6364 matches found
K17315: SNMP vulnerability CVE-2014-3565
Security Advisory Description snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service snmptrapd crash via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrate...
K48131150: Linux kernel vulnerability CVE-2019-19065
Security Advisory Description A memory leak in the sdmainit function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service memory consumption by triggering rhashtableinit failures, aka CID-34b3be18a04e. CVE-2019-19065 Impact There is n...
K38453823: Apache vulnerability CVE-2021-31618
Security Advisory Description Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client...
K62201745: OpenSSH vulnerability CVE-2016-10012
Security Advisory Description The shared memory manager associated with pre-authentication compression in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allow local users to gain privileges by leveraging access to a sandboxed...
K92451315: OpenSSL vulnerability CVE-2020-1968
Security Advisory Description The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to...
K18129121: Linux kernel vulnerability CVE-2019-19767
Security Advisory Description The Linux kernel before 5.4.2 mishandles ext4expandextraisize, as demonstrated by use-after-free errors in ext4expandextraisize and ext4xattrsetentry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. CVE-2019-19767 Impact There is no impact; F5...
K00854051: Linux kernel vulnerability CVE-2018-13405
Security Advisory Description The inodeinitowner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group...
K21317311: F5 BIG-IP Guided Configuration XSS vulnerability CVE-2022-27230
Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2022-27230 Impact An attacker may exploit this...
K74013101: Binutils vulnerability CVE-2021-42574
Security Advisory Description An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of...
K34468163: Apache Tomcat vulnerability CVE-2018-8034
Security Advisory Description The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. CVE-2018-8034 Impact A user on the local...
K55245232: GNU glibc vulnerability CVE-2014-9984
Security Advisory Description nscd in the GNU C Library aka glibc or libc6 before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd. CVE-2014-9984 Impact The...
K42903299: rsyslog: remote syslog PRI vulnerability CVE-2014-3634
Security Advisory Description rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service crash, possibly execute arbitrary code, or have other unspecified impact via a crafted priority PRI value that triggers an out-of-bounds array...
K61414056: Apache Tomcat vulnerability CVE-2016-5425
Security Advisory Description The Tomcat package on Red Hat Enterprise Linux RHEL 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the...
K21238552: MySQL vulnerabilities CVE-2019-2529, CVE-2019-2531, CVE-2019-2532, CVE-2019-2533, and CVE-2019-2534
Security Advisory Description CVE-2019-2529 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacke...
K08510472: BIG-IP TMUI vulnerability CVE-2022-28695
Security Advisory Description An authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. CVE-2022-28695 Impact This vulnerability may allow an authenticated high-privilege attack...
SOL01131113 - OpenSSH vulnerabilities CVE-2016-0777 and CVE-2016-0778
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL10366 - BIND vulnerability - CVE-2009-0696
F5 Product Development has determined that these BIG-IP and Enterprise Manager versions use a vulnerable version of BIND. However, the vulnerable code is not used by default on these BIG-IP or Enterprise Manager systems. These products are only vulnerable if BIND was manually configured and enabl...
K000139353: aiohttp vulnerability CVE-2024-23334
Security Advisory Description aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to...
K43700555: GNU C Library (glibc) vulnerability CVE-2021-33574
Security Advisory Description The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service...
K37603172: Samba vulnerabilities CVE-2015-5370 and CVE-2016-2118
Security Advisory Description CVE-2015-5370 Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service application crash or CPU consumptio...
K20225390: Multiple PCRE vulnerabilities
Security Advisory Description CVE-2015-8395 PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror...
K30315990: OpenVPN vulnerability CVE-2016-6329
Security Advisory Description OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attac...
K16562029: Linux kernel vulnerability CVE-2016-3841
Security Advisory Description The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service use-after-free and system crash via a crafted sendmsg system call.CVE-2016-3841 Impact There is no impact; F5 products ar...
K80055530: NGINX NJS vulnerability CVE-2022-43286
Security Advisory Description Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njsjsonparseiteratorcall at njsjson.c. CVE-2022-43286 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...
K54170502: Linux kernel vulnerability CVE-2017-8890
Security Advisory Description The inetcskclonelock function in net/ipv4/inetconnectionsock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service double free or possibly have unspecified other impact by leveraging use of the accept system call. CVE-2017-8890 Impact An...
K70275209: BIG-IP HTTP profile vulnerability CVE-2020-5857
Security Advisory Description Undisclosed HTTP behavior may lead to a denial of service. CVE-2020-5857 Impact This vulnerability impacts the BIG-IP data plane virtual servers with HTTP profiles. A BIG-IP module that has a virtual server with an associated HTTP profile and is processing traffic is...
