6389 matches found
K17407: Datastor kernel vulnerability CVE-2015-7394
Security Advisory Description The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.1.0 through 11.3.0, BIG-IP GTM 11.1.0...
K92306170: BIG-IP AFM single endpoint flood/sweep DoS vector security exposure
Security Advisory Description BIG-IP AFM single endpoint sweep and single endpoint flood DoS vector configuration states are unexpectedly disabled after updating/upgrading software to BIG-IP 14.1.0 and later. This issue occurs when all of the following conditions are met: You updated/upgraded you...
K05342145: Linux kernel vulnerability CVE-2007-6762
Security Advisory Description In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabelcipsov4.c where it is possible to overflow the doidef-tags array. CVE-2007-6762 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Stat...
K28042514: BIG-IP TMM and DNS profile vulnerability CVE-2022-23017
Security Advisory Description When a virtual server is configured with a DNS profile with the Rapid Response Mode setting enabled and is configured on a BIG-IP system, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23017 Impact System performance can...
K30911244: Advanced WAF, BIG-IP ASM, and NGINX App Protect attack signature check failure
Security Advisory Description The F5 Advanced Web Application Firewall Advanced WAF, BIG-IP ASM, and NGINX App Protect attack signature check may fail to detect and block certain HTTP requests when some signatures are disabled on the security policy and wildcard header. Impact The attack signatur...
K61705126: BIG-IP APM apd vulnerability CVE-2019-6661
Security Advisory Description When the BIG-IP APM system processes certain requests, the apd/apmd process may consume excessive resources. CVE-2019-6661 Impact BIG-IP APM When this vulnerability is exploited, the BIG-IP APM system may experience excessive resource consumption, which may cause one...
K21423526: Intel CSME and TXE vulnerability CVE-2019-0091
Security Advisory Description Code injection vulnerability in installer for IntelR CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and IntelR TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access. CVE-2019-0091 Impact A locally...
K23124150: GeoIP vulnerability CVE-2018-5521
Security Advisory Description Carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS. CVE-2018-5521 Impact BIG-IP Clients accessing the affected system may be exposed to cross-site scripting XSS attacks. This vulnerability...
K16870: logrotate vulnerability CVE-2011-1154
Security Advisory Description The shredfile function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a...
K15838353: BIG-IP Edge Client for Windows vulnerability CVE-2020-5892
Security Advisory Description The BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory. CVE-2020-5892 Impact An attacker with sufficient local privileges on a client machine running Windows may be able to...
K63497634: BIG-IP FPS XSS vulnerability CVE-2021-22979
Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility when Fraud Protection Service is provisioned, which allows an attacker to execute JavaScript in the context of the current logged-in user...
K28003839: tmsh utility vulnerability CVE-2018-15322
Security Advisory Description A BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service DoS when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action...
K26710120: Intel microprocessors vulnerability CVE-2019-0162
Security Advisory Description Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2019-0162 Impact There is no impact; F5 products are not affected by this vulnerability. Security...
K15878: bzip2 vulnerability CVE-2010-0405
Security Advisory Description Description Integer overflow in the BZ2decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted compressed file...
K08654551: GnuPG vulnerability CVE-2019-13050
Security Advisory Description Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause ...
K04518313: BIG-IP APM network access VPN vulnerability CVE-2020-27724
Security Advisory Description In BIG-IP APM, on systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic over the tunnel. CVE-2020-27724 Impact This vulnerability may cause the Traffic Management Microkernel...
K69154630: BIG-IP Edge Client for Windows vulnerability CVE-2020-5898
Security Advisory Description The BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to a \\.\urvpndrv device causing the Windows kernel to crash. CVE-2020-5898...
K94105051: TMM vulnerability CVE-2018-5537
Security Advisory Description A remote attacker may be able to disrupt services on the BIG-IP if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end. CVE-2018-5537 Impact The BIG-IP system m...
K19807532: BIND vulnerability CVE-2020-8619
Security Advisory Description The asterisk character "" is allowed in DNS zone files, where it is most commonly present as a wildcard at a terminal node of the Domain Name System graph. However, the RFCs do not require and BIND does not enforce that an asterisk character be present only at a...
K73522927: BIG-IP Appliance mode vulnerability CVE-2019-6633
Security Advisory Description When the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource Administrator roles can bypass Appliance mode restrictions. CVE-2019-6633 Impact This vulnerability allows the attacker to exploit the system with high-level...
K17331: PCRE library vulnerability CVE-2015-5073
Security Advisory Description Heap-based buffer overflow in the findfixedlength function in pcrecompile.c in PCRE before 8.38 allows remote attackers to cause a denial of service crash or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted...
K64346530: Multiple Intel CPU vulnerabilities
Security Advisory Description CVE-2019-11168 Insufficient session validation in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. CVE-2019-11170 Authentication bypass in Intel...
