Lucene search
K

6413 matches found

F5 Networks
F5 Networks
•added 2023/02/21 7:38 p.m.•51 views

K81081046: PHP vulnerabilities CVE-2016-4537 and CVE-2016-4538

Security Advisory Description CVE-2016-4537 The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other...

9.8CVSS9.1AI score0.06229EPSS
Exploits2
F5 Networks
F5 Networks
•added 2023/02/21 7:38 p.m.•68 views

K61971428: Multiple Java vulnerabilities

Security Advisory Description CVE-2013-5775 Unspecified vulnerability in the Java SE and JavaFX components in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. CVE-2013-5777 Unspecified...

10CVSS7.1AI score0.04652EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:38 p.m.•50 views

K53316849: Java vulnerability CVE-2013-5802

Security Advisory Description Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality,...

7.5CVSS7.4AI score0.04431EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:38 p.m.•42 views

K23873366: OpenSSL vulnerability CVE-2016-2177

Security Advisory Description OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service integer overflow and application crash or possibly have unspecified other impact by leveraging unexpected mallo...

9.8CVSS9.3AI score0.44505EPSS
Exploits1Affected Software25
F5 Networks
F5 Networks
•added 2023/02/21 7:38 p.m.•47 views

K35240323: PHP vulnerability CVE-2016-4539

Security Advisory Description The xmlparseintostruct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service buffer under-read and segmentation fault or possibly have unspecified other impact via crafted XML da...

9.8CVSS9.4AI score0.06229EPSS
Exploits1Affected Software21
F5 Networks
F5 Networks
•added 2023/02/21 7:38 p.m.•47 views

K17025: BIND DNSSEC vulnerability CVE-2010-0097

Security Advisory Description ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC 1 NSEC and 2 NSEC3 records. CVE-2010-0097 Impact Remote attackers may be able to add the Authenticated Data AD flag to a forg...

4.3CVSS7.6AI score0.09363EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:38 p.m.•31 views

K16494: phpMyAdmin vulnerability CVE-2015-2206

Security Advisory Description libraries/selectlang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it...

5CVSS9.3AI score0.03263EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:38 p.m.•37 views

K12998: OpenSSL vulnerability CVE-2011-1945

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

2.6CVSS7.7AI score0.0343EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:38 p.m.•13 views

K11797: Pre-logon sequence vulnerability to token spoofing

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this Solution have not been evaluated for...

6.7AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:38 p.m.•35 views

K07051153: TMUI vulnerability CVE-2020-5905

Security Advisory Description In the BIG-IP Configuration utility Network WCCP page, the system does not sanitize all user-provided data before displaying the page. CVE-2020-5905 Impact Authenticated administrative users with access to this page in the Configuration utility may inject code onto t...

6CVSS5.1AI score0.00681EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 7:38 p.m.•45 views

K93231374: BIG-IP HTTP vulnerability CVE-2021-23042

Security Advisory Description When an HTTP profile is configured on a virtual server, undisclosed requests can cause a significant increase in system resource utilization. CVE-2021-23042 Impact System performance degradation can occur until the process is either forced to restart or manually...

7.5CVSS7.3AI score0.00933EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 7:38 p.m.•17 views

K7009: Statement on ACL bypass using trailing NULL byte - MNIN/NNL Advisory

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

7AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•30 views

K42891424: Grep vulnerability CVE-2015-1345

Security Advisory Description The bmexectrans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service out-of-bounds heap read and crash via crafted input when using the -F option. CVE-2015-1345 Impact A local user may cause a denial-of-service DoS by way of...

2.1CVSS8.5AI score0.00486EPSS
Exploits1Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•85 views

K42830212: BIG-IP SIP ALG profile vulnerability CVE-2020-5926

Security Advisory Description A BIG-IP virtual server with a Session Initiation Protocol SIP ALG profile, parsing SIP messages that contain a multi-part MIME payload with certain boundary strings can cause TMM to free memory to the wrong cache.CVE-2020-5926 Impact This vulnerability leads to futu...

7.5CVSS7.5AI score0.01044EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•12 views

K38157961: BIG-IP ASM Bot Defense may fail to block malicious requests when both the Bot Defense profile and DoS profile are associated with a virtual server

Security Advisory Description The BIG-IP ASM Bot Defense profile may unexpectedly fail to block malicious requests. This issue occurs when the following condition is met: The affected virtual server is associated with the following: A security policy A DoS profile configured with either TPS-based...

6.6AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•38 views

K24036027: libarchive vulnerability CVE-2016-5844

Security Advisory Description Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service application crash via a crafted ISO file. CVE-2016-5844 Impact For BIG-IP and VIPRION platforms that are configured to use Virtual Clustered...

