Lucene search
+L

6417 matches found

f5
f5
•added 2023/02/21 7:36 p.m.•26 views

K16477: Linux kernel vulnerability CVE-2010-2524

Security Advisory Description The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIGCIFSDFSUPCALL is enabled, relies on a user's keyring for the dnsresolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the result...

7.8CVSS6.9AI score0.00423EPSS
Exploits1
f5
f5
•added 2023/02/21 7:36 p.m.•29 views

K16478: Linux kernel vulnerabilities CVE-2014-8159 and CVE-2014-8369

Security Advisory Description CVE-2014-8159 The InfiniBand IB implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux RHEL 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical...

7.8CVSS7AI score0.00565EPSS
Exploits1
f5
f5
•added 2023/02/21 7:36 p.m.•34 views

K11785283: GnuPG vulnerability CVE-2012-6085

Security Advisory Description The readblock function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service application crash via a crafted length field of an OpenPGP...

5.8CVSS6.5AI score0.02912EPSS
Exploits1Affected Software19
f5
f5
•added 2023/02/21 7:36 p.m.•45 views

K11720: Samba server vulnerability CVE-2010-2063

Security Advisory Description Note : Versions that are not listed in this articles have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

7.5CVSS8.2AI score0.78702EPSS
Exploits5
f5
f5
•added 2023/02/21 7:35 p.m.•27 views

K9889: NTP vulnerability CVE-2009-0021

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

5CVSS7.9AI score0.03218EPSS
Exploits0
f5
f5
•added 2023/02/21 7:35 p.m.•54 views

K47098834: glibc vulnerability CVE-2015-7547

Security Advisory Description Multiple stack-based buffer overflows in the 1 senddg and 2 sendvc functions in the libresolv library in the GNU C Library aka glibc or libc6 before 2.23 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted DNS...

8.1CVSS8.5AI score0.89557EPSS
Exploits17Affected Software9
f5
f5
•added 2023/02/21 7:35 p.m.•48 views

K8578: Security Advisory: BIND buffer overflow in inet_network CVE-2008-0122

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

10CVSS6.6AI score0.123EPSS
Exploits1
f5
f5
•added 2023/02/21 7:34 p.m.•37 views

K94105604: Linux kernel vulnerability CVE-2015-7872

Security Advisory Description The keygcunusedkeys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service OOPS via crafted keyctl commands. CVE-2015-7872 Impact A local user may be able to cause a denial-of-service DoS attack on the system ...

2.1CVSS6AI score0.00508EPSS
Exploits0Affected Software23
f5
f5
•added 2023/02/21 7:34 p.m.•65 views

K52525232: Linux kernel vulnerability CVE-2019-20811

Security Advisory Description An issue was discovered in the Linux kernel before 5.0.6. In rxqueueaddkobject and netdevqueueaddkobject in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c. CVE-2019-20811 Impact A local attacker may cause a denial-of-service DoS attack...

5.5CVSS6.7AI score0.00443EPSS
Exploits0Affected Software1
f5
f5
•added 2023/02/21 7:34 p.m.•18 views

K3277: mod_ssl and ssl_log vulnerability VU#303448

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

7.1AI score
Exploits0
f5
f5
•added 2023/02/21 7:34 p.m.•110 views

K14161: OpenSSH vulnerability CVE-2007-4752

Security Advisory Description When OpenSSH prior to version 4.7 fails to generate an untrusted cookie, it falls back to create a trusted X11 authentication cookie instead. As a result, attackers may be able to launch an unauthorized forwarded X11 session through SSH. Impact None. F5 products do n...

8AI score
Exploits0
f5
f5
•added 2023/02/21 7:34 p.m.•33 views

K14154: SQL injection vulnerability from an authenticated source CVE-2012-3000

Security Advisory Description An SQL injection vulnerability exists in a BIG-IP component. This local vulnerability may allow an authenticated attacker to download arbitrary files from the file system. Impact An attacker may be able to exploit the vulnerability and retrieve arbitrary files or...

