Lucene search
K

6389 matches found

F5 Networks
F5 Networks
•added 2025/12/31 6:10 a.m.•7 views

K000158953: Linux kernel vulnerability CVE-2025-39702

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this. CVE-2025-39702 Impact There is no...

7CVSS6.3AI score0.00149EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/12/31 5:49 a.m.•7 views

K000158952: Intel UEFI vulnerability CVE-2025-35968

Security Advisory Description Protection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This resul...

7.1CVSS6.8AI score0.00113EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/12/22 12:27 a.m.•18 views

K000158882: Intel UEFI firmware vulnerability CVE-2024-31155

Security Advisory Description Improper buffer restrictions in the UEFI firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2024-31155 Impact There is no impact; F5 products are not affected by this vulnerability...

8.7CVSS6.9AI score0.00193EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/12/22 12:11 a.m.•10 views

K000158881: Intel Xeon processor vulnerability CVE-2025-20053

Security Advisory Description Improper buffer restrictions for some IntelR XeonR Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-20053 Impact There is no impact; F5 products are not affected by this...

7.2CVSS6.8AI score0.00143EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/12/19 12:10 p.m.•10 views

K000158857: SQLite vulnerability CVE-2025-52099

Security Advisory Description Rejected Reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been remove...

6.5AI score0.00047EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/12/18 11:30 p.m.•8 views

K000158850: PCIe IDE protocol specification vulnerabilities CVE-2025-9612, CVE-2025-9613, and CVE-2025-9614

Security Advisory Description CVE-2025-9612 An issue was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on Transaction Layer Packet TLP ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without...

6.5CVSS7.5AI score0.00205EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/12/17 2:56 p.m.•12 views

K000158176: NGINX Ingress Controller vulnerability CVE-2025-14727

Security Advisory Description A vulnerability exists in the NGINX Ingress Controller nginx . org/rewrite-target annotation validation. CVE-2025-14727 Note : Support for path rewrites using the nginx . org/rewrite-target annotation was added in NGINX Ingress Controller version 5.3.0. For more...

8.7CVSS6.6AI score0.00373EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2025/12/15 5:20 p.m.•7 views

K000158206: Apache HTTP Server vulnerability CVE-2025-66200

Security Advisory Description moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7...

5.4CVSS6.5AI score0.00591EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/12/15 4:7 a.m.•10 views

K000158199: LibTIFF vulnerability CVE-2023-52355

Security Advisory Description An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64 API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. CVE-2023-52355...

7.5CVSS6AI score0.01725EPSS
Exploits1
F5 Networks
F5 Networks
•added 2025/12/15 4:2 a.m.•7 views

K000158198: Linux Kernel vulnerability CVE-2025-38718

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctprcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. CVE-2025-38718 Impact The...

7.8CVSS5.5AI score0.00151EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/12/15 3:58 a.m.•12 views

K000158197: Linux Kernel vulnerability CVE-2022-50406

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: iomap: iomap: fix memory corruption when recording errors during writeback. CVE-2022-50406 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...

7.8CVSS5.6AI score0.00152EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/12/12 2:44 p.m.•8 views

K000158185: glibc vulnerability CVE-2024-33599

Security Advisory Description nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's nscd fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in...

8.1CVSS7.2AI score0.0131EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/12/11 10:31 p.m.•16 views

K000158155: React framework vulnerability CVE-2025-55183

Security Advisory Description An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and...

5.3CVSS5.8AI score0.62405EPSS
Exploits7
F5 Networks
F5 Networks
•added 2025/12/11 9:53 p.m.•17 views

K000158154: React framework vulnerability CVE-2025-55184

Security Advisory Description A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and...

7.5CVSS5.8AI score0.65592EPSS
Exploits10
F5 Networks
F5 Networks
•added 2025/12/10 6:7 a.m.•10 views

K000158136: Linux kernel vulnerabilities CVE-2023-53232 and CVE-2023-53257

Security Advisory Description CVE-2023-53232 In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data The MT7921 driver no longer uses eeprom.data, but the relevant code has not been removed completely since commit...

7.8CVSS5.4AI score0.00149EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/12/09 6:48 p.m.•8 views

K000158128: SQLite vulnerability CVE-2025-6965

Security Advisory Description There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. CVE-2025-6965 Impact There...

7.7CVSS7.1AI score0.73495EPSS
Exploits3
F5 Networks
F5 Networks
•added 2025/12/09 6:22 p.m.•6 views

K000158127: Linux kernel vulnerability CVE-2023-53354

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 "skbuff: in skbsegment, call zerocopy functions once per nskb" added the call to zero copy functions in...

5.5CVSS5.2AI score0.00177EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/12/09 5:55 p.m.•6 views

K000158126: Linux kernel vulnerability CVE-2023-53331

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a "pstore/ram: Do not treat empty buffers as valid", initialization would assume a prz was valid after seeing that the...

7.8CVSS5.5AI score0.00147EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/12/09 5:49 p.m.•8 views

K000158112: iputils vulnerability CVE-2025-47268

Security Advisory Description ping in iputils before 20250602 allows a denial of service application error or incorrect data collection via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication. CVE-2025-47268 Impact A malicious, authenticated...

