Security Advisory Status F5 Product Development has assigned CPF-24841, CPF-24842, an...

9.8CVSS9.6AI score0.34731EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:58 p.m.•54 views

K17127: PHP vulnerability CVE-2014-9709

Security Advisory Description The GetCode function in gdgifin.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted GIF image that is improperly handled by the...

5CVSS7.6AI score0.15425EPSS
Exploits1Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 7:58 p.m.•26 views

K18252740: libarchive vulnerability CVE-2017-14503

Security Advisory Description libarchive 3.3.2 suffers from an out-of-bounds read within lhareaddatanone in archivereadsupportformatlha.c when extracting a specially crafted lha archive, related to lhacrc16. CVE-2017-14503 Impact There is no impact; F5 products are not affected by this...

6.5CVSS6AI score0.01956EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:58 p.m.•36 views

K18570111: BIG-IP ASM and Advanced WAF WebSocket vulnerability CVE-2021-23010

Security Advisory Description When the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON content profile in the ASM security policy, the BIG-IP ASM bd process may produce a core file. CVE-2021-23010 Impact When this vulnerability is exploited, t...

7.5CVSS7.5AI score0.00961EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:58 p.m.•47 views

K17126: Apache Struts vulnerability CVE-2014-7809

Security Advisory Description Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism. CVE-2014-7809 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...

6.8CVSS7.1AI score0.03486EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•35 views

K17119: MySQL vulnerability CVE-2015-2576

Security Advisory Description Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation. CVE-2015-2576 Impact There is no impact; F5 products are not...

2.1CVSS3.6AI score0.00438EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•54 views

K17125: Multiple Java vulnerabilities

Security Advisory Description CVE-2015-0458 Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2015-0459 Unspecified vulnerability in Oracle Java SE 5.0u8...

10CVSS7AI score0.07224EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•57 views

K17124: Linux kernel vulnerability CVE-2015-1465

Security Advisory Description The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update RCU grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service memory consumption o...

7.8CVSS7.5AI score0.06511EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•36 views

K16708: cURL and libcurl vulnerabilities CVE-2015-3144 and CVE-2015-3145

Security Advisory Description CVE-2015-3144 The fixhostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service out-of-bounds read or write and crash or possibly have other unspecified impact via a...

9CVSS9AI score0.3763EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•43 views

K16729408: D-Bus vulnerability CVE-2020-12049

Security Advisory Description An issue was discovered in dbus = 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system...

5.5CVSS6.7AI score0.00569EPSS
Exploits1Affected Software12
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•54 views

K16707: cURL and libcurl vulnerability CVE-2015-3148

Security Advisory Description cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. CVE-2015-3148 Impact Remote attackers may be able to re-use Negotiate connections as other user...

5CVSS7.8AI score0.17942EPSS
Exploits0Affected Software20
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•46 views

K14631834: NGINX Controller vulnerability CVE-2020-5863

Security Advisory Description In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other...

8.6CVSS8.4AI score0.01122EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•63 views

K14335949: Intel processors vulnerability CVE-2022-24436

Security Advisory Description Observable behavioral in power management throttling for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via network access. CVE-2022-24436 also known as hertzbleed Impact Successful exploitation of this vulnerabili...

6.5CVSS6.8AI score0.12124EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•33 views

K13434228: Apache Struts vulnerability CVE-2012-0392

Security Advisory Description The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...

6.8CVSS9.5AI score0.96787EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•80 views

K10771536: MySQL vulnerabilities CVE-2017-3309, CVE-2017-3453, and CVE-2019-2974

Security Advisory Description CVE-2017-3309 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged...

7.7CVSS6.3AI score0.03726EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•459 views

K11420556: Apache Tomcat vulnerability CVE-2018-8014

Security Advisory Description The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have...

9.8CVSS7.7AI score0.21979EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•262 views

K00322972: Apache Log4j Chainsaw vulnerability CVE-2022-23307

Security Advisory Description CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. CVE-2022-23307 Impact An attacker may be able to use this vulnerability to generat...

