Lucene search
K

6413 matches found

F5 Networks
F5 Networks
added 2023/02/21 7:6 p.m.17 views

K15730: OpenSSH vulnerability

Security Advisory Description The mmnewkeysfromblob function in monitorwrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-she...

6CVSS7.8AI score0.0267EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 7:6 p.m.31 views

K15722: OpenSSL DTLS SRTP Memory Leak CVE-2014-3513

Security Advisory Description A flaw in the DTLS SRTP extension parsing code allows an attacker, who ends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial of Service attack. This issue affects...

7.1CVSS7.3AI score0.37072EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
added 2023/02/21 7:6 p.m.44 views

K89096577: LibTIFF vulnerabilities CVE-2016-5314 and CVE-2015-8784

Security Advisory Description CVE-2016-5314 Buffer overflow in the PixarLogDecode function in tifpixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by...

8.8CVSS8.6AI score0.04653EPSS
Exploits1Affected Software2
F5 Networks
F5 Networks
added 2023/02/21 7:6 p.m.37 views

K8837: OpenSSL DTLS off-by-one error - CVE-2007-4995

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

9.3CVSS8.5AI score0.11164EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 7:6 p.m.39 views

K43322910: Linux kernel vulnerability CVE-2017-6135

Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory OOM...

7.8CVSS7.7AI score0.01637EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
added 2023/02/21 7:6 p.m.13 views

K21485342: Configuration utility CSRF vulnerability

Security Advisory Description When an authenticated Configuration utility user visits a specially crafted web page, the user's current session can be logged out and unknowingly logged in to the Configuration utility using a different user account. Impact When exploited, the authenticated...

6.5AI score
Exploits0Affected Software14
F5 Networks
F5 Networks
added 2023/02/21 7:6 p.m.33 views

K36361684: Apache Thrift vulnerability CVE-2018-1320

Security Advisory Description Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled i...

7.5CVSS7.2AI score0.08188EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:6 p.m.50 views

K37155600: BIG-IP RTSP profile vulnerability CVE-2022-28691

Security Advisory Description When a Real Time Streaming Protocol RTSP profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel TMM resource utilization. CVE-2022-28691 Impact System performance can degrade until the process is either...

7.5CVSS7.3AI score0.00868EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
added 2023/02/21 7:6 p.m.28 views

K45212738: SNMP vulnerability CVE-2019-20892

Security Advisory Description net-snmp before 5.8.1.pre1 has a double free in usmfreeusmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release...

6.5CVSS7.3AI score0.02315EPSS
Exploits1Affected Software14
F5 Networks
F5 Networks
added 2023/02/21 7:6 p.m.68 views

K02553911: Java vulnerabilities CVE-2020-14556, CVE-2020-14583, and CVE-2020-14664

Security Advisory Description CVE-2020-14556 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticate...

8.3CVSS6.3AI score0.04245EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:6 p.m.32 views

K23520761: BIG-IP ASM and BIG-IP AFM/BIG-IP Analytics vulnerability CVE-2018-5505

Security Advisory Description On F5 BIG-IP 13.1.0 - 13.1.0.3, when ASM and one or more of these modules AFM/AVR are provisioned, the Traffic Management Microkernel TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol setting is se...

5.9CVSS6.1AI score0.02126EPSS
Exploits0Affected Software3
F5 Networks
F5 Networks
added 2023/02/21 7:6 p.m.83 views

K45164470: Linux kernel vulnerability CVE-2022-36946

Security Advisory Description nfqnlmangle in net/netfilter/nfnetlinkqueue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service panic because, in the case of an nfqueue verdict with a one-byte nftapayload attribute, an skbpull can encounter a negative skb-len...

7.5CVSS6.3AI score0.05542EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 7:6 p.m.73 views

K80996302: Multiple NTP vulnerabilities

Security Advisory Description CVE-2016-7427 The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service reject broadcast mode packets via a crafted broadcast mode packet. CVE-2016-7428 ntpd in NTP before 4.2.8p9 allows remo...

