Lucene search
+L

6421 matches found

f5
f5
•added 2023/02/21 7:46 p.m.•175 views

K23421535: Expat vulnerabilities CVE-2022-22822, CVE-2022-22823, and CVE-2022-22824

Security Advisory Description CVE-2022-22822 addBinding in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. CVE-2022-22823 buildmodel in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. CVE-2022-22824 defineAttribute in xmlparse.c in Expat aka libexpat...

9.8CVSS8.2AI score0.04829EPSS
Exploits0Affected Software16
f5
f5
•added 2023/02/21 7:46 p.m.•65 views

K14228: OpenSSH vulnerability CVE-2007-2243

Security Advisory Description OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to...

5CVSS8AI score0.02472EPSS
Exploits1
f5
f5
•added 2023/02/21 7:46 p.m.•53 views

K14236: OpenSSL vulnerability CVE-2012-2686

Security Advisory Description A flaw in the OpenSSL handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a denial-of-service DoS attack. Anyone using an AES-NI platform for TLS 1.2 or TLS 1.1 on OpenSSL 1.0.1 before 1.0.1d is affected. Platforms...

9AI score
Exploits0
f5
f5
•added 2023/02/21 7:45 p.m.•41 views

K84583382: VMware Tools vulnerability CVE-2015-5191

Security Advisory Description VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVE-2015-5191 Impact This vulnerability may allow a...

6.7CVSS7AI score0.00331EPSS
Exploits0Affected Software14
f5
f5
•added 2023/02/21 7:45 p.m.•57 views

K71436934: Apache httpd vulnerability CVE-2016-4979

Security Advisory Description The Apache HTTP Server 2.4.18 through 2.4.20, when modhttp2 and modssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveragin...

7.5CVSS7.7AI score0.18802EPSS
Exploits0
f5
f5
•added 2023/02/21 7:45 p.m.•31 views

K56237129: Linux kernel vulnerability in non-GENERIC_TIME systems CVE-2010-2243

Security Advisory Description A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERICTIME systems GENERICTIME=n, accessing /sys/devices/system/clocksource/clocksource0/currentclocksource results in an OOPS. CVE-2010-2243 Impact There is no impact...

7.8CVSS7.1AI score0.02505EPSS
Exploits0
f5
f5
•added 2023/02/21 7:45 p.m.•34 views

K15299: Linux kernel vulnerability CVE-2013-2888

Security Advisory Description Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device HID subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service heap memory corruption via a crafted device...

6.2CVSS7.2AI score0.00477EPSS
Exploits0Affected Software18
f5
f5
•added 2023/02/21 7:45 p.m.•65 views

K15272: PHP Vulnerability CVE-2013-4636

Security Advisory Description The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service invalid pointer dereference and application crash via an MP3 file that triggers incorrect MIME type detection during...

4.3CVSS6.6AI score0.01975EPSS
Exploits0
f5
f5
•added 2023/02/21 7:45 p.m.•48 views

K15260: Apache Struts vulnerability CVE-2014-0094

Security Advisory Description The ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method. CVE-2014-0094 Impact None. F5 products do not use the affected Apache Struts version...

5CVSS9.3AI score0.99614EPSS
Exploits7
f5
f5
•added 2023/02/21 7:45 p.m.•106 views

K15273: Apache vulnerability CVE-2012-0053

Security Advisory Description protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long o...

4.3CVSS6.8AI score0.82756EPSS
Exploits4Affected Software13
f5
f5
•added 2023/02/21 7:45 p.m.•28 views

K15229: BIG-IQ / BIG-IP privilege escalation vulnerability CVE-2014-3220

Security Advisory Description F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/. CVE-2014-3220 Impact An authenticated user with limited...

9CVSS6.8AI score0.11003EPSS
Exploits1Affected Software15
f5
f5
•added 2023/02/21 7:45 p.m.•35 views

K15013: OpenSSH vulnerability CVE-2011-0539

Security Advisory Description The keycertify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents ...