6.5CVSS6.9AI score0.01455EPSS
Exploits1Affected Software14
F5 Networks
F5 Networks
•added 2025/12/09 3:43 p.m.•6 views

K000158115: Expat vulnerability CVE-2025-59375

Security Advisory Description libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. CVE-2025-59375 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...

7.5CVSS5.7AI score0.01279EPSS
Exploits1
F5 Networks
F5 Networks
•added 2025/12/09 7:38 a.m.•9 views

K000158118: PostgreSQL vulnerabilities CVE-2025-8713, CVE-2025-8715

Security Advisory Description CVE-2025-8713 PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables...

8.8CVSS8AI score0.00385EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/12/04 3:55 a.m.•10 views

K000158069: LibTIFF vulnerability CVE-2023-6277

Security Advisory Description An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. CVE-2023-6277 Impact There is no impact; F5 products are not affected by...

6.5CVSS7AI score0.01825EPSS
Exploits1
F5 Networks
F5 Networks
•added 2025/12/03 6:17 p.m.•13 views

K000158059: Next.js vulnerability CVE-2025-66478

Security Advisory Description This candidate has been reserved by a CVE Numbering Authority CNA. This record will be updated by the assigning CNA once details are available. Learn more about the Reserved state here. CVE-2025-66478 Impact There is no impact; F5 products are not affected by this...

7.2AI score
Exploits111
F5 Networks
F5 Networks
•added 2025/12/03 5:16 p.m.•11 views

K000158050: SQLite vulnerability CVE-2019-8457

Security Advisory Description SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode function when handling invalid rtree tables. CVE-2019-8457 Impact This vulnerability allows a remote, low-privileged user to trigger a heap out-of-bounds read in the...

9.8CVSS8.4AI score0.45426EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
•added 2025/12/03 5:6 p.m.•18 views

K000158058: React framework vulnerability CVE-2025-55182

Security Advisory Description A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable...

10CVSS7.7AI score0.99562EPSS
Exploits374
F5 Networks
F5 Networks
•added 2025/12/03 4:52 p.m.•9 views

K000158042: Apache HTTP server vulnerabilities CVE-2024-47252 and CVE-2025-49812

Security Advisory Description CVE-2024-47252 Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/Transport Layer Security TLS client to insert escape characters into log files in some configurations. In a logging configuration whe...

7.5CVSS7.8AI score0.00669EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2025/12/03 6:10 a.m.•6 views

K000158049: GnuTLS vulnerability CVE-2024-0567

Security Advisory Description A vulnerability was found in GnuTLS, where a cockpit which uses gnuTLS rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or...

7.5CVSS6.4AI score0.01408EPSS
Exploits1
F5 Networks
F5 Networks
•added 2025/12/03 5:59 a.m.•9 views

K000158048: LibTIFF vulnerability CVE-2023-52356

Security Advisory Description A segment fault SEGV flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. CVE-2023-52356 Impact There is no...

7.5CVSS6.6AI score0.02187EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/12/03 5:56 a.m.•13 views

K000158047: Samba vulnerability CVE-2025-9640

Security Advisory Description A flaw was found in Samba, in the vfsstreamsxattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information...

4.3CVSS5.7AI score0.00431EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/12/02 6:41 p.m.•9 views

K000158037: Linux kernel (brcmfmac) vulnerability CVE-2022-50408

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix use-after-free bug in brcmfnetdevstartxmit ret = brcmfprototxqueuedatadrvr, ifp-ifidx, skb; may be schedule, and then complete before the line ndev-stats.txbytes += skb-len;...

7.8CVSS5.4AI score0.0015EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/12/02 8:19 a.m.•11 views

K000158030: gnuplot vulnerability CVE-2020-25969

Security Advisory Description gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest. CVE-2020-25969 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported...

9.8CVSS6.9AI score0.01021EPSS
Exploits1
F5 Networks
F5 Networks
•added 2025/12/01 10:42 p.m.•9 views

K000158021: Linux kernel (brcmfmac) vulnerability CVE-2023-53213

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: slab-out-of-bounds read in brcmfgetassocies Fix a slab-out-of-bounds read that occurs in kmemdup called from brcmfgetassocies. The bug could occur when associnfo-reqlen, data from a U...

7.1CVSS5.9AI score0.00152EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/12/01 5:50 p.m.•8 views

K000158023: Linux kernel (nfs) vulnerability CVE-2025-39697

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfslockandjoinrequests tests for whether the request is still attached to the mapping, nothing prevents a call to nfsinoderemoverequest from...

4.7CVSS5.3AI score0.00132EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/12/01 5:40 p.m.•10 views

K000158022: Linux kernel vulnerability CVE-2023-53226

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix OOB and integer underflow when rx packets Make sure mwifiexprocessmgmtpacket, mwifiexprocessstarxpacket and mwifiexprocessuaprxpacket, mwifiexuapqueuebridgedpkt and...