6.5CVSS7AI score0.04131EPSS
Exploits1Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•86 views

K23073482: Nginx vulnerabilities CVE-2016-0742, CVE-2016-0746, and CVE-2016-0747

Security Advisory Description CVE-2016-0742 The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service invalid pointer dereference and worker process crash via a crafted UDP DNS response. CVE-2016-0746 Use-after-free vulnerability in the resolv...

9.8CVSS7.6AI score0.81958EPSS
Exploits0Affected Software7
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•44 views

K23641249: KVM hypervisor vulnerability CVE-2020-2732

Security Advisory Description A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessibl...

6.8CVSS6.4AI score0.00927EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•48 views

K17457: Linux kernel vulnerability CVE-2015-6252

Security Advisory Description The vhostdevioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service memory consumption via a VHOSTSETLOGFD ioctl call that triggers permanent file-descriptor allocation. CVE-2015-6252 Impact None. F5...

2.1CVSS6.3AI score0.00442EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•44 views

K17330: GnuTLS vulnerability CVE-2015-3308

Security Advisory Description Double free vulnerability in lib/x509/x509ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. CVE-2015-3308 Impact A remote attacker may be able to cause a...

7.5CVSS8AI score0.03921EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•35 views

K17317: Apache HTTP server vulnerability CVE-2015-0253

Security Advisory Description The readrequestline function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service NULL pointer dereference and process crash by sending a request that lacks...

5CVSS6AI score0.14734EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•40 views

K16912: BIND vulnerability CVE-2015-4620

Security Advisory Description name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit by constructing...

7.8CVSS7.8AI score0.37872EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•81 views

K17315: SNMP vulnerability CVE-2014-3565

Security Advisory Description snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service snmptrapd crash via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrate...

5CVSS7.5AI score0.04619EPSS
Exploits1Affected Software20
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•36 views

K15439022: glibc vulnerability CVE-2016-3075

Security Advisory Description A stack overflow vulnerability unbounded allocation in nssdnsgetnetbynamer function was found. CVE-2016-3075 Impact BIG-IP, BIG-IQ, and Enterprise Manager While the specified functionality is included with BIG-IP, BIG-IQ, and Enterprise Manager, these products are no...

7.5CVSS7.3AI score0.07629EPSS
Exploits0Affected Software22
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•73 views

K16881: OZWPAN driver vulnerabilities CVE-2015-4001, CVE-2015-4002, CVE-2015-4003, CVE-2015-4004

Security Advisory Description Description CVE-2015-4001 Integer signedness error in the ozhcdgetdesccnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service system crash or possibly execute arbitrary...

9CVSS7.5AI score0.08339EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•34 views

K16875: file vulnerability CVE-2012-1571

Security Advisory Description file before 5.11 and libmagic allow remote attackers to cause a denial of service crash via a crafted Composite Document File CDF file that triggers 1 an out-of-bounds read or 2 an invalid pointer dereference. CVE-2012-1571 Impact An attacker could cause a...

6.5CVSS9AI score0.04117EPSS
Exploits1Affected Software19
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•29 views

K12986: BIND vulnerability CVE-2011-2464

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

5CVSS7.4AI score0.19265EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•49 views

K12566: OpenSSL vulnerability CVE-2010-3864

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

7.6CVSS7.8AI score0.22145EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•42 views

K81223200: Oracle Java SE vulnerability CVE-2016-3425

Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP. CVE-2016-3425 Impact An authenticated attacker can input specially crafted XML th...

5CVSS6.8AI score0.038EPSS
Exploits0Affected Software24
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•51 views

K77535578: Multiple Java SE client-side vulnerabilities

Security Advisory Description CVE-2016-0636 Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component. CVE-2016-0686 Unspecified vulnerability in Oracle...

10CVSS7.1AI score0.05765EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•29 views

K20031768: Intel hardware vulnerabilities CVE-2020-8737 CVE-2020-12312

Security Advisory Description CVE-2020-8737 Improper buffer restrictions in the IntelR StratixR 10 FPGA firmware provided with the IntelR QuartusR Prime Pro software before version 20.1 may allow an unauthenticated user to potentially enable escalation of privilege and/or information disclosure v...

6.8CVSS6.6AI score0.00362EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•48 views

K14316: BIND vulnerability CVE-2012-3817

Security Advisory Description ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a...

7.8CVSS6.8AI score0.27383EPSS
Exploits1Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 7:37 p.m.•43 views

K13607: Hosts may generate weak RSA keys under low entropy conditions

Security Advisory Description A recent study, linked in the Supplemental Information section, has revealed that when a system generates new RSA keys under low-entropy conditions, such as during the first system boot, the resulting keys may not be cryptographically strong. During its first boot, t...

