6392 matches found
K32037442: Intel In-Band Manageability software vulnerabilities CVE-2021-0193, CVE-2021-0194, and CVE-2021-33108
Security Advisory Description CVE-2021-0193 Improper authentication in the IntelR In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access. CVE-2021-0194 Improper access control in the IntelR In-Band...
K10771536: MySQL vulnerabilities CVE-2017-3309, CVE-2017-3453, and CVE-2019-2974
Security Advisory Description CVE-2017-3309 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged...
K20623215: Apache mod_cache_socache vulnerability CVE-2018-1303
Security Advisory Description A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache...
K75543432: PHP vulnerability CVE-2017-11628
Security Advisory Description In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zendinidoop function in Zend/zendiniparser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications th...
K11312491: Intel AMT SDK, Intel SCS, or Intel MEBx vulnerability CVE-2021-33107
Security Advisory Description Insufficiently protected credentials in USB provisioning for IntelR AMT SDK before version 16.0.3, IntelR SCS before version 12.2 and IntelR MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially...
K3144: Apache mod_alias buffer overflow vulnerability CAN-2003-0542
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K31300402: Virtual Machine Manager L1 Terminal Fault vulnerability CVE-2018-3646
Security Advisory Description Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a...
K55423848: CGI.pm and CGI::Simple vulnerabilities CVE-2010-2761 and CVE-2010-4410
Security Advisory Description CVE-2010-2761 The multipartinit function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers a...
K10515241: Linux kernel vulnerabilities CVE-2016-1583 and CVE-2016-2143
Security Advisory Description CVE-2016-1583 The ecryptfsprivilegedopen function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service stack memory consumption via vectors involving crafted mmap calls for /proc pathnames, leadi...
K31603170: Linux kernel vulnerability CVE-2016-7097
Security Advisory Description The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. CVE-2016-7097...
K33828251: Apache Spark vulnerability CVE-2022-33891
Security Advisory Description The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...
K25046752: Traffic Intelligence feeds vulnerability CVE-2022-34865
Security Advisory Description Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. CVE-2022-34865 Impact An attacker with a network position that allows them to intercept network traffic may be able to read and/or modify...
K61164061: PHP vulnerability CVE-2017-9227
Security Advisory Description An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbcenclen during regular expression searching. Invalid handling of reg-dmin in forwardsearchrange could...
K32798641: MySQL vulnerabilities CVE-2019-2627, CVE-2019-2628, CVE-2019-2630, CVE-2019-2631, and CVE-2019-2632
Security Advisory Description CVE-2019-2627 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high...
SOL93174402 - Apache Struts 2 vulnerability CVE-2016-3090
Vulnerability Recommended Actions None Supplemental Information Apache S2-027 Note: The previous link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge. SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a...
SOL63519101 - Multiple QEMU vulnerabilities
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL64009378 - OpenSSL vulnerability CVE-2016-0701
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL16948 - Apache Tomcat vulnerability CVE-2007-1858
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL16505 - NTP vulnerability CVE-2015-1798
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL16427 - Linux kernel vulnerability CVE-2013-7421
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...
SOL15936 - NTP vulnerability CVE-2014-9295
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...
SOL15927 - BIND vulnerability CVE-2014-8500
The LTM and GTM modules are not vulnerable by default. To be vulnerable, recursion must be manually enabled in the BIND named.conf file. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to...
SOL15441 - PHP vulnerability CVE-2011-1148
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL14930 - PHP vulnerability CVE-2011-4718
Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents...
SOL13518 - Multiple PHP vulnerabilities
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy...
SOL6916 - Case change in URL host name circumvents Accessibility Scope
It is possible to bypass the Deny list configured in the Accessibility Scope section located on the Portal Access : Web Applications : Master Group Settings page using a URL whose hostname portion differs in case upper vs. lower from the URL pattern in the Deny list. After logging in to the...
SOL5860 - GSSAPI authentication vulnerability in OpenSSH - CAN-2005-2798
CAN-2005-2798: GSSAPI authentication vulnerability in OpenSSH Information about this advisory is available at the following location:...
K000139404: Quarterly Security Notification (May 2024)
Security Advisory Description On May 8, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...
K000139361: Moby Buildkit vulnerabilities CVE-2024-23651,CVE-2024-23652, and CVE-2024-23653
Security Advisory Description CVE-2024-23651 BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead ...
K49233165: Apache Groovy vulnerability CVE-2015-3253
Security Advisory Description The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. CVE-2015-3253 Impact This vulnerability could allow a remote...
K17267: XSS vulnerability in Apache CVE-2002-0840
Security Advisory Description Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the...
K6736: OpenSSH vulnerabilities CAN-2006-5051, CAN-2006-4924
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...
K36212405: Apache Cassandra vulnerability CVE-2020-13946
Security Advisory Description In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and...
K61561040: PHP vulnerability CVE-2018-10547
Security Advisory Description An issue was discovered in ext/phar/pharobject.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerabilit...
K84900646: Linux kernel vulnerability CVE-2020-14385
Security Advisory Description A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise...
K63415246: Multiple Java vulnerabilities CVE-2021-35560, CVE-2021-35561, CVE-2021-35564, CVE-2021-35567, CVE-2021-35586
Security Advisory Description CVE-2021-35560 Vulnerability in the Java SE product of Oracle Java SE component: Deployment. The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...
K23729200: Multiple GNU Binutils vulnerabilities
Security Advisory Description CVE-2017-9038 GNU Binutils 2.28 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted ELF file, related to the bytegetlittleendian function in elfcomm.c, the getunwindsectionword function in readelf.c, an...
K49622415: Apache Tomcat vulnerability CVE-2022-25762
Security Advisory Description If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been...
K43709560: Apache Tomcat vulnerability CVE-2020-1935
Security Advisory Description In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat w...
K17458: Linux kernel vulnerability CVE-2015-1805
Security Advisory Description The 1 piperead and 2 pipewrite implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed copytouserinatomic and copyfromuserinatomic calls, which allows local users to cause a denial of service system crash or...
K20911042: OpenSSH vulnerability CVE-2015-8325
Security Advisory Description The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the...
SOL17132 - Linux kernel vulnerability CVE-2014-8133
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. This vulnerability affects only 32-bit based systems. To determine if your BIG-IP device is a 32-bit based system, you ca...
SOL15852 - Linux kernel vulnerability CVE-2014-3122
The trytounmapcluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service system crash by triggering a memory-usage pattern that requires removal of page-table mappings. CVE-2014-3122...
SOL15299 - Linux kernel vulnerability CVE-2013-2888
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate the ri...
SOL14433 - PHP SOAP vulnerability CVE-2013-1643
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy...
K000139691: Expat vulnerability CVE-2016-9063
Security Advisory Description An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox 50.CVE-2016-9063 Impact Attackers may be able to trigger buffer overflows which can be used to execute arbitrary code. Security Advisory Status F5 Product...
K04082144: Apache HTTP Server vulnerability CVE-2021-41773, CVE-2021-42013
Security Advisory Description A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protect...
K01362377: Ghostscript vulnerability CVE-2017-8291
Security Advisory Description Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile %pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017...
K43030517: Linux kernel BPF vulnerability CVE-2019-7308
Security Advisory Description kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks...
K10107360: Apache Tomcat vulnerability CVE-2019-12418
Security Advisory Description When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a...