7.5CVSS6.4AI score0.31192EPSS
Exploits3
F5 Networks
F5 Networks
added 2023/02/21 7:6 p.m.17 views

K1518: Multiple SSH1 vulnerabilities - CA-2001-35

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...

6.9AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:6 p.m.67 views

K14445: Linux kernel vulnerability CVE-2013-2094

Security Advisory Description The perfsweventinit function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type. CVE-2013-2094 Impact Local users may be able to gain privileges through a crafted perfeventopen system call. Security Advisory Status F5 Product...

8.4CVSS7.6AI score0.47709EPSS
Exploits15Affected Software14
F5 Networks
F5 Networks
added 2023/02/21 7:6 p.m.31 views

K17524: NTP vulnerability CVE-2015-7854

Security Advisory Description Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted key file. CVE-2015-7854 Impact...

8.8CVSS8.2AI score0.1456EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:5 p.m.33 views

K15172: BIND vulnerability CVE-2010-3762

Security Advisory Description Description ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service daemon crash via a DNS query...

4.3CVSS6.8AI score0.08086EPSS
Exploits0Affected Software10
F5 Networks
F5 Networks
added 2023/02/21 7:5 p.m.45 views

K10550253: ImageMagick vulnerability CVE-2016-3715

Security Advisory Description The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. CVE-2016-3715 Note : This vulnerability is one of the series of vulnerabilities known as ImageTragick. Impact Exploiting...

5.8CVSS6.3AI score0.75383EPSS
Exploits5Affected Software10
F5 Networks
F5 Networks
added 2023/02/21 7:5 p.m.27 views

K42875540: Enterprise Monitor component of Oracle MySQL vulnerability CVE-2016-5590

Security Advisory Description Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL subcomponent: Monitoring: Agent. Supported versions that are affected are 3.1.3.7856 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via TLS to...

7.2CVSS6.8AI score0.02028EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:5 p.m.39 views

K17248: OpenSSL vulnerability CVE-2010-0742

Security Advisory Description The Cryptographic Message Syntax CMS implementation in crypto/cms/cmsasn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or...

7.5CVSS8.3AI score0.07834EPSS
Exploits2Affected Software9
F5 Networks
F5 Networks
added 2023/02/21 7:5 p.m.78 views

K17267: XSS vulnerability in Apache CVE-2002-0840

Security Advisory Description Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the...

6.8CVSS6.4AI score0.94006EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:5 p.m.41 views

K17254: NTP-keygen vulnerability CVE-2015-3405

Security Advisory Description flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. CVE-2015-3405 - pending Impact There...

7.5CVSS7.6AI score0.05292EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:5 p.m.36 views

K17251: Apache vulnerability CVE-2015-3183

Security Advisory Description The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values...

5CVSS6.3AI score0.73327EPSS
Exploits0Affected Software20
F5 Networks
F5 Networks
added 2023/02/21 7:5 p.m.158 views

K17247: PHP vulnerability CVE-2015-1351

Security Advisory Description Use-after-free vulnerability in the zendsharedmemdup function in zendsharedalloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2015-1351 Impact...

7.5CVSS7.9AI score0.08646EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 7:5 p.m.37 views

K13598: OpenSSL vulnerability CVE-2012-0884

Security Advisory Description The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data using a Million Message Attack M...

8.4AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:5 p.m.77 views

K13588: PHP vulnerability CVE-2011-4885

Security Advisory Description PHP versions prior to 5.3.9 compute hash values for form parameters without restricting the ability to trigger hash collisions predictably, which may allow remote attackers to cause a denial of service DoS CPU consumption by sending many crafted parameters...

