K16349: Linux kernel vulnerability CVE-2009-0676

Security Advisory Description Description The sockgetsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SOBSDCOMPAT getsockopt reques...

K12650: PHP vulnerability CVE-2010-4645

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

K16882: OpenLDAP vulnerability CVE-2013-4449

Security Advisory Description Description The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service slapd crash by unbinding immediately after a search request, which triggers rwmconndestroy to free the...

K15746: Linux kernel vulnerability CVE-2012-4542

Security Advisory Description Description block/scsiioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SGIO ioctl call that leverages overlapping...

K16318: OpenSSL vulnerability CVE-2015-0287

Security Advisory Description The ASN1itemexd2i function in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service invalid wri...

K14317: OpenSSH J-PAKE vulnerability CVE-2010-4478

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate. F5 products do not include J-PAKE in the OpenSSH programs a...

K19784568: TMM vulnerability CVE-2016-5023

Security Advisory Description Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 HF4 through HF10, 11.5.3 through 11.5.4, 11.6.0 HF5 through HF7, and 12.0.0, when configured with a TCP profile, allow remote attackers to cause a denial of service Traffic Management Microkernel...

CVE-2022-1389

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP fixed in 17.0.0, a cross-site request forgery CSRF vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping,...

Cross site request forgery (csrf)

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP fixed in 17.0.0, a cross-site request forgery CSRF vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping,...

CVE-2022-1389

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP fixed in 17.0.0, a cross-site request forgery CSRF vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping,...

F5 Networks BIG-IP : BIG-IP TMUI CSRF vulnerability (K49905324)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K49905324 advisory. - On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP fixed in 17.0.0, a cross-site request...

wom-camp.net XSS vulnerability

Open Bug Bounty ID: OBB-662842 Description| Value ---|--- Affected Website:| wom-camp.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an...

CVE-2015-8022

CVE-2015-8022 affects multiple F5 BIG-IP products (LTM, Analytics, APM, ASM, GTM, Link Controller; AAM, AFM, PEM; Edge Gateway, WebAccelerator, WOM, PSM) across 11.x releases. The root cause is in the Configuration utility: an Access Policy Manager customization configuration section that allows ...

Default configuration

F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5....

CVE-2016-2084

CVE-2016-2084 affects F5 BIG-IP and BIG-IQ cloud deployments (AWS, Azure, Verizon) where certificates and keys are not regenerated during deployment, allowing potential disclosure of sensitive data or disruption. The root cause is improper regeneration of certificates/keys when deploying cloud im...

CVE-2015-8021

The CVE-2015-8021 entry maps to an actual vulnerability in the BIG-IP Configuration utility where file uploads via uploadImage.php are not properly validated. Affected BIG-IP products (LTM, Analytics, APM, ASM, GTM, Link Controller, PSM, and related modules) running vulnerable 11.x releases are e...

Code injection

dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge...

F5 Networks BIG-IP : Privilege escalation vulnerability (K75136237)

dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge...

CVE-2015-4638

The CVE-2015-4638 issue affects F5 BIG-IP products using FastL4 virtual servers (across BIG-IP LTM/AAM/AFM/Analytics/APM/ASM/GTM/Link Controller/PEM, Edge Gateway, WebAccelerator, WOM, PSM). Root cause: processing of fragmented packets in the FastL4/TMM path can cause the Traffic Management Micro...