K17839423: PHP vulnerability CVE-2021-21703
Security Advisory Description In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to...
K21018505: JRE vulnerability CVE-2012-5081
Security Advisory Description Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.238 and earlier allows remote attackers to affect availability, related to JSSE. CVE-2012-508...
K50081147: Linux kernel vulnerabilities CVE-2019-9500, CVE-2019-9503
Security Advisory Description CVE-2019-9500 The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap...
K00194184: Linux kernel Voice Over IP H.323 vulnerability CVE-2020-14305
Security Advisory Description An out-of-bounds memory write flaw was found in how the Linux kernels Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The...
K17269881: Intel MCE vulnerability CVE-2018-12207
Security Advisory Description Improper invalidation for page table updates by a virtual guest operating system for multiple IntelR Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. CVE-2018-12207 Impact A privileged guest user...
K43357358: AMD processors vulnerability CVE-2022-23823
Security Advisory Description A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. CVE-2022-23823 also known as hertzbleed Impact Successful exploitation of this...
K91229003: Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754
Security Advisory Description The following three side-channel attacks were publicly disclosed on January 3, 2018: CVE-2017-5715 Spectre-BTB previously known as Spectre Variant 2 Branch target injection Systems with microprocessors utilizing speculative execution and indirect branch prediction ma...
K08402414: BIG-IP ASM and Advanced WAF REST API endpoint vulnerability CVE-2022-23026
Security Advisory Description An authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. CVE-2022-23026 Impact An authenticated user with low privileges, such as a guest, may exploit this...
SOL54211024 - OpenSSL vulnerability CVE-2016-6304
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL15912 - Linux kernel driver vulnerabilities CVE-2014-3184, CVE-2014-3185, CVE-2014-3611, CVE-2014-3645, and CVE-2014-3646
CVE-2014-3184 The reportfixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service out-of-bounds write via a crafted device that provides a small report descriptor, related to 1 drivers/hid/hid-cherry.c, 2...
SOL6881 - SSHv1 vulnerabilities CVE-2006-4924
This security advisory describes an OpenSSH version 1 vulnerability. When using version SSH version 1 protocol, remote attacks cause a denial of service attack when the sshd process is used in OpenSSH versions previous to version 4.4. This occurs when using an SSH packet that contains duplicate...
K000138460: Multiple MySQL vulnerabilities
Security Advisory Description CVE-2024-20960 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: RAPID. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via...
K32037442: Intel In-Band Manageability software vulnerabilities CVE-2021-0193, CVE-2021-0194, and CVE-2021-33108
Security Advisory Description CVE-2021-0193 Improper authentication in the IntelR In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access. CVE-2021-0194 Improper access control in the IntelR In-Band...
K05380109: Bootstrap vulnerability CVE-2018-14041
Security Advisory Description In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. CVE-2018-14041 Impact An attacker may exploit this vulnerability to perform a cross-site scripting XSS attack. Security Advisory Status F5 Product Development has assigned ID 767373...
K27110515: Open SSL vulnerability CVE-2001-1141
Security Advisory Description The Pseudo-Random Number Generator PRNG in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers. CVE-2001-1141...
K10771536: MySQL vulnerabilities CVE-2017-3309, CVE-2017-3453, and CVE-2019-2974
Security Advisory Description CVE-2017-3309 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged...
K21665601: OpenSSL vulnerability CVE-2018-0732
Security Advisory Description During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until...
K20623215: Apache mod_cache_socache vulnerability CVE-2018-1303
Security Advisory Description A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache...
K75543432: PHP vulnerability CVE-2017-11628
Security Advisory Description In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zendinidoop function in Zend/zendiniparser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications th...
K14638: TLS/SSL RC4 vulnerability CVE-2013-2566
Security Advisory Description The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same...
K3144: Apache mod_alias buffer overflow vulnerability CAN-2003-0542
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K31300402: Virtual Machine Manager L1 Terminal Fault vulnerability CVE-2018-3646
Security Advisory Description Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a...
K55423848: CGI.pm and CGI::Simple vulnerabilities CVE-2010-2761 and CVE-2010-4410
Security Advisory Description CVE-2010-2761 The multipartinit function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers a...
K10515241: Linux kernel vulnerabilities CVE-2016-1583 and CVE-2016-2143
Security Advisory Description CVE-2016-1583 The ecryptfsprivilegedopen function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service stack memory consumption via vectors involving crafted mmap calls for /proc pathnames, leadi...