7.2AI score
Exploits0
f5
f5
•added 2023/02/21 7:34 p.m.•92 views

K13660: BIND vulnerability CVE-2012-1667

Security Advisory Description Description ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial-of-servi...

8.5CVSS7.2AI score0.13405EPSS
Exploits1Affected Software9
f5
f5
•added 2023/02/21 7:34 p.m.•34 views

K14138: XML External Entity Injection (XXE) from authenticated source vulnerability CVE-2012-2997

Security Advisory Description An XML External Entity Injection XXE vulnerability exists in a BIG-IP component. This vulnerability may allow a user who is logged in to the BIG-IP Configuration utility to download arbitrary files from the file system. Impact An attacker may be able to exploit the...

7.2AI score
Exploits0
f5
f5
•added 2023/02/21 7:34 p.m.•19 views

K8700: Remote web service buffer overflow vulnerability

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

7AI score
Exploits0
f5
f5
•added 2023/02/21 7:34 p.m.•29 views

K8921: Linux kernel vulnerability CVE-2007-3740

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

4.4CVSS6.2AI score0.0038EPSS
Exploits0
f5
f5
•added 2023/02/21 7:34 p.m.•42 views

K15220: iControl vulnerability CVE-2014-2928

Security Advisory Description The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 11.0.0 throu...

7.1CVSS7.3AI score0.3905EPSS
Exploits8Affected Software17
f5
f5
•added 2023/02/21 7:34 p.m.•38 views

K30502720: Apache Tomcat vulnerability CVE-2021-41079

Security Advisory Description Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop...

7.5CVSS7.5AI score0.07182EPSS
Exploits0
f5
f5
•added 2023/02/21 7:33 p.m.•34 views

K3369: TCP reassembly queue vulnerability CAN-2004-0171

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...

5CVSS6.4AI score0.03169EPSS
Exploits0
f5
f5
•added 2023/02/21 7:33 p.m.•45 views

K28507582: PHP vulnerability CVE-2017-12933

Security Advisory Description The finishnesteddata function in ext/standard/varunserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the...

9.8CVSS7.5AI score0.0694EPSS
Exploits0
f5
f5
•added 2023/02/21 7:33 p.m.•56 views

K15935: NTP vulnerability CVE-2014-9294

Security Advisory Description util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. CVE-2014-9294 Impact Theoretically, a remote attacker can determine a weak...

7.5CVSS7.6AI score0.12978EPSS
Exploits1Affected Software18
f5
f5
•added 2023/02/21 7:33 p.m.•33 views

K15928: Network Time Protocol vulnerability CVE-2009-1252

Security Advisory Description Stack-based buffer overflow in the cryptorecv function in ntpcrypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field...

6.8CVSS7.3AI score0.21123EPSS
Exploits1
f5
f5
•added 2023/02/21 7:33 p.m.•40 views

K15922322: MySQL vulnerability CVE-2016-8288

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin. CVE-2016-8288 Impact There is no impact; F5 products are not affected by this...

4.9CVSS5.1AI score0.01619EPSS
Exploits0
f5
f5
•added 2023/02/21 7:33 p.m.•39 views

K15903: Multiple PHP vulnerabilities

Security Advisory Description Description CVE-2012-3365 The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors. CVE-2012-2329 Buffer overflow in the apacherequestheaders function in sapi/cgi/cgimain.c in PHP 5.4...

7.5CVSS9.3AI score0.62649EPSS
Exploits21
f5
f5
•added 2023/02/21 7:33 p.m.•29 views

K15911: Linux kernel vulnerabilities CVE-2014-3182 and CVE-2014-3183

Security Advisory Description Description CVE-2014-3182 Array index error in the logidjrawevent function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service invalid kfree via a crafted devi...

6.9CVSS7.2AI score0.00499EPSS
Exploits0
f5
f5
•added 2023/02/21 7:33 p.m.•53 views

K15905: Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720

Security Advisory Description CVE-2009-3560 The big2toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service application crash via an XML document with malformed UTF-8 sequences that trigge...

5CVSS6.8AI score0.27924EPSS
Exploits3Affected Software9
f5
f5
•added 2023/02/21 7:33 p.m.•53 views

K15927: BIND vulnerability CVE-2014-8500

Security Advisory Description ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service memory consumption and named crash via a large or infinite number of referrals. CVE-2014-8500...

