Lucene search
K

6413 matches found

F5 Networks
F5 Networks
•added 2023/02/21 7:29 p.m.•51 views

K16123: OpenSSL vulnerability CVE-2014-3571

Security Advisory Description OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted DTLS message that is processed with a different read operation for the handshake...

5CVSS7.1AI score0.22964EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 7:29 p.m.•39 views

K15784: Kerberos vulnerability CVE-2013-1418

Security Advisory Description The setupserverrealm function in main.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted...

4.3CVSS6.8AI score0.05508EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:29 p.m.•40 views

K15785: Kerberos vulnerability CVE-2013-6800

Security Advisory Description An unspecified third-party database module for the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.10.x allows remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash via a crafted request, a different vulnerability...

4CVSS6.8AI score0.02608EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:29 p.m.•43 views

K15732: Linux kernel vulnerability CVE-2013-0311

Security Advisory Description Description The translatedesc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging Kernel-base Virtual Machine KVM guest OS privilege...

6.5CVSS7AI score0.00644EPSS
Exploits0Affected Software17
F5 Networks
F5 Networks
•added 2023/02/21 7:29 p.m.•29 views

K15743: BIND vulnerability CVE-2011-2465

Security Advisory Description Description Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone RPZ contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service named daemon crash via...

2.6CVSS6.5AI score0.0888EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:29 p.m.•30 views

K15742: Linux kernel vulnerabilities CVE-2014-6416, CVE-2014-6417, and CVE-2014-6418

Security Advisory Description CVE-2014-6416 Buffer overflow in net/ceph/authx.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service memory corruption and panic or possibly have unspecified other impact via a long unencrypted auth ticket...

7.8CVSS6.7AI score0.06167EPSS
Exploits3
F5 Networks
F5 Networks
•added 2023/02/21 7:29 p.m.•35 views

K15723: OpenSSL vulnerability CVE-2014-3567

Security Advisory Description Description Memory leak in the tlsdecryptticket function in t1lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service memory consumption via a crafted session ticket that triggers an...

7.1CVSS7.4AI score0.23598EPSS
Exploits0Affected Software20
F5 Networks
F5 Networks
•added 2023/02/21 7:29 p.m.•44 views

K15721: GnuTLS vulnerability CVE-2013-1619

Security Advisory Description The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to...

4CVSS6.8AI score0.0644EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:29 p.m.•16 views

K2178: Multiple BIND vulnerabilities - CA-2002-31

Security Advisory Description Note: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about F5 Networks' security policy regarding evaluating older and unsupported versions of F5 Networks products, refer to K4602:...

6.8AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:29 p.m.•25 views

K9913: Apache Tomcat vulnerability - CVE-2008-4308

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

2.6CVSS4.7AI score0.03914EPSS
Exploits2
F5 Networks
F5 Networks
•added 2023/02/21 7:29 p.m.•52 views

K62012529: BIND vulnerability CVE-2016-1286

Security Advisory Description named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service assertion failure and daemon exit via a crafted signature record for a DNAME record, related to db.c and resolver.c. CVE-2016-1286 Impact An attacke...

8.6CVSS7.1AI score0.621EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:28 p.m.•116 views

K39103040: Kernel vulnerability CVE-2018-18955

Security Advisory Description In the Linux kernel 4.15.x through 4.19.x before 4.19.2, mapwrite in kernel/usernamespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAPSYSADMIN in an affected user namespace can bypas...

7CVSS6.8AI score0.07611EPSS
Exploits24
F5 Networks
F5 Networks
•added 2023/02/21 7:28 p.m.•61 views

K8939: SNMPv3 HMAC verification vulnerability CVE-2008-0960 - VU#878044

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

10CVSS6.7AI score0.6879EPSS
Exploits7
F5 Networks
F5 Networks
•added 2023/02/21 7:28 p.m.•68 views

K30404955: Linux kernel vulnerability CVE-2019-5489

Security Advisory Description The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Fixing this affects the output of...

5.5CVSS6.3AI score0.00774EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:28 p.m.•63 views

K16392: NTP vulnerability CVE-2014-9750

Security Advisory Description The vallen packet value is not validated in several code paths in ntpcrypto.c which can lead to information leakage or a possible crash of ntpd. CVE-2014-9750 Note : The original candidate number referenced in this article, CVE-2014-9297, was rejected because it was...

5.8CVSS7.3AI score0.06135EPSS
Exploits0Affected Software20
F5 Networks
F5 Networks
•added 2023/02/21 7:28 p.m.•33 views

K16398: Python vulnerability CVE-2006-4980

Security Advisory Description Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts. CVE-2006-4980 Impact...

