K03121171: Apache Tomcat vulnerability CVE-2020-9484

Security Advisory Description When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a...

K91589041: Expat vulnerabilities CVE-2021-45960, CVE-2022-22825, CVE-2022-22826, and CVE-2022-22827

Security Advisory Description CVE-2021-45960 In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory. CVE-2022-22825 lookup in xmlparse.c in Expat aka...

K94735334: Linux kernel vulnerability CVE-2018-10883

Security Advisory Description A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2journaldirtymetadata, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. CVE-2018-10883 Impact A local user...

K54436295: Linux kernel vulnerability CVE-2018-17182

Security Advisory Description An issue was discovered in the Linux kernel through 4.18.8. The vmacacheflushall function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free and possibly gain privileges via certain thread creation, map, unmap, invalidatio...

SOL36302720 - Apache Tomcat vulnerability CVE-2016-6797

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL20225390 - Multiple PCRE vulnerabilities

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

K92153852: Apache httpd vulnerability CVE-2022-30522

Security Advisory Description If Apache HTTP Server 2.4.53 is configured to do transformations with modsed in contexts where the input to modsed may be very large, modsed may make excessively large memory allocations and trigger an abort. CVE-2022-30522 Impact There is no impact; F5 products are...

K63603485: Linux kernel vulnerability CVE-2022-0847

Security Advisory Description A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to...

K58084500: Apache Tomcat 6.x vulnerabilities CVE-2016-0714

Security Advisory Description The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute...

K15412203: Linux kernel vulnerability CVE-2017-1000365

Security Advisory Description The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMITSTACK/RLIMINFINITY 1/4 of the size, but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. Thi...

K4616: BSD telnet environment vulnerability CAN-2005-0488

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K16128: Microsoft Schannel vulnerability CVE-2014-6321

Security Advisory Description Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted...

K20979231: Apache vulnerability CVE-2011-3639

Security Advisory Description The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy,...

SOL64505405 - NTP vulnerability CVE-2016-4956

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL71960814 - OpenSSH vulnerability CVE-2016-1908

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL14229 - OpenSSH vulnerability CVE-2007-2768

Recommended action None Supplemental Information Common Vulnerabilities and Exposures CVE-2007-2243 SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response...

K34931053: OpenSMTPD vulnerability CVE-2020-7247

Security Advisory Description smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the...

K57418558: Linux kernel vulnerability CVE-2019-15916

Security Advisory Description An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in registerqueuekobjects in net/core/net-sysfs.c, which will cause denial of service. CVE-2019-15916 Impact An attacker with local access may be able to cause a denial of service DoS...

K14649763: Overview of F5 vulnerabilities (August 2022)

Security Advisory Description On August 3, 2022, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...

K27757011: Apache HTTPD vulnerability CVE-2017-15715

Security Advisory Description In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally...

K16057: GHOST: glibc gethostbyname buffer overflow vulnerability CVE-2015-0235

Security Advisory Description A heap-based buffer overflow was found in glibc's nsshostnamedigitsdots function, which is used by the gethostbyname and gethostbyname2 glibc function calls. A remote attacker may be able to use this flaw to execute arbitrary code. CVE-2015-0235 Impact A remote...

K23073482: Nginx vulnerabilities CVE-2016-0742, CVE-2016-0746, and CVE-2016-0747

Security Advisory Description CVE-2016-0742 The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service invalid pointer dereference and worker process crash via a crafted UDP DNS response. CVE-2016-0746 Use-after-free vulnerability in the resolv...

K14634: SSL/TLS BREACH vulnerability CVE-2013-3587

Security Advisory Description The BREACH vulnerability allows attackers to discover secrets wrapped in HTTP compression inside of SSL. By injecting plaintext into an HTTPS request, an attacker can learn information about the corresponding HTTPS response by measuring its size. This action relies o...

K48073202: Linux kernel vulnerability CVE-2017-18551

Security Advisory Description An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2csmbusxferemulated. CVE-2017-18551. Impact This vulnerability may allow an attacker to overwrite memory beyond the intended...

K35558453: Intel SGX L1 Terminal Fault vulnerability CVE-2018-3615

Security Advisory Description Systems with microprocessors utilizing speculative execution and Intel software guard extensions Intel SGX may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis...