7.8CVSS6.8AI score0.65683EPSS
Exploits0Affected Software2
f5
f5
•added 2023/02/21 7:33 p.m.•267 views

K14229: OpenSSH vulnerability CVE-2007-2768

Security Advisory Description OpenSSH, when using OPIE One-Time Passwords in Everything for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords OTP, a similar...

4.3CVSS8.1AI score0.08654EPSS
Exploits0
f5
f5
•added 2023/02/21 7:33 p.m.•39 views

K11091514: MySQL vulnerability CVE-2016-5626

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. CVE-2016-5626 Impact There is no impact; F5 products are not affected by this...

6.5CVSS6.4AI score0.06045EPSS
Exploits0
f5
f5
•added 2023/02/21 7:33 p.m.•39 views

K09408132: glibc vulnerability CVE-2011-1659

Security Advisory Description Integer overflow in posix/fnmatch.c in the GNU C Library aka glibc or libc6 2.13 and earlier allows context-dependent attackers to cause a denial of service application crash via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a...

5CVSS5AI score0.02856EPSS
Exploits1Affected Software10
f5
f5
•added 2023/02/21 7:33 p.m.•46 views

K94255403: BIG-IP AFM vulnerability CVE-2021-23040

Security Advisory Description A SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This issue is exposed only when BIG-IP AFM is provisioned. CVE-2021-23040 Impact An authenticated attacker can exploit this vulnerability to execute malicious SQL...

8.8CVSS8.7AI score0.00995EPSS
Exploits0Affected Software1
f5
f5
•added 2023/02/21 7:33 p.m.•48 views

K88162221: The BIG-IP ASM system may not properly perform signature checks on cookies

Security Advisory Description The BIG-IP ASM system may not properly perform signature checks on cookies. This issue occurs when the following condition is met: You have a security policy enabled with cookie scope attack signatures. Impact Cookies containing malicious payload may pass through the...

5.3CVSS5.9AI score0.0158EPSS
Exploits1
f5
f5
•added 2023/02/21 7:33 p.m.•29 views

K92991044: lwresd and bind vulnerability CVE-2016-2775

Security Advisory Description ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service daemon crash via a long request that uses the lightweight resolver protocol...

5.9CVSS6.5AI score0.63346EPSS
Exploits0
f5
f5
•added 2023/02/21 7:33 p.m.•148 views

K44454157: Expat vulnerability CVE-2022-40674

Security Advisory Description libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674 Impact An attacker may be able to use crafted XML to reference previously freed memory, leading to data corruption or the execution of arbitrary code. Security Advisory...

8.1CVSS8AI score0.0176EPSS
Exploits0Affected Software14
f5
f5
•added 2023/02/21 7:33 p.m.•42 views

K15759349: BIG-IP FTP profile vulnerability CVE-2019-6645

Security Advisory Description FTP traffic passing through a virtual server with both an active FTP profile associated and connection mirroring configured may cause the Traffic Management Microkernel TMM to stop responding, causing the configured high availability HA action to be taken...

7.5CVSS7.4AI score0.01348EPSS
Exploits0Affected Software13
f5
f5
•added 2023/02/21 7:33 p.m.•227 views

K10506844: Apache Struts 2 vulnerabilities CVE-2013-1966, CVE-2013-2115, CVE-2013-2134, and CVE-2013-2135

Security Advisory Description CVE-2013-1966 Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag. CVE-2013-2115 Apache Struts 2 before 2.3.14.2 allow...

9.3CVSS9.1AI score0.72778EPSS
Exploits12
f5
f5
•added 2023/02/21 7:33 p.m.•21 views

K41515225: BIG-IP SSL connection security exposure

Security Advisory Description On a virtual server configured with both Client SSL and Server SSL profiles, when receiving a TCP FIN midstream in an SSL connection, the BIG-IP system immediately proxies the FIN to the remote host on the peer side. If the remote host on the peer side acknowledges t...