9.8CVSS8AI score0.52458EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•32 views

K05052081: NodeJS vulnerability CVE-2015-8854

Security Advisory Description The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service CPU consumption via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service ReDoS." CVE-2015-885...

7.8CVSS6.3AI score0.04334EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•49 views

K05112543: HTTPS monitor vulnerability CVE-2018-5542

Security Advisory Description F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server. CVE-2018-5542 Impact This vulnerability may allow unauthorized disclosure and modification of monitor traffic by an attacker with ...

8.1CVSS7.9AI score0.01236EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•48 views

K00409335: procps-ng vulnerability CVE-2018-1122

Security Advisory Description procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the configfil...

7.3CVSS7.6AI score0.013EPSS
Exploits5Affected Software16
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•63 views

K98221124: Multiple dnsmasq vulnerabilities CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686

Security Advisory Description CVE-2020-25684 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the...

4.3CVSS6.7AI score0.04873EPSS
Exploits2Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•81 views

K93144355: Vim/Neovim vulnerability CVE-2019-12735

Security Advisory Description getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assertfails or nviminput in Neovim. CVE-2019-12735 Impact This vulnerabili...

9.3CVSS8.9AI score0.19111EPSS
Exploits5Affected Software17
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•29 views

K91610944: Intel Ethernet controller vulnerabilities CVE-2020-24492, CVE-2020-24493, CVE-2020-24494, CVE-2020-24495, CVE-2020-24496

Security Advisory Description CVE-2020-24492 Insufficient access control in the firmware for the IntelR 722 Ethernet Controllers before version 1.5 may allow a privileged user to potentially enable a denial of service via local access. CVE-2020-24493 Insufficient access control in the firmware fo...

4.4CVSS4.4AI score0.003EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•91 views

K92153852: Apache httpd vulnerability CVE-2022-30522

Security Advisory Description If Apache HTTP Server 2.4.53 is configured to do transformations with modsed in contexts where the input to modsed may be very large, modsed may make excessively large memory allocations and trigger an abort. CVE-2022-30522 Impact There is no impact; F5 products are...

7.5CVSS8.1AI score0.90407EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•140 views

K68713584: bzip2 vulnerability CVE-2019-12900

Security Advisory Description BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CVE-2019-12900 Impact BIG-IP AAM If an iSession tunnel is configured with an iSession profile that has bzip2 compression enabled, an attacker using speciall...

9.8CVSS7.6AI score0.0812EPSS
Exploits0Affected Software16
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•56 views

K58928452: Kernel vulnerability CVE-2017-1000410

Security Advisory Description The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker i...

7.5CVSS7.2AI score0.04252EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•31 views

K58581302: Archive_Tar vulnerabilities CVE-2020-28948 and CVE-2020-28949

Security Advisory Description CVE-2020-28948 ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. CVE-2020-28949 ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack...

7.8CVSS7.6AI score0.84554EPSS
Exploits5
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•51 views

K55237223: BIG-IP Advanced WAF and ASM XSS vulnerability CVE-2021-22993

Security Advisory Description DOM-based XSS on DoS Profile properties page. CVE-2021-22993 Impact An attacker can inject a malicious script into the BIG-IP Advanced WAF and ASM Configuration utility and trick users into executing malicious code. Security Advisory Status F5 Product Development has...

8.8CVSS6.3AI score0.00921EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•30 views

K57492753: MySQL Optimizer vulnerability CVE-2016-0651

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.CVE-2016-0651 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

5.5CVSS6.5AI score0.01226EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•30 views

K51543541: QEMU vulnerability CVE-2018-7858

Security Advisory Description Quick Emulator aka QEMU, when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service out-of-bounds access and QEMU process crash by leveraging incorrect region calculation when updating VGA display...

5.5CVSS6.2AI score0.00637EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•20 views

K43450419: TMM vulnerability CVE-2020-5871

Security Advisory Description Undisclosed requests can lead to a denial of service DoS when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is no control-plane...