K16908: Apache HTTPD vulnerability CVE-2011-4415

Security Advisory Description The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of servi...

SOL17448 - OpenSSH vulnerability CVE-2001-1473

Recommended Action If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently...

SOL16821 - Apache Axis vulnerability CVE-2014-3596

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

SOL15493 - OpenSSH vulnerability CVE-2006-5229

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

SOL15482 - Linux kernel vulnerability CVE-2014-4943

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

K28360903: Linux Kernel vulnerability CVE-2021-28375

Security Advisory Description An issue was discovered in the Linux kernel through 5.11.6. fastrpcinternalinvoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. CVE-2021-28375 Impact Ther...

K74151369: Appliance Mode authenticated iControl REST vulnerability CVE-2021-23015

Security Advisory Description When running in Appliance Mode, an authenticated user assigned the 'Administrator' role may be able to bypass Appliance Mode restrictions utilizing undisclosed iControl REST endpoints. CVE-2021-23015 Note : This vulnerability is unrelated to the vulnerability describ...

K46057232: Swift Mailer vulnerability CVE-2016-10074

Security Advisory Description The mail transport aka SwiftTransportMailTransport in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted e-mail address in the 1 From,...

K31864522: Linux kernel vulnerability CVE-2019-9162

Security Advisory Description In the Linux kernel before 4.20.12, net/ipv4/netfilter/nfnatsnmpbasicmain.c in the SNMP NAT module has insufficient ASN.1 length checks aka an array index error, making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation...

SOL92991044 - lwresd and bind vulnerability CVE-2016-2775

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL14733 - Apache HTTP server vulnerability CVE-2013-1896

Recommended action To mitigate this vulnerability for ARX, do not enable the API functionality. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security...

K000138827: OpenSSH vulnerability CVE-2023-51385

Security Advisory Description In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell...

K000138825: OpenSSH vulnerability CVE-2023-51384

Security Advisory Description In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS11-hosted private keys, these constraints are only applied to the first key, even if a PKCS11 token...

K49549213: Advanced WAF and BIG-IP ASM brute force mitigation may fail when receiving a specially crafted request

Security Advisory Description F5 Advanced Web Application Firewall WAF and BIG-IP ASM brute force mitigation may fail. This issue occurs when all of the following conditions are met: A security policy is configured with a login page using basic authentication as its authentication type. The...

K11522001: Apache vulnerabilities CVE-2018-1313, CVE-2018-1338, CVE-2018-1339, CVE-2018-1335, and CVE-2018-8003

Security Advisory Description CVE-2018-1313 In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java...

K26314875: Apache vulnerability CVE-2022-26377

Security Advisory Description Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4...

K16938: OpenSSL vulnerability CVE-2015-1788

Security Advisory Description The BNGF2mmodinv function in crypto/bn/bngf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows...

K42830212: BIG-IP SIP ALG profile vulnerability CVE-2020-5926

Security Advisory Description A BIG-IP virtual server with a Session Initiation Protocol SIP ALG profile, parsing SIP messages that contain a multi-part MIME payload with certain boundary strings can cause TMM to free memory to the wrong cache.CVE-2020-5926 Impact This vulnerability leads to futu...

K23456112: Python urllib3 vulnerability CVE-2021-33503

Security Advisory Description An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or...

K20127031: Apache Struts vulnerability CVE-2012-0391

Security Advisory Description The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted...

K82300604: Linux Kernel vulnerability CVE-2017-8831

Security Advisory Description The saa7164busget function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service out-of-bounds array access or possibly have unspecified other impact by changing a certain sequence-number value,...

K13500115: Little CMS (aka lcms2) vulnerability CVE-2016-10165

Security Advisory Description The TypeMLURead function in cmstypes.c in Little CMS aka lcms2 allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. CVE-2016-10165 Impact There is no...

K50233772: HTTP/2 Settings Flood vulnerability CVE-2019-9515

Security Advisory Description Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty...

K03314397: libcurl vulnerability CVE-2018-16890

Security Advisory Description libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages lib/vauth/ntlm.c:ntlmdecodetype2target does not validate incoming data correctly and is subject to an integer overflow...

K31700032: Linux kernel vulnerability CVE-2021-29657

Security Advisory Description arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a...