Lucene search
K

6413 matches found

F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•45 views

K17957133: Linux kernel vulnerability CVE-2019-3701

Security Advisory Description An issue was discovered in cancangwrcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the candlc field. Because of a missing check, the CAN drivers may write arbitrary...

4.9CVSS6.3AI score0.00698EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•183 views

K16840: SSH vulnerability CVE-1999-1085

Security Advisory Description Description SSH 1.2.25, 1.2.23, and other versions, when used in in CBC Cipher Block Chaining or CFB Cipher Feedback 64 bits modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext...

5CVSS5.7AI score0.03211EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•53 views

K16833: Linux vulnerability CVE-2014-7826

Security Advisory Description kernel/trace/tracesyscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service invalid pointer dereference via a crafted...

7.8CVSS6.2AI score0.00589EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•49 views

K16834: OpenSSL vulnerability CVE-2011-3210

Security Advisory Description The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service daemon crash via...

6.5CVSS8.6AI score0.03588EPSS
Exploits2Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•35 views

K16831: BSD regex library vulnerability CVE-2015-2305

Security Advisory Description Description Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via ...

6.8CVSS8.2AI score0.0837EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•37 views

K4351: BIND 9.3.0 denial of service vulnerability CAN-2005-0034

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.6AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•31 views

K15180: OpenSSL vulnerability CVE-2013-4353

Security Advisory Description The ssl3takemac function in ssl/s3both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service NULL pointer dereference and application crash via a crafted Next Protocol Negotiation record in a TLS handshake. CVE-2013-4353 Impact Remot...

4.3CVSS7.6AI score0.11851EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•71 views

K13993: Cross-site URL redirection attack vulnerability CVE-2009-4017

Security Advisory Description F5 FirePass SSL VPN contains a flaw that allows a remote cross-site redirection attack. This flaw exists because the application does not validate the refreshURL parameter upon submission to the my.activation.cns.php3 script. As a result, a user could create a URL...

5CVSS4.8AI score0.12041EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•37 views

K14434: OpenSSH vulnerability CVE-2006-5794

Security Advisory Description Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker authentication verification, which might allow attackers to bypass authentication. As of 2006-11-08, it is believed that this issue is only exploitable by leveragin...

7.5CVSS7AI score0.02681EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•18 views

K10701310: BIG-IP may not detect invalid Transfer-Encoding headers

Security Advisory Description This issue occurs when the conditions are met based on the BIG-IP module provisioned and the affected version listed in the following table. Products| Conditions that trigger the issue| Affected versions ---|---|--- BIG-IP LTM| For versions prior to 15.1.0, the...

6.5AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•57 views

K91024405: Java SE vulnerability CVE-2017-10115

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows...

7.5CVSS7.2AI score0.02737EPSS
Exploits0Affected Software8
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•33 views

K77508618: Multiple Oracle MySQL vulnerabilities

Security Advisory Description CVE-2016-0502 Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. CVE-2016-0505 Unspecified vulnerability in Oracle MySQL 5.5.46 and...

7.2CVSS7.5AI score0.07505EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•46 views

K63290144: Intel processor vulnerabilities CVE-2020-8696 and CVE-2020-8698

Security Advisory Description CVE-2020-8696 Improper removal of sensitive information before storage or transfer in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-8698 Improper isolation of shared resources in some...

5.5CVSS5.4AI score0.0051EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•62 views

K17566: NTP vulnerability CVE-2015-7704

Security Advisory Description The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. CVE-2015-7704 Impact An off-path attacker can send a crafted Kiss of Death KoD packet to the client, which...

7.5CVSS6.3AI score0.1095EPSS
Exploits0Affected Software16
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•33 views

K17563: Apache Struts vulnerability CVE-2015-2992

Security Advisory Description Arbitrary script can be executed when JSP files are exposed to be accessed directly. Affected versions are Struts 2.0.0 - 2.3.16.3. CVE-2015-2992 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

6.1CVSS7AI score0.05757EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•62 views

K17543: Linux kernel vulnerability CVE-2014-9420

Security Advisory Description The rockcontinue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service infinite loop, and system crash or hang via a crafted iso9660 image...

4.9CVSS6.3AI score0.00452EPSS
Exploits0Affected Software21
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•47 views

K17541: Linux kernel vulnerability CVE-2015-2150

Security Advisory Description Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service non-maskable interrupt and host crash by disabling the 1 memory or 2 I/O decoding fo...

4.9CVSS6.4AI score0.00534EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•55 views

K15516: LZ4 compression vulnerability CVE-2014-4715

Security Advisory Description Yann Collet LZ4 before r119, when used on certain 32-bit platforms that allocate memory beyond 0x80000000, does not properly detect integer overflows, which allows context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified...

