Lucene search
K

6413 matches found

F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•64 views

K16162257: Intel BIOS vulnerability CVE-2021-0154

Security Advisory Description Improper input validation in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable an escalation of privilege via local access. CVE-2021-0154 Impact A local attacker logged in as a privileged user can exploit the vulnerability...

7.8CVSS7.6AI score0.00259EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•121 views

K13070025: Intel BIOS vulnerabiilties CVE-2021-0159, CVE-2021-0188, CVE-2021-0189, CVE-2021-33103, and CVE-2021-33122

Security Advisory Description CVE-2021-0159 Improper input validation in the BIOS authenticated code module for some IntelR Processors may allow a privileged user to potentially enable aescalation of privilege via local access. CVE-2021-0188 Return of pointer value outside of expected range in th...

7.8CVSS6.7AI score0.00268EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•29 views

K12403422: BIG-IP ASM vulnerability CVE-2018-5541

Security Advisory Description When the BIG-IP ASM system processes HTTP requests, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. CVE-2018-5541 Impact BIG-IP When this vulnerability is exploited, the BIG-IP ASM system may experience a denial of...

7.8CVSS7.6AI score0.01841EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•35 views

K14693346: TMM vulnerability CVE-2021-22977

Security Advisory Description Cooperation between malicious HTTP client code and a malicious server may cause TMM to restart and generate a core file. CVE-2021-22977 Impact When attackers exploit this vulnerability, the Traffic Management Microkernel TMM restarts, and then the BIG-IP system...

7.5CVSS6.5AI score0.0102EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•36 views

K06747393: TMM vulnerability CVE-2019-6677

Security Advisory Description Under certain conditions, when using custom TCP congestion control settings in a TCP profile, TMM stops processing traffic when processed by an iRule. CVE-2019-6677 Impact The Traffic Management Microkernel TMM may generate a core file and restart, causing a traffic...

7.5CVSS7.5AI score0.01044EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•132 views

K06524534: Linux kernel vulnerability CVE-2021-22555

Security Advisory Description A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/xtables.c. This allows an attacker to gain privileges or cause a DoS via heap memory corruption through user name space CVE-2021-22555 Impact This vulnerability may allow an...

8.3CVSS7.2AI score0.78684EPSS
Exploits21Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•94 views

K04808933: Intel Processors MMIO Stale Data Advisory vulnerabilities CVE-2022-21123, CVE-2022-21125, and CVE-2022-21127

Security Advisory Description CVE-2022-21123 Incomplete cleanup of multi-core shared buffers for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21125 Incomplete cleanup of microarchitectural fill buffers on some Intel...

5.5CVSS5.2AI score0.06451EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•131 views

K00053434: OPENSSL_LH_flush() function vulnerability CVE-2022-1473

Security Advisory Description The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or...

7.5CVSS7AI score0.02386EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•102 views

K88126845: BIG-IP APM web pages may be indexed by search engines

Security Advisory Description This issue occurs when all of the following conditions are met: Users connect to the BIG-IP APM system through the internet. The BIG-IP APM system is reachable by search engines. Impact BIG-IP APM web pages may be enumerated and other data may be disclosed. Symptoms ...

6.6AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•59 views

K95003704: Java SE vulnerability CVE-2018-3183

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Scripting. Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows...

9CVSS7.7AI score0.02815EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•46 views

K88511840: QEMU vulnerability CVE-2015-8345

Security Advisory Description The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service application crash and infinite loop via vectors involving the command block list. CVE-2015-8345 Impact There is no impact; F5 products are not affected by this...

6.5CVSS6.9AI score0.00393EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•34 views

K87141725: BIG-IP APM redirect vulnerability CVE-2017-0302

Security Advisory Description Insufficient boundary checks on the request URL may cause the tmm process to assert when the user is redirected back to the original request URL following successful authentication to the BIG-IP APM system. CVE-2017-0302 Impact An authenticated user with an establish...

5.3CVSS5.4AI score0.0074EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•66 views

K82641075: PHP vulnerability CVE-2018-10545

Security Advisory Description An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpmunix.c makes a PRSETDUMPABLE prctl call, allowing one user in a multiuser...

4.7CVSS6.1AI score0.00831EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•46 views

K74605824: MySQL Server UDF vulnerability CVE-2017-3529

Security Advisory Description Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: UDF. Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to...

5.3CVSS5.4AI score0.02013EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•46 views

K82224417: Linux kernel vulnerability CVE-2017-7308

Security Advisory Description The packetsetring function in net/packet/afpacket.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service overflow or possibly have unspecified other impact via crafted system call...