K15875: cURL vulnerability CVE-2013-1944
Security Advisory Description The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. CVE-2013-1944 Impact Allows unauthorized...
K15729: Associative array vulnerability CVE-2014-3631
Security Advisory Description The assocarraygc function in the associative-array implementation in lib/assocarray.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service NULL pointer dereference and system crash or...
K12253: PHP vulnerability CVE-2010-2225
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K15970: GnuTLS 3.x vulnerability CVE-2014-8564
Security Advisory Description The gnutlseccansix963export function in gnutlsecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service out-of-bounds write via a crafted 1 Elliptic Curve Cryptography ECC certificate or 2...
K37611417: Intel Driver vulnerability CVE-2020-12307
Security Advisory Description Improper permissions in some IntelR High Definition Audio drivers before version 9.21.00.4561 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2020-12307 Impact There is no impact; F5 products are not affected by thi...
K49827114: BIG-IP Edge Client for macOS vulnerability CVE-2019-6668
Security Advisory Description BIG-IP Edge Client for macOS may allow unprivileged users to access files owned by the root account. CVE-2019-6668 Impact BIG-IP Edge Client may allow an unprivileged user on the affected macOS device to get ownership of files owned by the root account on the local...
K000132635: OpenSSL vulnerability CVE-2022-4450
Security Advisory Description The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers...
K20717585: BIG-IP APM OAuth vulnerability CVE-2023-22341
Security Advisory Description When the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel TMM to terminate: An OAuth Server that references an OAuth Provider An OAuth profile with the Authorization Endpoint set to '/'...
K000132333: Python vulnerability CVE-2019-9674
Security Advisory Description Lib/zipfile. py in Python through 3.7.2 allows remote attackers to cause a denial of service resource consumption via a ZIP bomb. CVE-2019-9674 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...
K000132263: OpenJDK vulnerability CVE-2023-21843
Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Sound. Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 a...
K14334: BIG-IP Analytics generates predictable session cookies CVE-2013-7408
Security Advisory Description F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value. CVE-2013-7408 This may become apparent when running vulnerability scans such as Qualys against a...
K05975972: BIG-IP self IP vulnerability CVE-2020-5923
Security Advisory Description Self-IP port-lockdown bypass by way of IPv6 link-local addresses. CVE-2020-5923 Impact Port lockdowns may be bypassable on accessible self IP addresses on an ipv6 link-local address. Security Advisory Status F5 Product Development has assigned ID 832885 BIG-IP and ID...
SOL21856463 - MySQL vulnerability CVE-2016-8289
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL14342624 - MySQL vulnerability CVE-2016-5633
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL17525 - NTP vulnerability CVE-2015-7853
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL17170 - Java vulnerability CVE-2015-4736
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL16861 - BIG-IQ remote authentication vulnerability CVE-2015-4637
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL15548 - Rsync sender.c vulnerability CVE-2007-4091
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15395 - OpenSSL vulnerability CVE-2012-0027
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...
SOL14046 - FirePass input validation vulnerability
Vulnerability Recommended Actions To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. F5 strongly recommends that you install HF-70-7 for FirePass 7.0.0 to address this vulnerability. Acknowledgements F5 wou...
SOL3277 - mod_ssl and ssl_log vulnerability VU#303448
Information about this advisory is available at the following location: F5 Product Development tracked this issue and it was fixed in BIG-IP and 3-DNS version 4.5.11 and 4.6.2. For instructions about downloading software from F5, refer to SOL167: Downloading software from F5. A VU303448 patch has...
SOL7147 - Execution of UNIX shell commands from the URL in the Admin UI
A URL that is accessible from the Device Management Maintenance Troubleshooting Tools page can be modified to inject UNIX shell commands, which are then executed with user-level privileges. Only FirePass Administrators with permission to access this URL can perform this action. Standard FirePass...
SOL6701 - Possible logon through native RSA SecurID authentication without valid passcode
An issue with the FirePass controller could permit logins without valid RSA SecurID passcodes. Under heavy load conditions, the FirePass controller can enter into a state where an invalid password in the form of the SecurID passcode is accepted if the username is a valid user in a master group...
K000161415: Craft CMS vulnerability CVE-2025-32432
Security Advisory Description Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is ...
K000160876: Appliance mode iControl REST vulnerability CVE-2026-42930
Security Advisory Description When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions on a BIG-IP system. CVE-2026-42930 Impact An authenticated attacker with local system access and the Administrator role may be...
K000156683: Multiple ImageMagick vulnerabilities
Security Advisory Description CVE-2014-9828 coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. CVE-2014-9829 coders/sun.c in ImageMagick allows remote attackers to cause a denial of service out-of-bounds access via a crafted sun file...
K000151329: MySQL vulnerabilities CVE-2025-30704, CVE-2025-30705, and CVE-2025-30706
Security Advisory Description CVE-2025-30704 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Components Services. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows high privileged attacker wit...
K000149511: Oracle Java vulnerability CVE-2025-21502
Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK:...