6392 matches found
SOL15482 - Linux kernel vulnerability CVE-2014-4943
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL14733 - Apache HTTP server vulnerability CVE-2013-1896
Recommended action To mitigate this vulnerability for ARX, do not enable the API functionality. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security...
K000139353: aiohttp vulnerability CVE-2024-23334
Security Advisory Description aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to...
K17263: OpenSSH vulnerabilities CVE-2015-6563 and CVE-2015-6564
Security Advisory Description CVE-2015-6563 The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITORREQPAMINITCTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction...
K11522001: Apache vulnerabilities CVE-2018-1313, CVE-2018-1338, CVE-2018-1339, CVE-2018-1335, and CVE-2018-8003
Security Advisory Description CVE-2018-1313 In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java...
K26314875: Apache vulnerability CVE-2022-26377
Security Advisory Description Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4...
K54296221: Apache httpd vulnerability CVE-2018-17199
Security Advisory Description In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...
K95275140: OS Kernel and SMM mode L1 Terminal Fault vulnerability CVE-2018-3620
Security Advisory Description Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis...
K14907: MySQL Server vulnerability CVE-2012-3163
Security Advisory Description Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. CVE-2012-31...
K23642330: Multiple WPA2 vulnerabilities (KRACK)
Security Advisory Description CVE-2017-13077 Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the pairwise key in the four-way handshake. CVE-2017-13078 Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Group Temporal Key GTK during the four-way handshake, allowing an...
K05295469: Expat vulnerability CVE-2019-15903
Security Advisory Description In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read. CVE-2019-15903...
K82300604: Linux Kernel vulnerability CVE-2017-8831
Security Advisory Description The saa7164busget function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service out-of-bounds array access or possibly have unspecified other impact by changing a certain sequence-number value,...
K13500115: Little CMS (aka lcms2) vulnerability CVE-2016-10165
Security Advisory Description The TypeMLURead function in cmstypes.c in Little CMS aka lcms2 allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. CVE-2016-10165 Impact There is no...
K50233772: HTTP/2 Settings Flood vulnerability CVE-2019-9515
Security Advisory Description Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty...
K00854051: Linux kernel vulnerability CVE-2018-13405
Security Advisory Description The inodeinitowner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group...
K12772312: Apache Hadoop vulnerability CVE-2017-7669
Security Advisory Description In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root. CVE-2017-7669 Impact There is no...
K56450659: Linux kernel vulnerability CVE-2017-11176
Security Advisory Description The mqnotify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service use-after-free or possibly have unspecified...
SOL17494 - PAM vulnerability CVE-2015-3238
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL17171 - OpenJDK vulnerability CVE-2015-2628
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL17157 - Apache HTTP server vulnerability CVE-2015-0228
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...
SOL16821 - Apache Axis vulnerability CVE-2014-3596
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...
K74977440: PHPMailer vulnerability CVE-2016-10033
Security Advisory Description The mailSend function in the isMail transport in PHPMailer before 5.2.18, when the Sender property is not set, might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafte...
K16938: OpenSSL vulnerability CVE-2015-1788
Security Advisory Description The BNGF2mmodinv function in crypto/bn/bngf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows...
K45164470: Linux kernel vulnerability CVE-2022-36946
Security Advisory Description nfqnlmangle in net/netfilter/nfnetlinkqueue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service panic because, in the case of an nfqueue verdict with a one-byte nftapayload attribute, an skbpull can encounter a negative skb-len...
K69124112: PostgreSQL JDBC vulnerability CVE-2022-21724
Security Advisory Description pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc...
K91117041: Oracle Java SE vulnerability CVE-2019-2745, CVE-2019-2762
Security Advisory Description CVE-2019-2745 Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructu...
K78285929: BIND vulnerability CVE-2021-25220
Security Advisory Description BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S1 9.16.8-S1 - 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected...
K92451315: OpenSSL vulnerability CVE-2020-1968
Security Advisory Description The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to...
K20127031: Apache Struts vulnerability CVE-2012-0391
Security Advisory Description The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted...