5CVSS9.3AI score0.83911EPSS
Exploits15Affected Software9
F5 Networks
F5 Networks
added 2023/02/21 7:5 p.m.54 views

K81903701: Libpng vulnerability CVE-2015-8472

Security Advisory Description Buffer overflow in the pngsetPLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service application crash or possibly have...

7.5CVSS8.6AI score0.06054EPSS
Exploits0Affected Software21
F5 Networks
F5 Networks
added 2023/02/21 7:5 p.m.34 views

K05013313: IPsec vulnerability CVE-2015-4047

Security Advisory Description racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service NULL pointer dereference and IKE daemon crash via a series of crafted UDP requests. CVE-2015-4047 Impact When this vulnerability is exploited, the remote attacker may be able us...

7.8CVSS7.3AI score0.09877EPSS
Exploits1Affected Software21
F5 Networks
F5 Networks
added 2023/02/21 7:5 p.m.59 views

K34341852: Apache Tomcat 6.x vulnerability CVE-2015-5345

Security Advisory Description The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.67, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via...

5.3CVSS6.8AI score0.1838EPSS
Exploits0Affected Software17
F5 Networks
F5 Networks
added 2023/02/21 7:5 p.m.45 views

K34958244: PHP vulnerability CVE-2016-3074

Security Advisory Description Integer signedness error in GD Graphics Library 2.1.1 aka libgd or libgd2 allows remote attackers to cause a denial of service crash or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow. CVE-2016-3074 Impa...

9.8CVSS9.3AI score0.36974EPSS
Exploits8Affected Software7
F5 Networks
F5 Networks
added 2023/02/21 7:4 p.m.61 views

K6623: OpenSSL signature vulnerability - CVE-2006-4339

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this Solution have not been evaluated for...

4.3CVSS7.7AI score0.04894EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 7:4 p.m.43 views

K11270891: Multiple Intel Linux Wi-Fi Drivers vulnerabilities CVE-2020-12313, CVE-2020-12317, CVE-2020-12319, CVE-2017-13080

Security Advisory Description CVE-2020-12313 Insufficient control flow management in some IntelR PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. CVE-2020-12317 Improper buffer restriction in...

8.8CVSS7.6AI score0.02285EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:4 p.m.44 views

K05918709: PHP vulnerability CVE-2016-7479

Security Advisory Description In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution. CVE-2016-7479 Impact There is no impact; F5...

9.8CVSS9.3AI score0.41943EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 7:4 p.m.39 views

K08421805: GStreamer vulnerability CVE-2016-9635

Security Advisory Description Heap-based buffer overflow in the flxdecodedeltafli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash by providing a skip count that goes...

9.8CVSS9.3AI score0.09267EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 7:4 p.m.25 views

K16558: Linux kernel vulnerability CVE-2014-8884

Security Advisory Description Stack-based buffer overflow in the ttusbdecfedvbsdiseqcsendmastercmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service system crash or possibly gain privileges via a large message...

6.1CVSS6.8AI score0.00638EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:4 p.m.37 views

K25552364: GNU C Library vulnerability CVE-2015-8985

Security Advisory Description The popfailstack function in the GNU C Library aka glibc or libc6 allows context-dependent attackers to cause a denial of service assertion failure and application crash via vectors related to extended regular expression processing. CVE-2015-8985 Impact This...

5.9CVSS7.3AI score0.03001EPSS
Exploits0Affected Software24
F5 Networks
F5 Networks
added 2023/02/21 7:4 p.m.31 views

K16827: Apache Struts vulnerability CVE-2015-1831

Security Advisory Description Description Incorrect default exclude patterns were introduced in version 2.3.20 of Struts, if default settings are used, the attacker can compromise internal application's state. CVE-2015-1831 Impact There is no impact; F5 products are not affected by this...

7.5CVSS6.5AI score0.06312EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:4 p.m.168 views

K15159: OpenSSL vulnerability CVE-2014-0160

Security Advisory Description The 1 TLS and 2 DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as...

