6294 matches found
SOL93174402 - Apache Struts 2 vulnerability CVE-2016-3090
Vulnerability Recommended Actions None Supplemental Information Apache S2-027 Note: The previous link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge. SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a...
SOL01131113 - OpenSSH vulnerabilities CVE-2016-0777 and CVE-2016-0778
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL16714 - PHP vulnerabilities CVE-2015-2301 and CVE-2015-2331
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15912 - Linux kernel driver vulnerabilities CVE-2014-3184, CVE-2014-3185, CVE-2014-3611, CVE-2014-3645, and CVE-2014-3646
CVE-2014-3184 The reportfixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service out-of-bounds write via a crafted device that provides a small report descriptor, related to 1 drivers/hid/hid-cherry.c, 2...
SOL14930 - PHP vulnerability CVE-2011-4718
Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents...
SOL6916 - Case change in URL host name circumvents Accessibility Scope
It is possible to bypass the Deny list configured in the Accessibility Scope section located on the Portal Access : Web Applications : Master Group Settings page using a URL whose hostname portion differs in case upper vs. lower from the URL pattern in the Deny list. After logging in to the...
SOL5860 - GSSAPI authentication vulnerability in OpenSSH - CAN-2005-2798
CAN-2005-2798: GSSAPI authentication vulnerability in OpenSSH Information about this advisory is available at the following location:...
K10771536: MySQL vulnerabilities CVE-2017-3309, CVE-2017-3453, and CVE-2019-2974
Security Advisory Description CVE-2017-3309 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged...
K17267: XSS vulnerability in Apache CVE-2002-0840
Security Advisory Description Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the...
K3144: Apache mod_alias buffer overflow vulnerability CAN-2003-0542
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K94504224: Apache ZooKeeper vulnerability CVE-2019-0201
Security Advisory Description An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeepers getACL command doesnt check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string...
K31603170: Linux kernel vulnerability CVE-2016-7097
Security Advisory Description The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. CVE-2016-7097...
K01152385: Binutils vulnerabilities CVE-2018-8945, CVE-2018-12697, CVE-2018-12698, CVE-2018-12699, and CVE-2018-12700
Security Advisory Description CVE-2018-8945 The bfdsectionfromshdr function in elf.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service segmentation fault via a large attribute section. CVE-2018-12697 A...
K17839423: PHP vulnerability CVE-2021-21703
Security Advisory Description In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to...
K21018505: JRE vulnerability CVE-2012-5081
Security Advisory Description Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.238 and earlier allows remote attackers to affect availability, related to JSSE. CVE-2012-508...
K23729200: Multiple GNU Binutils vulnerabilities
Security Advisory Description CVE-2017-9038 GNU Binutils 2.28 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted ELF file, related to the bytegetlittleendian function in elfcomm.c, the getunwindsectionword function in readelf.c, an...
K49622415: Apache Tomcat vulnerability CVE-2022-25762
Security Advisory Description If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been...
K17269881: Intel MCE vulnerability CVE-2018-12207
Security Advisory Description Improper invalidation for page table updates by a virtual guest operating system for multiple IntelR Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. CVE-2018-12207 Impact A privileged guest user...
K32798641: MySQL vulnerabilities CVE-2019-2627, CVE-2019-2628, CVE-2019-2630, CVE-2019-2631, and CVE-2019-2632
Security Advisory Description CVE-2019-2627 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high...
K17458: Linux kernel vulnerability CVE-2015-1805
Security Advisory Description The 1 piperead and 2 pipewrite implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed copytouserinatomic and copyfromuserinatomic calls, which allows local users to cause a denial of service system crash or...
K20911042: OpenSSH vulnerability CVE-2015-8325
Security Advisory Description The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the...
SOL08250500 - Nginx vulnerability CVE-2016-4450
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL64009378 - OpenSSL vulnerability CVE-2016-0701
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL17132 - Linux kernel vulnerability CVE-2014-8133
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. This vulnerability affects only 32-bit based systems. To determine if your BIG-IP device is a 32-bit based system, you ca...