7.5CVSS7.9AI score0.01797EPSS
Exploits0
f5
f5
•added 2023/02/21 7:45 p.m.•55 views

K56480726: Linux kernel vulnerability CVE-2019-8980

Security Advisory Description A memory leak in the kernelreadfile function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service memory consumption by triggering vfsread failures. CVE-2019-8980 Impact There is no impact; F5 products are not affected by thi...

7.8CVSS5.7AI score0.05845EPSS
Exploits0
f5
f5
•added 2023/02/21 7:45 p.m.•33 views

K3015: FIPS hardware vulnerability - nCipher Advisory #9 - CAN-2004-0320

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

2.1CVSS6.3AI score0.00336EPSS
Exploits0
f5
f5
•added 2023/02/21 7:45 p.m.•37 views

K74571223: Apache Struts vulnerability CVE-2016-8738

Security Advisory Description In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. CVE-2016-87...

5.9CVSS5.7AI score0.03347EPSS
Exploits0
f5
f5
•added 2023/02/21 7:45 p.m.•25 views

K6795: ClamAV CHM Chunk Name Length DoS Vulnerability - CVE-2006-5295

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

5CVSS6.3AI score0.10739EPSS
Exploits0
f5
f5
•added 2023/02/21 7:45 p.m.•85 views

K46057232: Swift Mailer vulnerability CVE-2016-10074

Security Advisory Description The mail transport aka SwiftTransportMailTransport in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted e-mail address in the 1 From,...

9.8CVSS9.6AI score0.41827EPSS
Exploits18
f5
f5
•added 2023/02/21 7:45 p.m.•13 views

K1933: Multiple Vulnerabilities in OpenSSL - CAN-2002-23

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.7AI score
Exploits0
f5
f5
•added 2023/02/21 7:45 p.m.•18 views

K1952: Trojan Horse OpenSSH Distribution - CA-2002-24

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.7AI score
Exploits0
f5
f5
•added 2023/02/21 7:45 p.m.•40 views

K30409575: ISC DHCP vulnerability CVE-2016-2774

Security Advisory Description ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service INSIST assertion failure or request-processing outage by establishing many sessions...

7.1CVSS6.7AI score0.73622EPSS
Exploits0Affected Software6
f5
f5
•added 2023/02/21 7:45 p.m.•49 views

K15313: Java SE vulnerabilities CVE-2014-0456, CVE-2014-0457, and CVE-2014-2421

Security Advisory Description CVE-2014-0456 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2014-0457 Unspecified vulnerability in...

10CVSS7.3AI score0.07279EPSS
Exploits0
f5
f5
•added 2023/02/21 7:45 p.m.•36 views

K15322: PHP vulnerability CVE-2014-0185

Security Advisory Description sapi/fpm/fpm/fpmunix.c in the FastCGI Process Manager FPM in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client. CVE-2014-0185 Impact None. No F5 products are...

7.2CVSS8.5AI score0.00505EPSS
Exploits1
f5
f5
•added 2023/02/21 7:45 p.m.•46 views

K13463: FirePass SQL injection vulnerability CVE-2012-1777

Security Advisory Description F5 has identified a possible SQL injection vulnerability for FirePass. FirePass may not perform adequate user input validation of particular fields. CVE-2012-1777 Impact An unauthenticated attacker may be able to exploit the vulnerability via SQL injection. Security...

7.5CVSS7.7AI score0.02327EPSS
Exploits2Affected Software1
f5
f5
•added 2023/02/21 7:44 p.m.•26 views

K6924: Insertion of special characters in URL path circumvents Accessibility Scope and Access Control Lists

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.6AI score
Exploits0
f5
f5
•added 2023/02/21 7:44 p.m.•13 views

K6920: Cross-site scripting vulnerabilities

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.5AI score
Exploits0
f5
f5
•added 2023/02/21 7:44 p.m.•19 views

K6922: Decimal-encoded IP address circumvents Accessibility Scope

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

6.5AI score
Exploits0
f5
f5
•added 2023/02/21 7:44 p.m.•16 views

K6923: LDAP and RADIUS authentication failures can reveal a valid FirePass username

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

6.6AI score
Exploits0
f5
f5
•added 2023/02/21 7:42 p.m.•752 views

K31333705: BIG-IP APM portal access may potentially leak host name information for back-end servers

Security Advisory Description This issue occurs when all of the following conditions are met: You configure the BIG-IP APM system to provide portal access to back-end resources. Users accessing portal access resources receive redirect responses from the BIG-IP APM system due to DNS resolution...