7.8CVSS6.8AI score0.17827EPSS
Exploits17
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•33 views

K77215791: Linux kernel vulnerability CVE-2017-7277

Security Advisory Description The TCP stack in the Linux kernel through 4.10.6 mishandles the SCMTIMESTAMPINGOPTSTATS feature, which allows local users to obtain sensitive information from the kernels internal socket data structures or cause a denial of service out-of-bounds read via crafted syst...

7.1CVSS6.5AI score0.00391EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•32 views

K77452266: Intel CPU vulnerability CVE-2018-12171

Security Advisory Description Privilege escalation in Intel Baseboard Management Controller BMC firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of service over the network. CVE-2018-12171 Impact There is no impact; F5...

9.8CVSS9.9AI score0.02136EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•30 views

K68292031: Intel CPU vulnerability CVE-2018-3658

Security Advisory Description Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access. CVE-2018-3658 Impact There is no impact; F5 products are...

5.3CVSS5.8AI score0.03303EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•32 views

K60381308: Intel CPU vulnerability CVE-2018-3655

Security Advisory Description A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information v...

7.3CVSS6.6AI score0.00433EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•33 views

K67190282: MySQL X plugin vulnerabilities CVE-2017-3637 and CVE-2017-3646

Security Advisory Description CVE-2017-3637 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: X Plugin. Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols...

5.3CVSS5AI score0.0245EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•29 views

K54380426: Intel CPU vulnerability CVE-2018-3643

Security Advisory Description A vulnerability in Power Management Controller firmware in systems using specific Intel Converged Security and Management Engine CSME before version 12.0.6 or Intel Server Platform Services firmware before version 4.x.04 may allow a privileged user to potentially...

8.2CVSS7.9AI score0.00501EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•39 views

K58502654: Linux kernel vulnerability CVE-2018-20961

Security Advisory Description In the Linux kernel before 4.16.4, a double free vulnerability in the fmidisetalt function of drivers/usb/gadget/function/fmidi.c in the fmidi driver may allow attackers to cause a denial of service or possibly have unspecified other impact. CVE-2018-20961 Impact The...

10CVSS7.5AI score0.06342EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•84 views

K54296221: Apache httpd vulnerability CVE-2018-17199

Security Advisory Description In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

7.5CVSS6.4AI score0.19994EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•38 views

K54358814: Apache mod_remoteip vulnerability CVE-2020-11985

Security Advisory Description IP address spoofing when proxying using modremoteip and modrewrite For configurations using proxying with modremoteip and certain modrewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server...

5.3CVSS6.3AI score0.06808EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•81 views

K43700555: GNU C Library (glibc) vulnerability CVE-2021-33574

Security Advisory Description The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service...

9.8CVSS7.9AI score0.02898EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•35 views

K45444778: Intel SSD vulnerabilities CVE-2018-12166 and CVE-2018-12167

Security Advisory Description CVE-2018-12166 Insufficient write protection in firmware for IntelR OptaneTM SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access. CVE-2018-12167 Firmware update routine in bootloader for IntelR...

4.4CVSS4.4AI score0.00288EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•37 views

K45644893: Martian address filtering vulnerability CVE-2019-6654

Security Advisory Description The BIG-IP system fails to perform martian address filtering as defined in RFC 1812, section 5.3.7 for control plane tasks on the management interface. This may allow attackers on an adjacent system to force the BIG-IP system into processing packets with spoofed sour...

4.3CVSS4.9AI score0.00476EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•26 views

K41192923: Intel CPU vulnerability CVE-2018-3616

Security Advisory Description Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network. CVE-2018-3616 Impact There is no impact; F5 products...

5.9CVSS6.3AI score0.02388EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•38 views

K41036924: Linux kernel vulnerability CVE-2014-7843

Security Advisory Description The clearuser function in arch/arm64/lib/clearuser.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service system crash by reading one byte beyond a /dev/zero page boundary. CVE-2014-7843 Impact There is no impact; F5...

4.9CVSS5.6AI score0.00374EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•63 views

K35655050: NodeJS vulnerability CVE-2016-1669

Security Advisory Description The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service buffer overflow or possib...

9.3CVSS8.2AI score0.04227EPSS
Exploits0Affected Software7
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•44 views

K39041624: NTP vulnerability CVE-2016-9042

Security Advisory Description An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted...

5.9CVSS6.6AI score0.0396EPSS
Exploits2
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•63 views

K35253541: Java vulnerability CVE-2020-14797

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker...

4.3CVSS5.8AI score0.0217EPSS
Exploits0Affected Software15
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•39 views

K34223526: Linux kernel vulnerability CVE-2018-14641

Security Advisory Description A security flaw was found in the ipfragreasm function in net/ipv4/ipfragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ipdofragment. With certain non-default, but non-rare, configuration of a victim host, an...