6.6AI score
Exploits0
f5
f5
•added 2023/02/21 7:33 p.m.•53 views

K01324833: NTP vulnerability CVE-2015-8158

Security Advisory Description The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service infinite loop via crafted packets with incorrect values. CVE-2015-8158 Impact When this vulnerability is exploited, an attacke...

5.9CVSS6.7AI score0.07546EPSS
Exploits0Affected Software23
f5
f5
•added 2023/02/21 7:32 p.m.•35 views

K21426934: Multiple elfutils vulnerabilities

Security Advisory Description CVE-2018-16062 dwarfgetaranges in dwarfgetaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted file. CVE-2018-16402 libelf/elfend.c in elfutils 0.173 allows remote attackers to...

9.8CVSS7.3AI score0.03691EPSS
Exploits8
f5
f5
•added 2023/02/21 7:32 p.m.•32 views

K5794: Security Advisory: Perl integer sign error in format string processing - CVE-2005-3962

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about F5 Networks' security policy regarding evaluating older and unsupported versions of F5 Networks products, refer to K4602:...

4.6CVSS9.6AI score0.01374EPSS
Exploits2
f5
f5
•added 2023/02/21 7:32 p.m.•75 views

K6878: Apache Rewrite module (mod_rewrite) vulnerabilities CVE-2006-3747

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

7.6CVSS8AI score0.96436EPSS
Exploits20
f5
f5
•added 2023/02/21 7:32 p.m.•38 views

K5725: pam_ldap password policy control vulnerability CAN-2005-2641

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.4AI score
Exploits0
f5
f5
•added 2023/02/21 7:32 p.m.•22 views

K36328238: The BIG-IP DNS system may erroneously display the TSIG key secret in plain text form

Security Advisory Description The BIG-IP DNS system may erroneously display the Transaction Signature TSIG key secret in plain text form. This issue occurs when all of the following conditions are met: You configured a TSIG key in the BIG-IP DNS system. You used one of the following methods to vi...

6.7AI score
Exploits0
f5
f5
•added 2023/02/21 7:32 p.m.•35 views

K15724: OpenSSL vulnerability CVE-2014-3568

Security Advisory Description OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23clnt.c and s23srvr.c. CVE-2014-3568...

4.3CVSS6.4AI score0.13976EPSS
Exploits0Affected Software1
f5
f5
•added 2023/02/21 7:32 p.m.•69 views

K15737: Apache vulnerability CVE-2014-3577

Security Advisory Description org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509...

5.8CVSS6.3AI score0.09149EPSS
Exploits1
f5
f5
•added 2023/02/21 7:32 p.m.•48 views

K15741: Apache Commons HttpClient vulnerability CVE-2012-6153

Security Advisory Description http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...

4.3CVSS5.8AI score0.05844EPSS
Exploits0
f5
f5
•added 2023/02/21 7:31 p.m.•35 views

K4447: cURL buffer overflow vulnerability CAN-2005-0490

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

8.8CVSS7.9AI score0.05732EPSS
Exploits0
f5
f5
•added 2023/02/21 7:31 p.m.•60 views

K16352: Multiple OpenJDK vulnerabilities

Security Advisory Description CVE-2015-0383 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot. CVE-2014-6601...

10CVSS6.8AI score0.67234EPSS
Exploits5
f5
f5
•added 2023/02/21 7:31 p.m.•28 views

K16337: OpenSSL vulnerability CVE-2009-5146

Security Advisory Description A vulnerability, which was classified as problematic, was found in OpenSSL 0.9.8. This affects an unknown function of the component Hostname TLS Extension. The manipulation with an unknown input leads to a information disclosure vulnerability memory leak. CVE-2009-51...

6.7AI score
Exploits0Affected Software1
f5
f5
•added 2023/02/21 7:31 p.m.•35 views

K16341: Linux kernel Controller Area Network (CAN) vulnerability CVE-2010-2959

Security Advisory Description Integer overflow in net/can/bcm.c in the Controller Area Network CAN implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of...

7.2CVSS8AI score0.03746EPSS
Exploits6Affected Software1
Total number of security vulnerabilities6417