6294 matches found
K13660: BIND vulnerability CVE-2012-1667
Security Advisory Description Description ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial-of-servi...
K73008537: Apache Tomcat vulnerability CVE-2018-1336
Security Advisory Description An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86...
K65417229: Apache Struts vulnerability CVE-2017-7525
Security Advisory Description A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...
K20622400: Apache HTTP server vulnerability CVE-2021-39275
Security Advisory Description apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. CVE-2021-39275 Impact This...
K33209124: OpenSSL vulnerability CVE-2015-3197
Security Advisory Description ssl/s2srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to t...
SOL15504 - OpenSSH vulnerability CVE-2014-1692
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
K000156572: Quarterly Security Notification (October 2025)
Security Advisory Description On October 15, 2025, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associate...
K000139553: VPN TunnelVision vulnerability CVE-2024-3661
Security Advisory Description By design, the DHCP protocol does not authenticate messages, including for example the classless static route option 121. An attacker with the ability to send DHCP messages can manipulate routes to redirect VPN traffic, allowing the attacker to read, disrupt, or...
K54308010: PHP vulnerability CVE-2016-7124
Security Advisory Description ext/standard/varunserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a 1 destruct...
K12492858: Appliance mode authenticated F5 BIG-IP Guided Configuration third-party lodash and jQuery vulnerabilities CVE-2021-23337, CVE-2020-28500, and CVE-2016-7103
Security Advisory Description When running in Appliance mode, the BIG-IP Guided Configuration GUI menu is vulnerable through the following third-party CVEs: CVE-2021-23337 Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. CVE-2020-28500 Lodash version...
K28222050: Linux kernel vulnerability CVE-2019-15505
Security Advisory Description drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic which may be remote via usbip or usbredir. CVE-2019-15505 Impact F5 Product Development has evaluated the currently supported release...
K78131906: Apache HTTPD vulnerability CVE-2018-1301
Security Advisory Description A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug...
K74171196: Linux kernel vulnerability CVE-2016-4998
Security Advisory Description The IPTSOSETREPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service out-of-bounds read or possibly obtain sensitive information from kernel heap memory by leveraging in-container root...
K15761: Multiple PHP 5.x vulnerabilities
Security Advisory Description CVE-2014-2497 The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted color table in an XPM file. CVE-2014-3597 Multipl...
K58523202: PHP vulnerabilities CVE-2018-19395 and CVE-2018-19396
Security Advisory Description CVE-2018-19395 ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service NULL pointer dereference and application crash because com and comsafearrayproxy return NULL in compropertiesget in ext/comdotnet/comhandlers.c, as...
SOL51201255 - Linux kernel vulnerability CVE-2016-7117
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL40306410 - PHP vulnerability CVE-2014-0236
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
K53437580: Apache vulnerabilities CVE-2016-0736 and CVE-2016-2161
Security Advisory Description CVE-2016-0736 In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryptio...
K51753557: PHP vulnerability CVE-2015-9253
Security Advisory Description An issue was discovered in PHP through 7.2.2. The php-fpm master process restarts a child process in an endless loop when using program execution functions e.g., passthru, exec, shellexec, or system with a non-blocking STDIN stream, causing this master process to...
K14428: MySQL vulnerability CVE-2012-2122
Security Advisory Description The Oracle MySQL sql/password.c in 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, andMariaDB in 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations...
K47405432: Infineon Trusted Platform Module Vulnerable RSA Generation vulnerability CVE-2017-15361
Security Advisory Description The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module TPM firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attacke...
SOL95463126 - OpenSSL vulnerabilities CVE-2016-0703 and CVE-2016-0704
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL16350 - Samba vulnerability CVE-2015-0240
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
K000139953: PHP vulnerability CVE-2024-4577
Security Advisory Description In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API...
K58541692: Linux kernel vulnerability CVE-2019-20054
Security Advisory Description In the Linux kernel before 5.0.6, there is a NULL pointer dereference in dropsysctltable in fs/proc/procsysctl.c, related to putlinks, aka CID-23da9588037e. CVE-2019-20054 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisor...