5.5CVSS5.2AI score0.00149EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/12/01 5:29 p.m.•6 views

K000158020: Linux kernel (nfs) vulnerability CVE-2025-38571

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tlsalertrecv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instea...

5.5CVSS6.5AI score0.00146EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/12/01 5:23 p.m.•10 views

K000158019: Linux kernel (nfs) vulnerability CVE-2025-38566

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tlsalertrecv due to its assumption it can read data from the msg iterator's kvec.. kTLS...

7.5CVSS6.5AI score0.00528EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/11/28 6:9 a.m.•11 views

K000158001: Linux kernel vulnerability CVE-2023-53185

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes A bad USB device is able to construct a service connection response message with target endpoint being ENDPOINT0 which is reserved for...

5.5CVSS5.3AI score0.00149EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/11/26 8:58 p.m.•12 views

K000157991: Multiple LibTIFF vulnerabilities

Security Advisory Description CVE-2023-0803 LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. CVE-2023-0802...

6.8CVSS7AI score0.00435EPSS
Exploits9
F5 Networks
F5 Networks
•added 2025/11/26 8:58 p.m.•9 views

K000157990: Multiple LibTIFF vulnerabilities

Security Advisory Description CVE-2023-41175 A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based...

6.8CVSS8.2AI score0.01131EPSS
Exploits6
F5 Networks
F5 Networks
•added 2025/11/26 8:54 p.m.•10 views

K000157988: Multiple LibTIFF vulnerabilities

Security Advisory Description CVE-2022-3570 Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosur...

7.7CVSS6.8AI score0.0125EPSS
Exploits7
F5 Networks
F5 Networks
•added 2025/11/26 8:54 p.m.•8 views

K000157989: Multiple LibTIFF vulnerabilities

Security Advisory Description CVE-2016-9453 The t2preadwritepdfimagetile function in LibTIFF allows remote attackers to cause a denial of service out-of-bounds write and crash or possibly execute arbitrary code via a JPEG file with a TIFFTAGJPEGTABLES of length one. CVE-2016-5323 The...

8.8CVSS7.9AI score0.05789EPSS
Exploits3
F5 Networks
F5 Networks
•added 2025/11/26 8:50 p.m.•9 views

K000157986: Multiple LibTIFF vulnerabilities

Security Advisory Description CVE-2016-9532 Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service out-of-bounds read via a crafted tif file. CVE-2016-5322 The setByteArray function in tifdir.c in...

9.1CVSS7.3AI score0.04837EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/11/26 8:47 p.m.•9 views

K000157987: Multiple LibTIFF vulnerabilities

Security Advisory Description CVE-2022-0891 A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential...

7.1CVSS7.2AI score0.01542EPSS
Exploits9
F5 Networks
F5 Networks
•added 2025/11/26 8:34 p.m.•12 views

K000157985: LibTIFF vulnerabilities CVE-2020-35522, CVE-2020-35521, CVE-2020-35524, and CVE-2020-35523

Security Advisory Description CVE-2020-35522 In LibTIFF, there is a memory malloc failure in tifpixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. CVE-2020-35521 A flaw was found in libtiff. Due to a memory allocation failure in tifread.c, a...

7.8CVSS7.9AI score0.01922EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/11/26 8:32 p.m.•10 views

K000157984: Multiple LibTIFF vulnerabilities

Security Advisory Description CVE-2012-4564 ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory...

8.8CVSS8AI score0.13521EPSS
Exploits4
F5 Networks
F5 Networks
•added 2025/11/25 5:31 p.m.•9 views

K000157965: Linux Kernel vulnerability CVE-2022-48701

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix an out-of-bounds bug in sndusbparseaudiointerface There may be a bad USB audio device with a USB ID of 0x04fa, 0x4201 and the number of it's interfaces less than 4, an...

7.1CVSS5.3AI score0.00238EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/11/25 2:41 p.m.•8 views

K000157962: Linux kernel (Bluetooth) vulnerability CVE-2023-53386

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix potential use-after-free when clear keys Similar to commit c5d2b6fa26b5 "Bluetooth: Fix use-after-free in hciremoveltk/hciremoveirk". We can not access k after kfreercu call...

7.8CVSS5.2AI score0.00139EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/11/25 2:37 p.m.•7 views

K000157961: Linux kernel (SCPI) vulnerability CVE-2022-50087

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: firmware: armscpi: Ensure scpiinfo is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpiinfo is not set and will remain NULL until the probe succeeds...

7.8CVSS5.4AI score0.00165EPSS
Exploits0
F5 Networks
F5 Networks
•added 2025/11/24 4:43 p.m.•11 views

K000157948: BIND vulnerability CVE-2025-40780

Security Advisory Description In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through...

8.6CVSS6.7AI score0.00454EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
•added 2025/11/21 4:19 p.m.•10 views

K000157932: NPM vulnerabilities CVE-2025-59037, CVE-2025-59038, and CVE-2025-59039

Security Advisory Description CVE-2025-59037 DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware along with several other packages. An attacker published new versions of four of DuckDB's...

9.3CVSS7.2AI score0.00349EPSS
Exploits0
Total number of security vulnerabilities6389