Lucene search
K

6413 matches found

F5 Networks
F5 Networks
•added 2023/02/21 7:26 p.m.•32 views

K05295501: libssh vulnerability CVE-2020-1730

Security Advisory Description A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when...

5.3CVSS6.4AI score0.03065EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:26 p.m.•43 views

K63675293: NTP vulnerability CVE-2016-1548

Security Advisory Description An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer-dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c wi...

7.2CVSS6.4AI score0.03844EPSS
Exploits3Affected Software24
F5 Networks
F5 Networks
•added 2023/02/21 7:26 p.m.•31 views

K41107914: iControl REST vulnerability CVE-2016-9251

Security Advisory Description In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection. CVE-2016-9251 Impact An authenticated attacker may be able to cause an escalation of privileges through a crafte...

8.8CVSS8.7AI score0.01514EPSS
Exploits0Affected Software10
F5 Networks
F5 Networks
•added 2023/02/21 7:26 p.m.•41 views

K84408873: Infinispan vulnerability CVE-2019-10174

Security Advisory Description A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new,...

8.8CVSS7.5AI score0.03089EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:26 p.m.•27 views

K79240502: BIG-IP ASM Bot Detection DNS cache does not expire security exposure

Security Advisory Description When BIG-IP ASM Bot Detection is configured, the BIG-IP ASM system performs a reverse DNS lookup to determine if bot traffic classified as legitimate is, in fact, from those services for example, Google. These DNS responses are cached indefinitely until the Traffic...

6.6AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:26 p.m.•28 views

K6535: Denial of service vulnerability in GnuPG - CVE-2006-3082

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

6.4AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:26 p.m.•31 views

K70204455: Multiple MySQL vulnerabilities

Security Advisory Description CVE-2016-0640 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect integrity and availability via vectors related to DML. CVE-2016-0642 Unspecified vulnerability in Oracle MySQL 5.5.48 a...

6.1CVSS5.2AI score0.01802EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:26 p.m.•47 views

K48448204: PHP vulnerability CVE-2016-6207

Security Advisory Description Integer overflow in the gdContributionsAlloc function in gdinterpolation.c in GD Graphics Library aka libgd before 2.2.3 allows remote attackers to cause a denial of service out-of-bounds memory write or memory consumption via unspecified vectors. CVE-2016-6207 Impac...

6.5CVSS8AI score0.06256EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:26 p.m.•21 views

K25165813: BIG-IP SSL connection Alert Timeout security exposure

Security Advisory Description The mitigation for K41515225: BIG-IP SSL connection security exposure may not work in all conditions. If after applying the workaround in K41515225: BIG-IP SSL connection security exposure, setting the Alert Timeout to its minimum value of 1 second, you continue to...

6.5AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:25 p.m.•31 views

K2104: Buffer read overflow in DNS resolver libraries - CAN-2002-1146

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

5CVSS6.3AI score0.03279EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:25 p.m.•33 views

K17444: libXfont vulnerabilities CVE-2015-1802, CVE-2015-1803, and CVE-2015-1804

Security Advisory Description CVE-2015-1802 The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service out-of-bounds write and crash or possibly execute arbitrary code via a 1 negative or ...

8.5CVSS6.4AI score0.04923EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:25 p.m.•35 views

K17445: Linux kernel vulnerability CVE-2015-4700

Security Advisory Description The bpfintjitcompile function in arch/x86/net/bpfjitcomp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service system crash by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT...

4.9CVSS6.2AI score0.00451EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:25 p.m.•47 views

K16976: PHP vulnerability CVE-2015-1352

Security Advisory Description The buildtablename function in pgsql.c in the PostgreSQL aka pgsql extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service. CVE-2015-1352 Impact There is no impact; F5 products are...

5CVSS7.5AI score0.07704EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:25 p.m.•56 views

K16950: SQLite vulnerability CVE-2015-3416

Security Advisory Description The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service integer overflow and stack-based buffer overfl...

7.5CVSS8.4AI score0.05531EPSS
Exploits0Affected Software21
F5 Networks
F5 Networks
•added 2023/02/21 7:25 p.m.•37 views

K16946: Boost memory allocator vulnerability CVE-2012-2677

Security Advisory Description Integer overflow in the orderedmalloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to ...

5CVSS9AI score0.03889EPSS
Exploits1Affected Software19
F5 Networks
F5 Networks
•added 2023/02/21 7:25 p.m.•37 views

K17446: Linux kernel vulnerability CVE-2015-0777

Security Advisory Description drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 aka the Xen 3.4.x support patches for the Linux kernel 2.6.18, as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized...