7.5CVSS7.4AI score0.01044EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•152 views

K38108582: Apache Tomcat vulnerability CVE-2018-11759

Security Advisory Description The Apache Web Server httpd specific code that normalized the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were...

7.6AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•43 views

K35104614: Java SE vulnerability CVE-2017-10116

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows...

8.3CVSS8.3AI score0.03524EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•56 views

K32412503: Trusted Platform Module vulnerabilities CVE-2019-11090 and CVE-2019-16863

Security Advisory Description CVE-2019-11090 Cryptographic timing conditions in the subsystem for IntelR PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; IntelR TXE 3.1.70 and 4.0.20; IntelR SPS before versions SPSE504.01.04.305.0, SPSSoC-X04.00.04.108.0,...

5.9CVSS5.7AI score0.03279EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•20 views

K24401914: DNS vulnerability CVE-2019-6612

Security Advisory Description On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, DNS query TCP connections that are aborted before receiving a response from a DNS cache may cause TMM to restart. CVE-2019-6612 Impact A BIG-IP virtual server associated wi...

7.5CVSS7.4AI score0.01766EPSS
Exploits0Affected Software9
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•316 views

K23173103: log4j vulnerability CVE-2017-5645

Security Advisory Description In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. CVE-2017-5645 Impact...

9.8CVSS8.3AI score0.8904EPSS
Exploits2
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•72 views

K22141757: Artifex Ghostscript vulnerabilities CVE-2018-18284, CVE-2018-15910, CVE-2018-15911, and CVE-2018-16513

Security Advisory Description CVE-2018-18284 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. CVE-2018-15910 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a...

8.6CVSS7AI score0.16288EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•81 views

K21665601: OpenSSL vulnerability CVE-2018-0732

Security Advisory Description During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until...

7.5CVSS6.7AI score0.49268EPSS
Exploits0Affected Software19
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•53 views

K56851402: Linux kernel vulnerability CVE-2019-17666

Security Advisory Description rtlp2pnoaie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. CVE-2019-17666 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...

8.8CVSS6.8AI score0.03017EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•61 views

K54811521: Linux kernel vulnerabilities CVE-2019-14815, CVE-2019-14895, CVE-2019-14901, CVE-2019-19055

Security Advisory Description CVE-2019-14815 A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiexsetwmmparams function of Marvell Wifi Driver. CVE-2019-14895 A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18....

10CVSS7.7AI score0.16908EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•38 views

K55655944: BIG-IP Engineering Hotfix authentication bypass vulnerability CVE-2019-6675

Security Advisory Description BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass. This can result in a complete compromise of the system. This issue...

9.8CVSS9.3AI score0.00895EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•53 views

K21121402: PHP vulnerability CVE-2020-7062

Security Advisory Description In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.uploadprogress.cleanup is set to 0 disabled, and the file upload fails, the upload procedure would...

7.5CVSS7.4AI score0.03598EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•119 views

K50133242: Apache Solr vulnerability CVE-2019-17558

Security Advisory Description Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could...

7.5CVSS8.5AI score0.98567EPSS
Exploits12
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•37 views

K47234311: Intel SPS vulnerability CVE-2019-0089

Security Advisory Description Improper data sanitization vulnerability in subsystem in IntelR SPS before versions SPSE504.00.04.381.0, SPSE304.01.04.054.0, SPSSoC-A04.00.04.181.0, and SPSSoC-X04.00.04.086.0 may allow a privileged user to potentially enable escalation of privilege via local access...

6.7CVSS7AI score0.00382EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:57 p.m.•38 views

K20038622: Multiple Apache Tomcat vulnerabilities

Security Advisory Description CVE-2013-1976 The 1 tomcat5, 2 tomcat6, and 3 tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a...

6.9CVSS8.1AI score0.11975EPSS
Exploits7
Total number of security vulnerabilities6413