K51272092: MySQL vulnerabilities CVE-2019-2730, CVE-2019-2731, CVE-2019-2737, CVE-2019-2738, and CVE-2019-2739
Security Advisory Description CVE-2019-2730 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.6.44 and prior and 5.7.18 and prior. Easily exploitable vulnerability allows high privileged attacker with...
K00334558: OpenSSL vulnerability CVE-2022-1473
Security Advisory Description The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or...
K16470: Linux kernel vulnerability CVE-2002-0510
Security Advisory Description The UDP implementation in Linux 2.4.x kernels keeps the IP Identification field at 0 for all non-fragmented packets, which could allow remote attackers to determine that a target system is running Linux. CVE-2002-0510 Impact There is no impact; F5 products are not...
K24578092: Linux kernel vulnerability CVE-2017-6001
Security Advisory Description Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perfeventopen system calls for moving a software group into a hardware context. NOTE: this vulnerability exis...
K28112382: NGINX ngx_http_mp4_module vulnerability CVE-2022-41742
Security Advisory Description NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a work...
K35040315: glibc vulnerability CVE-2016-10739
Security Advisory Description In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a...
K93600123: OpenSSL vulnerability CVE-2016-2107
Security Advisory Description The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC...
K16863: Apache vulnerability CVE-2013-5704
Security Advisory Description The modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in...
SOL80513384 - Apache HTTPD vulnerability CVE-2016-5387
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL16794 - CUPS vulnerabilities CVE-2015-1158 / CVE-2015-1159
CVE-2015-1158 A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded, which in...
SOL16135 - OpenSSL vulnerability CVE-2015-0205
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...
SOL15272 - PHP Vulnerability CVE-2013-4636
The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service invalid pointer dereference and application crash via an MP3 file that triggers incorrect MIME type detection during access to an finfo object...
SOL14700 - BIG-IP APM clickjacking vulnerability
Note: This issue has been addressed in BIG-IP APM 11.3.0 and later through the use of the x-frame-options header in the Access Policy pages. Modifying a BIG-IP APM 11.3.0 or later system dB variable settings for apm.xframeoptions or apm.xframeoptions.allowfrom from their defaults may open the...
K25225860: Linux kernel vulnerabilities CVE-2019-6454, CVE-2020-12888, and CVE-2020-36385
Security Advisory Description CVE-2019-6454 An issue was discovered in sd-bus in systemd 239. busprocessobject in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit thi...
K49549213: Advanced WAF and BIG-IP ASM brute force mitigation may fail when receiving a specially crafted request
Security Advisory Description F5 Advanced Web Application Firewall WAF and BIG-IP ASM brute force mitigation may fail. This issue occurs when all of the following conditions are met: A security policy is configured with a login page using basic authentication as its authentication type. The...
K86252029: libpcap vulnerability CVE-2018-16301
Security Advisory Description libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buffer overflow and/or over-read because of errors in pcapng reading. CVE-2018-16301 Impact A local attacker may be able to corrupt data or execute arbitrary code. Security Advisory Status F5 Product...
K40521234: Multiple Oracle Java SE vulnerabilities
Security Advisory Description CVE-2016-3458 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA. CVE-2016-3498 Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remot...
K38453823: Apache vulnerability CVE-2021-31618
Security Advisory Description Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client...
K43339432: Linux kernel vulnerability CVE-2017-17449
Security Advisory Description The netlinkdelivertapskb function in net/netlink/afnetlink.c in the Linux kernel through 4.14.4, when CONFIGNLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by...
K82392041: Apache Commons FileUpload vulnerability CVE-2016-3092
Security Advisory Description The MultipartStream class in Apache Commons Filepload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial-of-service CPU consumption via...
K18129121: Linux kernel vulnerability CVE-2019-19767
Security Advisory Description The Linux kernel before 5.4.2 mishandles ext4expandextraisize, as demonstrated by use-after-free errors in ext4expandextraisize and ext4xattrsetentry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. CVE-2019-19767 Impact There is no impact; F5...