6392 matches found
K73926196: PHPMailer vulnerability CVE-2016-10045
Security Advisory Description The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in...
K15273: Apache vulnerability CVE-2012-0053
Security Advisory Description protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long o...
K73217235: pppd vulnerability CVE-2020-8597
Security Advisory Description eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions. CVE-2020-8597 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...
K04831884: MySQL vulnerabilities CVE-2019-2800, CVE-2019-2801, CVE-2019-2802, CVE-2019-2803, and CVE-2019-2805
Security Advisory Description CVE-2019-2800 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...
K15254040: Linux kernel vulnerability CVE-2018-1130
Security Advisory Description Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccpwritexmit function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. CVE-2018-1130 Impact There is no...
K01709026: PHP vulnerabilities CVE-2017-7890 and CVE-2017-9226
Security Advisory Description CVE-2017-7890 The GIF decoding function gdImageCreateFromGifCtx in gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized...
K56138200: PHP vulnerability CVE-2016-3078
Security Advisory Description Multiple integer overflows in phpzip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted call to 1 getFromIndex or 2...
SOL7859 - Multiple PHP vulnerabilities
PHP has been cited with multiple vulnerabilities. For information about these vulnerabilities, refer to the National Vulnerabilities Database. Information about these advisories is available at the following locations: CVE-2007-1846 SQL injection vulnerability in index.php in the MyAds 2.04jp and...
K27112954: Linux kernel vulnerability CVE-2019-15292
Security Advisory Description An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalkprocexit, related to net/appletalk/atalkproc.c, net/appletalk/ddp.c, and net/appletalk/sysctlnetatalk.c. CVE-2019-15292 Impact There is no impact; F5 products are not affected...
K51975973: Eclipse Jetty vulnerability CVE-2021-34428
Security Advisory Description For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can...
K64292204: OpenSSH vulnerability CVE-2016-10010
Security Advisory Description sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. CVE-2016-10010 Impact In the default configuration,...
K14492558: PHP vulnerability CVE-2021-21708
Security Advisory Description In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTERVALIDATEFLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result ...
K72118410: Linux kernel vulnerability CVE-2021-29154
Security Advisory Description BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpfjitcomp.c and arch/x86/net/bpfjitcomp32.c. CVE-2021-29154 Impact...
K41440465: BIG-IP TMM vulnerability CVE-2022-26071
Security Advisory Description A flaw in the way reply ICMP packets are limited in the Traffic Management Microkernel TMM allows an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. CVE-2022-26071 Impact A...
Apache vulnerability CVE-2017-6146
F5 Product Development has assigned ID 572272 BIG-IP and ID 663962 Enterprise Manager to this vulnerability. To determine if your product and version have been evaluated for this vulnerability, refer to the Applies to see versions box. To determine if your release is known to be vulnerable, the...
SOL91100352 - Mozilla NSS vulnerability CVE-2016-1950
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
K17133899: Multiple Treck TCP/IP stack vulnerabilities
Security Advisory Description CVE-2020-11896 The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling. CVE-2020-11897 The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets. CVE-2020-11898 The Treck TCP/IP stack...
K05717484: PhpAdmin vulnerability CVE-2005-3299
Security Advisory Description PHP file inclusion vulnerability in grabglobals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $redirect parameter, possibly involving the subform array. CVE-2005-3299 Impact There is no impact; F5 products are not...
K35453761: cURL and libcurl vulnerability CVE-2017-2628
Security Advisory Description cURL, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVEGSSAPI define was meanwhile substituted by USEHTTPNEGOTIATE. This issue was introduced in RH...
K02912734: Intel CPU vulnerability CVE-2019-11135
Security Advisory Description TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2019-11135 Impact There is no impact; F5 products are not affected by...
K97457339: Linux kernel vulnerabilities CVE-2017-1000370 and CVE-2017-1000371
Security Advisory Description CVE-2017-1000370 The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execveed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above...