7.5CVSS7.7AI score0.05195EPSS
Exploits0Affected Software9
F5 Networks
F5 Networks
•added 2023/02/21 7:28 p.m.•45 views

K16385: Multiple MySQL vulnerabilities

Security Advisory Description CVE-2013-5894 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. CVE-2013-5881 Unspecified vulnerability in the MySQL Server...

6.8CVSS5.8AI score0.03786EPSS
Exploits0Affected Software15
F5 Networks
F5 Networks
•added 2023/02/21 7:28 p.m.•44 views

K16389: Multiple MySQL vulnerabilities

Security Advisory Description CVE-2013-5908 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling. CVE-2014-0401 Unspecifie...

4CVSS5.7AI score0.0467EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
•added 2023/02/21 7:28 p.m.•52 views

K15900: Apache HTTP server vulnerability CVE-2012-3499

Security Advisory Description Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modlda...

4.3CVSS7.7AI score0.22913EPSS
Exploits2Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 7:28 p.m.•32 views

K15461: OpenSSL vulnerability CVE-2011-4619

Security Advisory Description The Server Gated Cryptography SGC implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service CPU consumption via unspecified vectors. CVE-2011-4619 Impact This...

5CVSS8.5AI score0.16645EPSS
Exploits0Affected Software15
F5 Networks
F5 Networks
•added 2023/02/21 7:28 p.m.•16 views

K15460: OpenSSL Vulnerability CVE-2011-4109

Security Advisory Description Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509VFLAGPOLICYCHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. CVE-2011-4109 Impact This vulnerability could allow a remote attacker to...

9.3CVSS8.9AI score0.17687EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:28 p.m.•29 views

K15428: Apache Tomcat vulnerability CVE-2014-0096

Security Advisory Description java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and...

4.3CVSS6.9AI score0.06905EPSS
Exploits0Affected Software15
F5 Networks
F5 Networks
•added 2023/02/21 7:28 p.m.•32 views

K15160: GnuTLS vulnerability CVE-2014-0092

Security Advisory Description lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. CVE-2014-0092 Impact...

5.8CVSS6.6AI score0.29958EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:28 p.m.•25 views

K15427: OpenSSL vulnerability CVE-2011-4354

Security Advisory Description crypto/bn/bnnist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST...

5.8CVSS6.6AI score0.04044EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:28 p.m.•31 views

K15405: OpenSSL 0.9.8l vulnerability CVE-2009-4355

Security Advisory Description Memory leak in the zlibstatefulfinish function in crypto/comp/czlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service memory consumption via vectors that trigger incorrect calls to the...

5CVSS7.9AI score0.08941EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:28 p.m.•133 views

K15406: HTTP cookie vulnerability CVE-2004-0462

Security Advisory Description The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server. CVE-2004-0462 Impact A...

2.1CVSS6.3AI score0.00433EPSS
Exploits0Affected Software10
F5 Networks
F5 Networks
•added 2023/02/21 7:28 p.m.•81 views

K14638: TLS/SSL RC4 vulnerability CVE-2013-2566

Security Advisory Description The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same...

5.9CVSS7.5AI score0.84424EPSS
Exploits0Affected Software20
F5 Networks
F5 Networks
•added 2023/02/21 7:27 p.m.•57 views

K60570139: Rowhammer hardware vulnerability CVE-2020-10255

Security Advisory Description Modern DRAM chips DDR4 and LPDDR4 after 2015 are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh TRR, aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain...

9.3CVSS8.9AI score0.02515EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 7:27 p.m.•46 views

K65271605: NTP vulnerability CVE-2016-1549

Security Advisory Description A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and...

6.5CVSS6.5AI score0.03147EPSS
Exploits1Affected Software22
F5 Networks
F5 Networks
•added 2023/02/21 7:27 p.m.•40 views

K17453: Subversion vulnerabilities CVE-2015-0248, CVE-2015-0251, and CVE-2015-3187

Security Advisory Description CVE-2015-0248 The 1 moddavsvn and 2 svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service assertion failure and abort via crafted parameter combinations related to dynamically evaluated revisi...

5CVSS7.3AI score0.12841EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:27 p.m.•40 views

K15885: GNU C Library vulnerability CVE-2011-1071

Security Advisory Description The GNU C Library aka glibc or libc6 before 2.12.2 and Embedded GLIBC EGLIBC allow context-dependent attackers to execute arbitrary code or cause a denial of service memory consumption via a long UTF8 string that is used in an fnmatch call, aka a "stack extension...