6.6AI score
Exploits0Affected Software10
F5 Networks
F5 Networks
•added 2023/02/21 7:36 p.m.•88 views

K63603485: Linux kernel vulnerability CVE-2022-0847

Security Advisory Description A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to...

7.8CVSS7.3AI score0.89063EPSS
Exploits100
F5 Networks
F5 Networks
•added 2023/02/21 7:36 p.m.•61 views

K24249971: Linux kernel vulnerability CVE-2019-10638

Security Advisory Description In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols e.g., UDP and ICMP. When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash...

6.5CVSS6.5AI score0.02571EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:36 p.m.•33 views

K24444495: Linux kernel vulnerability CVE-2016-10764

Security Advisory Description In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspisetupflash function. There are CQSPIMAXCHIPSELECT elements in the -fpdata array so the "" should be "=" instead. CVE-2016-10764 Impact There is no impact; F5...

9.8CVSS6.1AI score0.03075EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:36 p.m.•48 views

K22040951: systemd-journald vulnerability CVE-2019-3815

Security Advisory Description A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatchmessagereal in journald-server.c does not free the memory allocated by setiovecfieldfree to store the CMDLINE= entry. A local attacker may use this...

3.3CVSS6.7AI score0.004EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 7:36 p.m.•42 views

K17742627: cURL and libcurl vulnerability CVE-2016-8625

Security Advisory Description curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. CVE-2016-8625 Impact Incorrect translation of International Doma...

7.5CVSS7.2AI score0.04321EPSS
Exploits0Affected Software24
F5 Networks
F5 Networks
•added 2023/02/21 7:36 p.m.•66 views

K63519101: Multiple QEMU vulnerabilities

Security Advisory Description CVE-2014-8106 Heap-based buffer overflow in the Cirrus VGA emulator hw/display/cirrusvga.c in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for...

9.3CVSS8.3AI score0.13288EPSS
Exploits1Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 7:36 p.m.•47 views

K61570943: Multiple libXML2 vulnerabilities

Security Advisory Description CVE-2015-5312 The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability...

7.1CVSS8.2AI score0.0721EPSS
Exploits2Affected Software21
F5 Networks
F5 Networks
•added 2023/02/21 7:36 p.m.•44 views

K5576: Authentication vulnerability in Apache mod_digest - CAN-2003-0987

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

7.5CVSS6.3AI score0.05562EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:36 p.m.•57 views

K17326: Linux kernel vulnerability CVE-2015-5157

Security Advisory Description arch/x86/entry/entry64.S in the Linux kernel before 4.1.6 on the x8664 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI. CVE-2015-5157 Impact A locally...

7.2CVSS6.3AI score0.00624EPSS
Exploits0Affected Software20
F5 Networks
F5 Networks
•added 2023/02/21 7:36 p.m.•141 views

K16903: Microsoft Schannel vulnerability CVE-2015-1637

Security Advisory Description Schannel aka Secure Channel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state...

4.3CVSS7.1AI score0.13151EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:36 p.m.•73 views

K16531: Linux kernel vulnerability CVE-2014-4027

Security Advisory Description The rdbuilddevicespace function in drivers/target/targetcorerd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdiskmcp memory by leveraging access to a SCSI...

2.3CVSS5.6AI score0.0065EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:36 p.m.•44 views

K16596: Privilege escalation vulnerability CVE-2014-3215

Security Advisory Description seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges ...

6.9CVSS5.9AI score0.00357EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:36 p.m.•29 views

K16478: Linux kernel vulnerabilities CVE-2014-8159 and CVE-2014-8369

Security Advisory Description CVE-2014-8159 The InfiniBand IB implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux RHEL 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical...

7.8CVSS7AI score0.00565EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:36 p.m.•30 views

K16479: Linux kernel vulnerability CVE-2009-4537

Security Advisory Description drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to 1 cause a denial of service temporary network outage via a packet with a...

7.8CVSS4.8AI score0.05889EPSS
Exploits1Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 7:36 p.m.•25 views

K16477: Linux kernel vulnerability CVE-2010-2524

Security Advisory Description The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIGCIFSDFSUPCALL is enabled, relies on a user's keyring for the dnsresolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the result...

7.8CVSS6.9AI score0.00423EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:36 p.m.•34 views

K11785283: GnuPG vulnerability CVE-2012-6085

Security Advisory Description The readblock function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service application crash via a crafted length field of an OpenPGP...

5.8CVSS6.5AI score0.02912EPSS
Exploits1Affected Software19
F5 Networks
F5 Networks
•added 2023/02/21 7:36 p.m.•45 views

K11720: Samba server vulnerability CVE-2010-2063

Security Advisory Description Note : Versions that are not listed in this articles have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

7.5CVSS8.2AI score0.78702EPSS
Exploits5
Total number of security vulnerabilities6413