7.5CVSS8.6AI score0.99999EPSS
Exploits88Affected Software11
F5 Networks
F5 Networks
added 2023/02/21 7:4 p.m.46 views

K16837: tcpdump before 4.7.2 vulnerabilities CVE-2015-0261, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155

Security Advisory Description Description CVE-2015-0261 Integer signedness error in the mobilityoptprint function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service out-of-bounds read and crash or possibly execute arbitrary code via a negativ...

7.5CVSS8.7AI score0.19028EPSS
Exploits5Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:4 p.m.18 views

K16838: XSS vulnerability in the BIG-IP and Enterprise Manager Configuration utilities CVE-2015-1470

Security Advisory Description Using the BIGIPAuthUsernameCookie value with/tmui/login.jsp can expose a cross-site scripting XSS security flaw. CVE-2015-1470 Impact Some login.jsp parameters may allow an attacker to bypass XSS protection mechanisms by using a crafted cookie. Security Advisory Stat...

5.4AI score
Exploits0Affected Software14
F5 Networks
F5 Networks
added 2023/02/21 7:4 p.m.26 views

K15131: BIND vulnerability CVE-2010-0218

Security Advisory Description ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired RD queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query. CVE-2010-0218 Impact None. No F5 products are...

5CVSS6.4AI score0.03572EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:4 p.m.30 views

K15366: OpenSSL DTLS vulnerability CVE-2009-1377

Security Advisory Description Description The dtls1bufferrecord function in ssl/d1pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service memory consumption via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS...

5CVSS7.8AI score0.11274EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 7:4 p.m.44 views

K15356: OpenSSL vulnerability CVE-2014-0195

Security Advisory Description The dtls1reassemblefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denia...

6.8CVSS8.6AI score0.99977EPSS
Exploits4Affected Software18
F5 Networks
F5 Networks
added 2023/02/21 7:4 p.m.27 views

K15355: OpenSSL DTLS Buffer vulnerability CVE-2009-1379

Security Advisory Description Use-after-free vulnerability in the dtls1retrievebufferedfragment function in ssl/d1both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service openssl sclient crash and possibly have unspecified other impact via a DTLS packet, as demonstrated...

5CVSS8.2AI score0.18241EPSS
Exploits2
F5 Networks
F5 Networks
added 2023/02/21 7:4 p.m.70 views

K61974123: ImageMagick vulnerability CVE-2016-3718

Security Advisory Description The 1 HTTP and 2 FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery SSRF attacks via a crafted image. CVE-2016-3718 Note : This vulnerability is one of the series of vulnerabilities known as...

5.5CVSS6.3AI score0.76897EPSS
Exploits4Affected Software10
F5 Networks
F5 Networks
added 2023/02/21 7:3 p.m.50 views

K4119: Buffer overflow in mod_ssl - CVE-2002-0082

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...

7.5CVSS6.4AI score0.29878EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 7:3 p.m.47 views

K25102203: ImageMagick vulnerability CVE-2016-3716

Security Advisory Description The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. CVE-2016-3716 Note : This vulnerability is one of the series of vulnerabilities known as ImageTragick. Impact Exploiting this...

4.3CVSS5.8AI score0.11338EPSS
Exploits5Affected Software10
F5 Networks
F5 Networks
added 2023/02/21 7:3 p.m.115 views

K30914425: Linux vulnerabilities CVE-2022-0330 and CVE-2022-22942

Security Advisory Description CVE-2022-0330 A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system...

7.8CVSS6.9AI score0.02579EPSS
Exploits3
F5 Networks
F5 Networks
added 2023/02/21 7:3 p.m.24 views

K3456: RADIUS authentication bypass vulnerability OpenBSD Security Fix #020

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about F5's security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

6.7AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:3 p.m.18 views

K8870: OpenSSL Server Name extension Denial of Service VU#661475

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.8AI score
Exploits0
Total number of security vulnerabilities6413