5.1CVSS5.8AI score0.14323EPSS
Exploits1Affected Software11
F5 Networks
F5 Networks
•added 2023/02/21 7:27 p.m.•39 views

K12650: PHP vulnerability CVE-2010-4645

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

5CVSS9AI score0.15103EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:27 p.m.•65 views

K62442245: Kernel vulnerability CVE-2016-6828

Security Advisory Description The tcpchecksendhead function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service tcpxmitretransmitqueue use-after-free and system crash vi...

5.5CVSS6AI score0.01181EPSS
Exploits5Affected Software23
F5 Networks
F5 Networks
•added 2023/02/21 7:27 p.m.•35 views

K45263486: NGINX Controller vulnerability CVE-2021-23020

Security Advisory Description The NAAS API keys are generated using an insecure pseudo-random string and hashing algorithm, which may lead to predictable keys. CVE-2021-23020 Impact Local attackers are able to potentially generate a valid user key. Security Advisory Status F5 Product Development...

5.5CVSS5.5AI score0.00255EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:27 p.m.•31 views

K11503: BIND 9 vulnerability CVE-2009-0265

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about F5's security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

7.5CVSS7.7AI score0.02474EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:27 p.m.•59 views

K8077: BIND 8 vulnerability CVE-2007-2930

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

4.3CVSS6.5AI score0.07585EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:27 p.m.•99 views

K8072: Obtaining uptime information from TCP timestamps

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.2AI score
Exploits0Affected Software9
F5 Networks
F5 Networks
•added 2023/02/21 7:27 p.m.•34 views

K73761475: MySQL Memcached vulnerability CVE-2017-3633

Security Advisory Description Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Memcached. Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

6.5CVSS6.2AI score0.02952EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:27 p.m.•39 views

K3279: Heap-based buffer overflow in mod_proxy - CAN-2004-0492

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

10CVSS7.8AI score0.33639EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:27 p.m.•42 views

K3284: Buffer overflows in stub resolver libraries - CAN-2002-0029

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

8.8AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:26 p.m.•36 views

K23284054: The BIG-IP SMTPS virtual server may fail to properly restrict I/O buffering, allowing attackers to insert commands into encrypted SMTP sessions

Security Advisory Description This issue occurs the following condition is met: A virtual server is configured with a Client SSL profile and an SMTPS profile that has the STARTTLS Activation Mode setting enabled Allow or Require for processing SMTPS traffic. Impact When system receives these SMTP...

7AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:26 p.m.•305 views

K23022557: The BIG-IP system may respond with the NXDOMAIN status when it receives a DNS query of a certain type on a CNAME wide IP

Security Advisory Description The BIG-IP system may respond with the NXDOMAIN status when it receives a DNS query on a CNAME wide IP. This issue occurs when all of the following conditions are met: The BIG-IP system is configured with a CNAME wide IP. For example: test.example.com The BIG-IP syst...

5.3CVSS6.1AI score0.0158EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:26 p.m.•40 views

K1907: mod_ssl and Apache_SSL buffer overflow - CAN-2002-0082

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

7.5CVSS6.4AI score0.29878EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:26 p.m.•14 views

K13656: FirePass SQL injection vulnerability

Security Advisory Description Description F5 has identified a possible SQL injection vulnerability for the FirePass controller. The FirePass controller may not perform adequate user input validation on particular fields. Impact An unauthenticated attacker may be able to exploit the vulnerability ...

7.8AI score
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:26 p.m.•49 views

K88124225: libpng vulnerability CVE-2017-12652

Security Advisory Description libpng before 1.6.32 does not properly check the length of chunks against the user limit. CVE-2017-12652 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently support...

9.8CVSS6.6AI score0.04113EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:26 p.m.•44 views

K8186: Cross-site scripting vulnerability in Apache mod_imap CVE-2007-5000

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

4.3CVSS7.4AI score0.46603EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:26 p.m.•47 views

K60001344: Linux kernel vulnerability CVE-2019-19056

Security Advisory Description A memory leak in the mwifiexpciealloccmdrspbuf function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering mwifiexmappcimemory failures, aka CID-db8fd2cde932...

4.7CVSS6.1AI score0.00387EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:26 p.m.•52 views

K49440205: Linux kernel vulnerability CVE-2021-38300

Security Advisory Description arch/mips/net/bpfjit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB...

7.8CVSS6.9AI score0.00621EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:26 p.m.•23 views

K13044333: MySQL Server Optimizer vulnerability CVE-2022-21437

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromis...

4.9CVSS5.1AI score0.0134EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:26 p.m.•40 views

K12915342: Linux kernel vulnerability CVE-2018-14625

Security Advisory Description A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect and close function may allow an attacker using the AFVSOCK protocol to gather a 4 byte informatio...

7CVSS6.2AI score0.00333EPSS
Exploits0
Total number of security vulnerabilities6413