SOL01276005 - OpenSSL vulnerability CVE-2016-2182
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL17244 - Linux kernel vulnerability CVE-2015-1593
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. In BIG-IP 10.x, some platforms are running 32-bit Linux kernel and some platforms are running 64-bit, depending on their...
SOL6669 - Apache HTTP Expect header handling
The vulnerability exists in the Apache web server, which is used by FirePass. Apache will not sanitize the contents of the HTTP Expect header when receiving an HTTP request. Instead, the contents of the Expect header will be returned in a successful HTTP response. This permits executable code suc...
K06372014: PHP vulnerability CVE-2019-9023
Security Advisory Description An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur...
K97120268: Apache Log4j SQL injection vulnerability CVE-2022-23305
Security Advisory Description By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL...
K31902105: OpenSSH vulnerability CVE-2016-20012
Security Advisory Description DISPUTED OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination...
K52349521: OpenSSL vulnerability CVE-2016-2842
Security Advisory Description The doaproutch function in crypto/bio/bprint.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service out-of-bounds write or memory consumption or...
K52341555: Samba vulnerability CVE-2022-3592
Security Advisory Description A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix...
SOL62012529 - BIND vulnerability CVE-2016-1286
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
K88126845: BIG-IP APM web pages may be indexed by search engines
Security Advisory Description This issue occurs when all of the following conditions are met: Users connect to the BIG-IP APM system through the internet. The BIG-IP APM system is reachable by search engines. Impact BIG-IP APM web pages may be enumerated and other data may be disclosed. Symptoms ...
K43429502: OpenSSL RSA key generation vulnerability CVE-2018-0737
Security Advisory Description The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL...
K62444703: Multiple MySQL vulnerabilities CVE-2022-21455 and CVE-2022-21509
Security Advisory Description CVE-2022-21455 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
K16090: BIG-IP Automatic Update Check and ASM Automatic Signature Update man-in-the-middle vulnerability CVE-2014-9326
Security Advisory Description The automatic signature update functionality in the 1 Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the 2 Call Home feature in ASM 10.0.0...
K7859: Multiple PHP vulnerabilities
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K52559937: Overview of NGINX vulnerabilities (May 2021)
Security Advisory Description On May 25, 2021, NGINX announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your NGINX systems. The details of each issue can be found in the associated Security Advisory...
K74954302: PHP vulnerability CVE-2016-2554
Security Advisory Description Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted TAR archive. CVE-2016-2554...
K16847: Apache vulnerabilities CVE-2014-8109, CVE-2014-3581, CVE-2014-3583
Security Advisory Description Description CVE-2014-8109 modlua.c in the modlua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which...
SOL87416818 - TMM vulnerability CVE-2016-7476
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
K000138643: OpenSSH vulnerability CVE-2023-51767
Security Advisory Description OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks for authentication bypass because the integer value of authenticated in mmanswerauthpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat...
K32380005: Linux kernel vulnerability CVE-2019-18282
Security Advisory Description The flowdissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash instead ...
K53825211: PHP vulnerability CVE-2019-9637
Security Advisory Description An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus...
K64709522: Multiple Zip Slip vulnerabilities
Security Advisory Description CVE-2018-1002200 plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
SOL71436934 - Apache httpd vulnerability CVE-2016-4979
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL10772 - Linux NULL pointer dereference vulnerability - CVE-2009-2692
Information about this advisory is available at the following location: Note: As a result of a typo, this advisory was also referred to as CVE-2009-2962. Be advised that CVE-2009-2962 was removed as a duplicate of CVE-2009-2692. For information, refer to https://vulners.com/cve/CVE-2009-2962. Th...
SOL4616 - BSD telnet environment vulnerability CAN-2005-0488
Was this resource helpful in solving your issue? Yes - this resource was helpful No - this resource was not helpful I dont know yet NOTE: Please do not provide personal information. Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:...
K55834441: Netty vulnerability CVE-2021-21295
Security Advisory Description Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables...
K6881: SSHv1 vulnerabilities CVE-2006-4924
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...
SOL15903 - Multiple PHP vulnerabilities
Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL14434 - OpenSSH vulnerability CVE-2006-5794
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...