K12826: Java Runtime Environment (JRE) vulnerability: CVE-2010-4476
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : F5 has evaluated only versions of software that are listed in this article fo...
K23605974: OpenSSL vulnerability CVE-2022-2097
Security Advisory Description AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special...
K46604804: Python vulnerability CVE-2021-29921
Security Advisory Description In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This in some situations allows attackers to bypass access control that is based on IP addresses. CVE-2021-29921 Impact There is no impact; F5...
K51025324: Apache Tomcat 7.x vulnerabilities CVE-2015-5346, CVE-2015-5351, and CVE-2016-0763
Security Advisory Description CVE-2015-5346 Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to...
SOL63443590 - Apache Commons FileUpload vulnerability CVE-2013-2186
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL16285 - OpenSSL vulnerability CVE-2012-2110
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...
K46421255: Docker privilege elevation vulnerability CVE-2019-5736
Security Advisory Description runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary and consequently obtain host root access by leveraging the ability to execute a command as root within one of these types of containers: 1 a...
K44591505: Apache vulnerabilities CVE-2019-0196, CVE-2019-0197, and CVE-2019-0220
Security Advisory Description CVE-2019-0196 A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request...
K12542008: Apache Struts vulnerabilities CVE-2017-9793 and CVE-2017-9804
Security Advisory Description CVE-2017-9793 The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload. CVE-2017-9804 In Apache Stru...
K49419538: libxml2 vulnerability CVE-2016-4658
Security Advisory Description xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denia...
K00539290: Linux kernel vulnerability CVE-2019-19534
Security Advisory Description In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peakusb/pcanusbcore.c driver, aka CID-f7a1337f0d29. CVE-2019-19534 Impact There is no impact; F5 products are not affected by this...
K12705583: OpenSSH vulnerability CVE-2021-41617
Security Advisory Description sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run wi...
K19785240: Bootstrap vulnerability CVE-2018-14042
Security Advisory Description In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. CVE-2018-14042 Impact An attacker may exploit this vulnerability to perform a cross-site scripting XSS attack. Security Advisory Status F5 Product Development has assigned ID 767373...
K91643220: Java vulnerabilities CVE-2020-2659 and CVE-2020-2773
Security Advisory Description CVE-2020-2659 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacke...
K23440942: Insufficient validation of ICMP error messages CVE-2004-0790 (11.x - 13.x)
Security Advisory Description The vulnerability described in this article was initially fixed in earlier versions, but a regression was reintroduced in BIG-IP 12.x through 13.x. For information about earlier versions, refer to K4583: Insufficient validation of ICMP error messages - VU222750 /...
K54724312: Linux kernel vulnerability CVE-2022-0492
Security Advisory Description A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation...
K01112063: NGINX ngx_http_hls_module vulnerability CVE-2022-41743
Security Advisory Description NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttphlsmodule that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issu...
K02412162: PHP vulnerability CVE-2019-6977
Security Advisory Description gdImageColorMatch in gdcolormatch.c in the GD Graphics Library aka LibGD 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an...
K84695749: Samba vulnerability CVE-2021-44142
Security Advisory Description The Samba vfsfruit module uses extended file attributes EA, xattr to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfsfruit configured allow...
K15295: OpenSSL vulnerability CVE-2014-0076
Security Advisory Description The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. CVE-2014-0076 Impact...
K13600: SSH vulnerability CVE-2012-1493
Security Advisory Description A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using secure shell SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH...
K28405643: BIG-IP Message Routing MQTT vulnerability CVE-2022-35240
Security Advisory Description When the Message Routing MR Message Queuing Telemetry Transport MQTT profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2022-35240 Impact System performance can degrade until the TMM process is...
K15402727: cURL vulnerability CVE-2020-8286
Security Advisory Description curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. CVE-2020-8286 Impact An attacker could provide a forged OCSP response to the F5 product that has made the request with curl...
K90803619: Linux kernel vulnerability CVE-2016-6136
Security Advisory Description Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerabilit...
K11742512: BIND vulnerability CVE-2022-2795
Security Advisory Description By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. CVE-2022-2795 Impact A flaw in resolver code can cause name...