SOL16948 - Apache Tomcat vulnerability CVE-2007-1858
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15852 - Linux kernel vulnerability CVE-2014-3122
The trytounmapcluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service system crash by triggering a memory-usage pattern that requires removal of page-table mappings. CVE-2014-3122...
SOL14433 - PHP SOAP vulnerability CVE-2013-1643
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy...
SOL6881 - SSHv1 vulnerabilities CVE-2006-4924
This security advisory describes an OpenSSH version 1 vulnerability. When using version SSH version 1 protocol, remote attacks cause a denial of service attack when the sshd process is used in OpenSSH versions previous to version 4.4. This occurs when using an SSH packet that contains duplicate...
K32037442: Intel In-Band Manageability software vulnerabilities CVE-2021-0193, CVE-2021-0194, and CVE-2021-33108
Security Advisory Description CVE-2021-0193 Improper authentication in the IntelR In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access. CVE-2021-0194 Improper access control in the IntelR In-Band...
K17321505: Apache Tomcat vulnerability CVE-2019-10072
Security Advisory Description The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOWUPDATE messages for the connection window stream 0 clients were able to...
K04082144: Apache HTTP Server vulnerability CVE-2021-41773, CVE-2021-42013
Security Advisory Description A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protect...
K01362377: Ghostscript vulnerability CVE-2017-8291
Security Advisory Description Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile %pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017...
K6736: OpenSSH vulnerabilities CAN-2006-5051, CAN-2006-4924
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...
K10107360: Apache Tomcat vulnerability CVE-2019-12418
Security Advisory Description When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a...
K53411527: SELinux policycoreutils vulnerability CVE-2016-7545
Security Advisory Description SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. CVE-2016-7545 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...
K82200103: Apache mod_http2 vulnerability CVE-2019-10082
Security Advisory Description In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. CVE-2019-10082 Impact There is no impact; F5 products are not affected by this vulnerability...
K52370164: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126
Security Advisory Description Microarchitectural Store Buffer Data Sampling MSBDS: Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.CVE-2018-12126 Impact MDS...
K61561040: PHP vulnerability CVE-2018-10547
Security Advisory Description An issue was discovered in ext/phar/pharobject.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerabilit...
K84900646: Linux kernel vulnerability CVE-2020-14385
Security Advisory Description A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise...
K70275209: BIG-IP HTTP profile vulnerability CVE-2020-5857
Security Advisory Description Undisclosed HTTP behavior may lead to a denial of service. CVE-2020-5857 Impact This vulnerability impacts the BIG-IP data plane virtual servers with HTTP profiles. A BIG-IP module that has a virtual server with an associated HTTP profile and is processing traffic is...
K52320548: Expat vulnerability CVE-2016-0718
Security Advisory Description An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code...
K34681653: OpenSSL vulnerability CVE-2017-3738
Security Advisory Description There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and a...
K65234135: Linux kernel vulnerability CVE-2020-25643
Security Advisory Description A flaw was found in the HDLCPPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the pppcpparsecr function which can cause the system to crash or cause a denial of service. The...
SOL16122 - Linux kernel vulnerability CVE-2014-9322
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...
SOL15299 - Linux kernel vulnerability CVE-2013-2888
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate the ri...
SOL11503 - BIND 9 vulnerability CVE-2009-0265
BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature. Information about this advisory is available at the following locations: F5...
K000140552: Quarterly Security Notification (August 2024)
Security Advisory Description On August 14, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...
K000139361: Moby Buildkit vulnerabilities CVE-2024-23651,CVE-2024-23652, and CVE-2024-23653
Security Advisory Description CVE-2024-23651 BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead ...
K000138460: Multiple MySQL vulnerabilities
Security Advisory Description CVE-2024-20960 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: RAPID. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via...
K000137327: Apache mod_http2 vulnerability CVE-2023-45802
Security Advisory Description When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the...