5CVSS7.5AI score0.02752EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•55 views

K15512: LZO decompressor vulnerability CVE-2014-4608

Security Advisory Description DISPUTED Multiple integer overflows in the lzo1xdecompresssafe function in lib/lzo/lzo1xdecompresssafe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service memory corruption via a crafted Literal...

7.5CVSS6.3AI score0.05421EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:41 p.m.•45 views

K15484: OpenSSH vulnerability CVE-2006-4925

Security Advisory Description packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service crash by sending an invalid protocol sequence with USERAUTHSUCCESS before NEWKEYS, which causes newkeysmode to be NULL. CVE-2006-4925 Impact An attacker may be able to cause a...

5CVSS8AI score0.14744EPSS
Exploits1Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 7:40 p.m.•37 views

K8924: Linux kernel vulnerability CVE-2007-3843

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

4.3CVSS6.3AI score0.02624EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:40 p.m.•33 views

K8920: Linux kernel vulnerability CVE-2007-2876

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

6.1CVSS6.3AI score0.01395EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:40 p.m.•35 views

K8917: Linux kernel vulnerability CVE-2007-1217

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

6.9CVSS6.5AI score0.00372EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:40 p.m.•43 views

K8918: Linux kernel vulnerability CVE-2007-3851

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6CVSS6AI score0.00313EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:40 p.m.•38 views

K17257: D-Bus vulnerability CVE-2014-3639

Security Advisory Description Description The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service incomplete connection consumption and prevention of new connections via a large number of incomple...

2.1CVSS5.2AI score0.00403EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:40 p.m.•109 views

K15498: Multiple PHP vulnerabilities

Security Advisory Description Description CVE-2014-3981 acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. CVE-2014-4049 Heap-based buffer overflow in the phpparserr function...

7.5CVSS8.5AI score0.30128EPSS
Exploits5
F5 Networks
F5 Networks
•added 2023/02/21 7:40 p.m.•53 views

K15432: Apache Tomcat vulnerability CVE-2014-0099

Security Advisory Description Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Lengt...

4.3CVSS6.8AI score0.08838EPSS
Exploits0Affected Software15
F5 Networks
F5 Networks
•added 2023/02/21 7:40 p.m.•39 views

K15441: PHP vulnerability CVE-2011-1148

Security Advisory Description Use-after-free vulnerability in the substrreplace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact by using the same variable for multiple arguments...

7.5CVSS7.2AI score0.04736EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:40 p.m.•39 views

K73455417: obs-service-extract_file package vulnerability CVE-2016-4007

Security Advisory Description Multiple unspecified vulnerabilities in the obs-service-extractfile package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal...

10CVSS9.6AI score0.02474EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:40 p.m.•47 views

K36488941: OpenSSL vulnerability CVE-2016-2106

Security Advisory Description Integer overflow in the EVPEncryptUpdate function in crypto/evp/evpenc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service heap memory corruption via a large amount of data. CVE-2016-2106 Impact A successful attack...

7.5CVSS8.2AI score0.27261EPSS
Exploits1Affected Software23
F5 Networks
F5 Networks
•added 2023/02/21 7:39 p.m.•57 views

K95698826: LZO vulnerability CVE-2014-4607

Security Advisory Description An integer overflow flaw was found in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cau...

8.8CVSS7AI score0.05315EPSS
Exploits1Affected Software10
F5 Networks
F5 Networks
•added 2023/02/21 7:39 p.m.•25 views

K75649300: BIND vulnerability CVE-2020-8621

Security Advisory Description While query forwarding and QNAME minimization are mutually incompatible, BIND did sometimes allow QNAME minimization when continuing with recursion after 'forward first' did not result in an answer. In these cases the data used by QNAME minimization might be...

7.5CVSS6.6AI score0.02944EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:39 p.m.•34 views

K42558402: Linux kernel vulnerability CVE-2018-5814

Security Advisory Description In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple U...

7CVSS6.3AI score0.0038EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:39 p.m.•67 views

K38573130: Apache Tomcat vulnerability CVE-2020-13934

Security Advisory Description An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading...

7.5CVSS8.4AI score0.64124EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:39 p.m.•175 views

K19063943: TCP initial sequence number vulnerability CVE-2001-0328

Security Advisory Description TCP implementations that use random increments for initial sequence numbers ISN can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN. CVE-2001-0328...