6.4AI score
Exploits0
f5
f5
•added 2023/02/21 7:42 p.m.•37 views

K3082: Multiple vulnerabilities in OpenSSL - CAN-2004-0081, CAN-2004-0079, CAN-2004-0112

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

9.2AI score
Exploits0
f5
f5
•added 2023/02/21 7:42 p.m.•36 views

K2593: Buffer overflow in zlib - CAN-2003-0107

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.4AI score
Exploits0
f5
f5
•added 2023/02/21 7:42 p.m.•34 views

K2591: Linux kernel vulnerabilities CAN-2003-0244 and CAN-2003-0246

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.3AI score
Exploits0
f5
f5
•added 2023/02/21 7:42 p.m.•61 views

K21125762: The BIG-IP CFE logs sensitive Azure storage account credentials

Security Advisory Description The BIG-IP Cloud Failover Extension CFE logs sensitive Azure storage account credentials in /var/log/restnoded/restnoded.log. This issue occurs when all of the following conditions are met: You configure the CFE to provide failover functionality for your BIG-IP syste...

6.9AI score
Exploits0
f5
f5
•added 2023/02/21 7:42 p.m.•57 views

K15404: OpenSSL vulnerability CVE-2009-3245

Security Advisory Description OpenSSL before 0.9.8m does not check for a NULL return value from bnwexpand function calls in 1 crypto/bn/bndiv.c, 2 crypto/bn/bngf2m.c, 3 crypto/ec/ec2smpl.c, and 4 engines/eubsec.c, which has unspecified impact and context-dependent attack vectors. CVE-2009-3245...

10CVSS7.1AI score0.06732EPSS
Exploits1Affected Software10
f5
f5
•added 2023/02/21 7:42 p.m.•17 views

K14901: SASL vulnerability CVE-2013-4122

Security Advisory Description Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service thread crash and consumption via 1 an...

4.3CVSS6.7AI score0.03589EPSS
Exploits2Affected Software1
f5
f5
•added 2023/02/21 7:42 p.m.•53 views

K14909: OpenSSL vulnerability CVE-2013-4248

Security Advisory Description The opensslx509parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle...

4.3CVSS7.5AI score0.03588EPSS
Exploits0
f5
f5
•added 2023/02/21 7:42 p.m.•85 views

K14907: MySQL Server vulnerability CVE-2012-3163

Security Advisory Description Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. CVE-2012-31...

9CVSS5.5AI score0.05096EPSS
Exploits0Affected Software13
f5
f5
•added 2023/02/21 7:42 p.m.•51 views

K96639388: Overview of F5 vulnerabilities (April 2021)

Security Advisory Description On April 28th, 2021, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. The details of each issue can be found in the associate...

9.8CVSS7.4AI score0.01343EPSS
Exploits0
f5
f5
•added 2023/02/21 7:42 p.m.•36 views

K41556648: CPU vulnerability CVE-2019-0184

Security Advisory Description Insufficient access control in protected memory subsystem for IntelR TXT for 6th, 7th, 8th and 9th Generation IntelR CoreTM Processor Families; IntelR XeonR Processor E3-1500 v5 and v6 Families; IntelR XeonR E-2100 and E-2200 Processor Families with IntelR Processor...

5.5CVSS5.8AI score0.00346EPSS
Exploits0
f5
f5
•added 2023/02/21 7:42 p.m.•43 views

K93048305: Linux kernel vulnerability CVE-2021-20268

Security Advisory Description An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls devmapinitmap or sockmapalloc. This flaw allows a local user to crash the system or possibly escalate their privilege...