2.1CVSS6.7AI score0.00413EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:25 p.m.•43 views

K17449: Apache Struts 2 vulnerability CVE-2015-5169

Security Advisory Description Cross-site scripting XSS vulnerability in Apache Struts before 2.3.20. CVE-2015-5169 When debug mode is switched on in Apache Struts, under certain conditions, an arbitrary script may be executed in the 'Problem Report' screen. Affected versions are Struts 2.0.0 -...

6.1CVSS6.3AI score0.07551EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:25 p.m.•48 views

K17447: Linux kernel UDF vulnerabilities CVE-2014-9728, CVE-2014-9729, and CVE-2014-9730

Security Advisory Description CVE-2014-9728 The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service buffer over-read and system crash via a crafted filesystem image, related to fs/udf/inode.c and...

4.9CVSS6.2AI score0.00451EPSS
Exploits0Affected Software19
F5 Networks
F5 Networks
•added 2023/02/21 7:25 p.m.•178 views

K17448: OpenSSH vulnerability CVE-2001-1473

Security Advisory Description The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target...

7.5CVSS6.6AI score0.06268EPSS
Exploits0Affected Software19
F5 Networks
F5 Networks
•added 2023/02/21 7:25 p.m.•33 views

K89941125: mod_auth_openidc vulnerability CVE-2021-20718

Security Advisory Description modauthopenidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service DoS condition via unspecified vectors. CVE-2021-20718 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development ha...

7.5CVSS7.5AI score0.03395EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:25 p.m.•34 views

K82350223: MySQL vulnerabilities CVE-2018-2766, CVE-2018-2769, CVE-2018-2771, CVE-2018-2773, and CVE-2018-2775

Security Advisory Description CVE-2018-2766 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via...

6.8CVSS6AI score0.03592EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:25 p.m.•41 views

K16285: OpenSSL vulnerability CVE-2012-2110

Security Advisory Description The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service memory...

7.5CVSS8.9AI score0.48298EPSS
Exploits8Affected Software13
F5 Networks
F5 Networks
•added 2023/02/21 7:25 p.m.•47 views

K50462644: Linux kernel vulnerability CVE-2016-5343

Security Advisory Description drivers/soc/qcom/qdsp6v2/voicesvc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to cause a denial of service memory corruption or...

9.8CVSS8AI score0.03304EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:9 p.m.•54 views

K17120: Linux kernel vulnerability CVE-2014-8134

Security Advisory Description The paravirtopssetup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirtenabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that rea...

3.3CVSS5.6AI score0.00703EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:8 p.m.•56 views

K6919: Cross-site scripting vulnerability in my.activation.php3 CVE-2007-3097

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

7.5CVSS6.2AI score0.02204EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:8 p.m.•19 views

K6916: Case change in URL host name circumvents Accessibility Scope

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.5AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:8 p.m.•27 views

K17218: Libvirt vulnerability CVE-2014-8135

Security Advisory Description The storageVolUpload function in storage/storagedriver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service NULL pointer dereference and daemon crash via a crafted offset value in a "virsh vol-upload"...

2.1CVSS6.5AI score0.00467EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:8 p.m.•29 views

K17213: Apache vulnerability CVE-2002-0392

Security Advisory Description Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. CVE-2002-0392 Impact There is no impact; F...

7.5CVSS7.8AI score0.95027EPSS
Exploits8
F5 Networks
F5 Networks
•added 2023/02/21 7:8 p.m.•43 views

K16983: PCRE library vulnerability CVE-2015-2325

Security Advisory Description PCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compilebranch, the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applicatio...

7.8CVSS8.2AI score0.01575EPSS
Exploits1Affected Software21
F5 Networks
F5 Networks
•added 2023/02/21 7:8 p.m.•26 views

K16984: PCRE library vulnerability CVE-2015-2326

Security Advisory Description PCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcrecompile2, the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many...

5.5CVSS8.1AI score0.01592EPSS
Exploits1Affected Software2
F5 Networks
F5 Networks
•added 2023/02/21 7:8 p.m.•53 views

K16442: MIT Kerberos 5 vulnerability CVE-2014-9422

Security Advisory Description The checkrpcsecauth function in kadmin/server/kadmrpcsvc.c in kadmind in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/ authorization check and obtain administrative access...

6.1CVSS8AI score0.02726EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:8 p.m.•30 views

K16429: Linux kernel vulnerability CVE-2015-0239

Security Advisory Description The emsysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service guest OS crash by triggering use of a 16-bit code...

4.4CVSS6.5AI score0.00643EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:8 p.m.•128 views

K15702: SSLv3 vulnerability CVE-2014-3566

Security Advisory Description A flaw in the design of Secure Socket Layer SSL version 3.0 has been discovered that may allow a network attacker to force a client to negotiate an SSL handshake using SSL version 3.0 ciphers instead of Transport Layer Security TLS version 1.x ciphers. The attacker c...