5CVSS7.4AI score0.18125EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:39 p.m.•43 views

K15955144: Mozilla NSS vulnerability CVE-2015-2730

Security Advisory Description Mozilla Network Security Services NSS before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography ECC multiplications, which makes it easier for...

4.3CVSS7.1AI score0.03594EPSS
Exploits0Affected Software21
F5 Networks
F5 Networks
•added 2023/02/21 7:39 p.m.•47 views

K29241247: GNU C Library (glibc) vulnerability CVE-2015-8984

Security Advisory Description The fnmatch function in the GNU C Library aka glibc or libc6 before 2.22 might allow context-dependent attackers to cause a denial of service application crash via a malformed pattern, which triggers an out-of-bounds read. CVE-2015-8984 Impact An attacker with...

5.9CVSS6.7AI score0.02429EPSS
Exploits0Affected Software24
F5 Networks
F5 Networks
•added 2023/02/21 7:39 p.m.•32 views

K06223540: F5 TCP vulnerability CVE-2015-8240

Security Advisory Description The Traffic Management Microkernel TMM in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.0 HF6 and BIG-IP PSM before 11.4.1 HF10 does not properly handle TCP options,...

7.5CVSS7.5AI score0.01765EPSS
Exploits0Affected Software10
F5 Networks
F5 Networks
•added 2023/02/21 7:39 p.m.•116 views

K08206127: PHP vulnerability CVE-2016-4072

Security Advisory Description The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the pharanalyzepath function in ext/phar/phar.c...

9.8CVSS8.9AI score0.05932EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:39 p.m.•177 views

K01131113: OpenSSH vulnerabilities CVE-2016-0777 and CVE-2016-0778

Security Advisory Description CVE-2016-0777 The resendbytes function in roamingcommon.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a...

8.1CVSS8.1AI score0.63468EPSS
Exploits3
F5 Networks
F5 Networks
•added 2023/02/21 7:39 p.m.•39 views

K74759095: SafeNet External Network HSM script vulnerability CVE-2017-6165

Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM...

9.8CVSS9.4AI score0.01925EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 7:39 p.m.•81 views

K37603172: Samba vulnerabilities CVE-2015-5370 and CVE-2016-2118

Security Advisory Description CVE-2015-5370 Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service application crash or CPU consumptio...

7.5CVSS7.6AI score0.3693EPSS
Exploits0Affected Software9
F5 Networks
F5 Networks
•added 2023/02/21 7:39 p.m.•51 views

K05534090: Java vulnerability CVE-2015-4803

Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911. CVE-2015-4803...

5CVSS6.6AI score0.05288EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:39 p.m.•41 views

K04972684: PHP vulnerability CVE-2016-3185

Security Advisory Description The makehttpsoaprequest function in ext/soap/phphttp.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service type confusion and...

7.1CVSS8AI score0.03146EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:39 p.m.•78 views

K49233165: Apache Groovy vulnerability CVE-2015-3253

Security Advisory Description The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. CVE-2015-3253 Impact This vulnerability could allow a remote...

9.8CVSS9.6AI score0.42983EPSS
Exploits4Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:38 p.m.•42 views

K10600056: NTP vulnerability CVE-2015-5300

Security Advisory Description It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. CVE-2015-5300 Impact A man-in-the-middle attacker able to intercept network time protocol NTP traffic between a...

7.5CVSS7.5AI score0.0913EPSS
Exploits0Affected Software24
F5 Networks
F5 Networks
•added 2023/02/21 7:38 p.m.•80 views

K20225390: Multiple PCRE vulnerabilities

Security Advisory Description CVE-2015-8395 PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror...

9.8CVSS9.2AI score0.07059EPSS
Exploits6Affected Software23
F5 Networks
F5 Networks
•added 2023/02/21 7:38 p.m.•46 views

K04127310: PHP vulnerabilities CVE-2016-3141 and CVE-2016-3142

Security Advisory Description CVE-2016-3141 Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service memory corruption and application crash or possibly have unspecified other impact by triggerin...

9.8CVSS9.2AI score0.35438EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:38 p.m.•84 views

K23642330: Multiple WPA2 vulnerabilities (KRACK)

Security Advisory Description CVE-2017-13077 Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the pairwise key in the four-way handshake. CVE-2017-13078 Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Group Temporal Key GTK during the four-way handshake, allowing an...

8.1CVSS7.1AI score0.04575EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:38 p.m.•50 views

K53313971: Samba vulnerabilities CVE-2016-2110 and CVE-2016-2115

Security Advisory Description CVE-2016-2110 The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove...

5.9CVSS6.7AI score0.10232EPSS
Exploits0Affected Software21
Total number of security vulnerabilities6413