7.8CVSS6.5AI score0.00321EPSS
Exploits0
f5
f5
•added 2023/02/21 7:42 p.m.•31 views

K59957337: ASM Cloud Security Services authentication vulnerability CVE-2019-6687

Security Advisory Description The BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints. CVE-2019-6687 Impact This vulnerability may allow man-in-the-middle attackers to intercept traffic...

7.4CVSS7.4AI score0.00483EPSS
Exploits0Affected Software1
f5
f5
•added 2023/02/21 7:42 p.m.•244 views

K15629: Multiple GNU Bash vulnerabilities

Security Advisory Description CVE-2014-6271 GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand...

10CVSS9.5AI score0.99999EPSS
Exploits159Affected Software19
f5
f5
•added 2023/02/21 7:42 p.m.•54 views

K15630: TLS in Mozilla NSS vulnerability CVE-2013-1620

Security Advisory Description The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attack...

4.3CVSS7.3AI score0.03723EPSS
Exploits0Affected Software18
f5
f5
•added 2023/02/21 7:42 p.m.•67 views

K15640: GNU C Library (glibc) vulnerabilities CVE-2014-0475, CVE-2014-5119, CVE-2013-4458

Security Advisory Description CVE-2014-0475 Multiple directory traversal vulnerabilities in GNU C Library aka glibc or libc6 before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. dot dot in a 1 LC, 2 LANG, or other...

7.5CVSS8.9AI score0.18099EPSS
Exploits5Affected Software1
f5
f5
•added 2023/02/21 7:42 p.m.•47 views

K44590877: PHP vulnerabilities CVE-2019-11034 and CVE-2019-11035

Security Advisory Description CVE-2019-11034 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exifprocessIFDTAG function. This may lead to information disclosure or crash...

9.1CVSS6.5AI score0.04409EPSS
Exploits1
f5
f5
•added 2023/02/21 7:42 p.m.•43 views

K8425: Linux Kernel Vulnerability - CVE-2008-0600

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

7.2CVSS6.3AI score0.0354EPSS
Exploits3
f5
f5
•added 2023/02/21 7:42 p.m.•39 views

K3568: DNS denial of service vulnerability - CAN-2004-0789

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

5CVSS6.5AI score0.02765EPSS
Exploits0
f5
f5
•added 2023/02/21 7:42 p.m.•42 views

K23453330: NTP vulnerability CVE-2016-4957

Security Advisory Description ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service daemon crash via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. CVE-2016-4957 Impact There is no impact; F5 products are not affected ...

7.5CVSS6.5AI score0.44936EPSS
Exploits1
f5
f5
•added 2023/02/21 7:42 p.m.•30 views

K16081: BIG-IP ASM cross-site scripting (XSS) vulnerability CVE-2015-1050

Security Advisory Description Cross-site scripting XSS vulnerability in F5 BIG-IP Application Security Manager ASM before 11.6.0 allows an authenticated user to inject arbitrary web script or HTML via the Response Body field. CVE-2015-1050 Impact Remote attackers may be able to inject arbitrary w...

4.3CVSS5.5AI score0.01911EPSS
Exploits1Affected Software1
f5
f5
•added 2023/02/21 7:42 p.m.•66 views

K14446: OpenSSH vulnerability CVE-2012-0814

Security Advisory Description The authparseoptions function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorizedkeys command options. CVE-2012-0814 Impact This vulnerability may allow remotely-authenticated users to obtain potentially sensitive information...

6.5CVSS6.6AI score0.03672EPSS
Exploits0
f5
f5
•added 2023/02/21 7:42 p.m.•118 views

K14741: OpenSSH vulnerability CVE-2010-5107

Security Advisory Description The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service connection-slot exhaustion by periodically making many n...

7.5CVSS6.9AI score0.1651EPSS
Exploits1Affected Software19
Total number of security vulnerabilities6421