7.1CVSS6.2AI score0.02861EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•33 views

K31833420: Multiple Oracle Java SE vulnerabilities

Security Advisory Description CVE-2022-21305 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and...

5.3CVSS4.7AI score0.07748EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•29 views

K23432927: The BIG-IP ASM system may redirect a client request to an incorrect URL

Security Advisory Description The BIG-IP ASM system may redirect a client request to an incorrect URL after the client browser passes the client-side integrity defense JavaScript challenge. This issue occurs when all of the following conditions are met: You have enabled the Client Side Integrity...

6.7AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•129 views

K28942395: OpenSSH vulnerability CVE-2018-15473

Security Advisory Description OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c...

5.9CVSS7.4AI score0.98631EPSS
Exploits23
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•40 views

K23134279: Node.js vulnerability CVE-2016-2216

Security Advisory Description The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters...

7.5CVSS8.6AI score0.07013EPSS
Exploits0Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•27 views

K23312037: Intel CPU vulnerability CVE-2018-3679

Security Advisory Description Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges. CVE-2018-3679 Impact There is no impact; F5 products are not affect...

9.6CVSS9.7AI score0.0123EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•49 views

K99254031: NTP vulnerability CVE-2017-6458

Security Advisory Description Multiple buffer overflows in the ctlput functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. CVE-2017-6458 Impact This vulnerability allows remote authenticated users to have an...

8.8CVSS7.8AI score0.06515EPSS
Exploits0Affected Software23
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•61 views

K84933088: Linux kernel vulnerability CVE-2019-19338

Security Advisory Description A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort TAA error occurs. When a guest is running on a host CPU affected by t...

5.5CVSS6.6AI score0.00457EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•58 views

K63597327: Python Flask vulnerability CVE-2018-1000656

Security Advisory Description The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON...

7.5CVSS6.5AI score0.03855EPSS
Exploits1Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•58 views

K55053009: Oracle Java SE JAXP vulnerability CVE-2020-14621

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with...

5.3CVSS5.7AI score0.0435EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•64 views

K55545288: Linux kernel vulnerability CVE-2019-19046

Security Advisory Description DISPUTED A memory leak in the ipmibmcregister function in drivers/char/ipmi/ipmimsghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering idasimpleget failure, aka CID-4aa7afb0ee20. NOTE: third...

6.8CVSS6.6AI score0.02745EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•72 views

K63404203: Oracle Java SE vulnerability CVE-2018-11212

Security Advisory Description An issue was discovered in libjpeg 9a. The allocsarray function in jmemmgr.c allows remote attackers to cause a denial of service divide-by-zero error via a crafted file. CVE-2018-11212 Impact Traffix SDC An attacker can exploit this vulnerability to cause a denial o...

6.5CVSS7.1AI score0.05074EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•52 views

K52325031: Linux kernel vulnerabilities CVE-2019-16231 and CVE-2019-16233

Security Advisory Description CVE-2019-16231 drivers/net/fjes/fjesmain.c in the Linux kernel 5.2.14 does not check the allocworkqueue return value, leading to a NULL pointer dereference. CVE-2019-16233 drivers/scsi/qla2xxx/qlaos.c in the Linux kernel 5.2.14 does not check the allocworkqueue retur...

4.7CVSS6.1AI score0.00422EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•35 views

K48209417: PostgreSQL vulnerabilities CVE-2018-10915 and CVE-2018-10925

Security Advisory Description CVE-2018-10915 A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrust...

8.5CVSS8.1AI score0.05154EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•59 views

K51801290: RSRE Variant 3a vulnerability CVE-2018-3640

Security Advisory Description Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Rea...

5.6CVSS5.7AI score0.07556EPSS
Exploits0Affected Software18
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•27 views

K43220413: CPU vulnerability CVE-2019-11184

Security Advisory Description A race condition in specific microprocessors using Intel R DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access. CVE-2019-11184 Impact There is no impact; F5 products are not affected ...

4.8CVSS6.8AI score0.00753EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•65 views

K43024307: BIG-IP iRules vulnerability CVE-2022-41624

Security Advisory Description When a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. CVE-2022-41624 Impact System performance can degrade until the Traffic Management Microkernel TMM process is either forced to restart or...

7.5CVSS7.5AI score0.00616EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 7:55 p.m.•62 views

K40752270: Linux kernel vulnerability CVE-2019-15917

Security Advisory Description An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hciuartregisterdev fails in hciuartsetproto in drivers/bluetooth/hcildisc.c. CVE-2019-15917 Impact There is no impact; F5 products are not affected by this vulnerability...

7CVSS6.3AI score0.00668EPSS
Exploits0
Total number of security vulnerabilities6413