4.3CVSS6.5AI score0.99999EPSS
Exploits7Affected Software21
F5 Networks
F5 Networks
•added 2023/02/21 7:8 p.m.•30 views

K15369: OpenSSL vulnerability CVE-2009-0591

Security Advisory Description The CMSverify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually...

2.6CVSS9.2AI score0.02735EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:8 p.m.•46 views

K15341: BIG-IP ASM Virtual Edition may run out of memory under certain DoS conditions

Security Advisory Description The BIG-IP ASM system limits the maximum number of concurrent requests with large payloads 10,000 bytes or larger by default to 100, using the maxconcurrentlongrequest internal parameter. The BIG-IP ASM system drops new requests with large payloads once this limit is...

6.5AI score
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:8 p.m.•40 views

K15358: OpenSSL vulnerability CVE-2009-0590

Security Advisory Description The ASN1STRINGprintex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service invalid memory access and application crash via vectors that trigger printing of a 1 BMPString or 2 UniversalString with an invalid encoded length...

5CVSS8.4AI score0.06194EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:8 p.m.•20 views

K15350: OpenSSL vulnerability CVE-2008-1672

Security Advisory Description OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service crash via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference. CVE-2008-1672 Impact None. No F5 produc...

4.3CVSS7.2AI score0.05EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:8 p.m.•33 views

K15300: Apache HTTP Server mod_dav DoS vulnerability CVE-2013-6438

Security Advisory Description The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE...

5CVSS7.2AI score0.26831EPSS
Exploits2Affected Software1
F5 Networks
F5 Networks
•added 2023/02/21 7:8 p.m.•33 views

K30150004: The attack signature check may fail to detect and block malicious requests

Security Advisory Description The web application firewall attack signature check may fail to detect and block malicious request containing certain decimal-coded characters. This issue occurs when all of the following conditions are met: You are using one of the following web application firewall...

6.6AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:7 p.m.•61 views

K72813580: glibc vulnerabilities CVE-2017-1000408 and CVE-2017-1000409

Security Advisory Description CVE-2017-1000408 A memory leak in glibc 2.1.1 released on May 24, 1999 can be reached and amplified through the LDHWCAPMASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. CVE-2017-100040...

7.8CVSS7.5AI score0.0145EPSS
Exploits6
F5 Networks
F5 Networks
•added 2023/02/21 7:7 p.m.•19 views

K6365: Multiple DNS vulnerabilities VU#955777

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...

7.1AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:7 p.m.•38 views

K6806: ClamAV UPX heap overflow Vulnerability - CVE-2006-4018

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

7.5CVSS6.9AI score0.19058EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:7 p.m.•41 views

K14410: Multiple MySQL vulnerabilities

Security Advisory Description For BIG-IP systems using the MySQL database, the following MySQL vulnerabilities may allow local users to gain knowledge of sensitive information, manipulate certain data, or cause a Denial of Service DoS: CVE-2011-2262 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101...

5.5CVSS5.3AI score0.03309EPSS
Exploits0Affected Software7
F5 Networks
F5 Networks
•added 2023/02/21 7:7 p.m.•45 views

K51591999: Multiple Java vulnerabilities CVE-2020-14562, CVE-2020-14573, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581, CVE-2020-14593

Security Advisory Description CVE-2020-14562 Vulnerability in the Java SE product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols ...

7.4CVSS5.7AI score0.05166EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:7 p.m.•81 views

K48131150: Linux kernel vulnerability CVE-2019-19065

Security Advisory Description A memory leak in the sdmainit function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service memory consumption by triggering rhashtableinit failures, aka CID-34b3be18a04e. CVE-2019-19065 Impact There is n...

4.7CVSS6AI score0.00491EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:7 p.m.•44 views

K4532: gzip vulnerabilities CAN-2005-0758, CAN-2005-0988, and CAN-2005-1228

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...

7.2AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:6 p.m.•45 views

K8108: OpenSSL vulnerability CVE-2007-3108

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

1.2CVSS7.4AI score0.00409EPSS
Exploits1
F5 Networks
F5 Networks
•added 2023/02/21 7:6 p.m.•65 views

K8106: OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

6.8CVSS7.8AI score0.16061EPSS
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:6 p.m.•18 views

K2452: Vulnerabilities in the HTTP TRACE method - VU#867593

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.4AI score
Exploits0
F5 Networks
F5 Networks
•added 2023/02/21 7:6 p.m.•25 views

K16196: MCPQ vulnerability CVE-2014-6031

Security Advisory Description MCPQ has been found to suffer from a remote buffer overflow vulnerability. The vulnerability is available to authenticated administrative users only. CVE-2014-6031 Impact Exploitation of these vulnerabilities may allow a malicious, authenticated user to cause a...

4.9CVSS5.4AI score0.01073EPSS
Exploits0Affected Software14
Total number of security vulnerabilities6413