6392 matches found
K94504224: Apache ZooKeeper vulnerability CVE-2019-0201
Security Advisory Description An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeepers getACL command doesnt check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string...
K53411527: SELinux policycoreutils vulnerability CVE-2016-7545
Security Advisory Description SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. CVE-2016-7545 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...
K52370164: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126
Security Advisory Description Microarchitectural Store Buffer Data Sampling MSBDS: Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.CVE-2018-12126 Impact MDS...
K82200103: Apache mod_http2 vulnerability CVE-2019-10082
Security Advisory Description In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. CVE-2019-10082 Impact There is no impact; F5 products are not affected by this vulnerability...
K53955014: Python vulnerabilities CVE-2016-1494, CVE-2016-6536, CVE-2017-17522, CVE-2017-18207, and CVE-2018-1000030
Security Advisory Description CVE-2016-1494 The verify function in the RSA package for Python Python-RSA before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack. CVE-2016-6536 The /setup URI on AVer Information EH6108H+...
K52320548: Expat vulnerability CVE-2016-0718
Security Advisory Description An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code...
K34681653: OpenSSL vulnerability CVE-2017-3738
Security Advisory Description There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and a...
K21037322: Multiple MySQL vulnerabilities CVE-2022-21547, CVE-2022-21550, CVE-2022-21553, CVE-2022-21555, CVE-2022-21556
Security Advisory Description CVE-2022-21547 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Federated. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protoco...
K54823184: glibc vulnerability CVE-2019-9169
Security Advisory Description In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. CVE-2019-9169 Impact An attacker may run arbitrary code or cause a denial-of-service...
K39909763: Perl vulnerability CVE-2016-1238
Security Advisory Description 1 cpan/Archive-Tar/bin/ptar, 2 cpan/Archive-Tar/bin/ptardiff, 3 cpan/Archive-Tar/bin/ptargrep, 4 cpan/CPAN/scripts/cpan, 5 cpan/Digest-SHA/shasum, 6 cpan/Encode/bin/enc2xs, 7 cpan/Encode/bin/encguess, 8 cpan/Encode/bin/piconv, 9 cpan/Encode/bin/ucmlint, 10...
K09940637: NTP vulnerability CVE-2019-11331
Security Advisory Description Network Time Protocol NTP, as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks. CVE-2019-11331 Impact Using an off-path attack not a man-in-the-middle...
K16353: Multiple JavaSE server-side vulnerabilities CVE-2015-0383, CVE-2015-0410, and CVE-2014-6593
Security Advisory Description CVE-2015-0383 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot. CVE-2015-0410...
SOL08250500 - Nginx vulnerability CVE-2016-4450
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL11251130 - NTP vulnerability CVE-2016-1547
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL17212 - PHP vulnerability CVE-2014-5459
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...
SOL17049 - PHP vulnerability CVE-2015-4598
Important: Although the software of the affected F5 products contains the vulnerable code, the affected F5 products do not use the vulnerable code in a way that exposes the vulnerability in a standard configuration. An attacker must have local shell access to the affected F5 products, to trigger ...
SOL15356 - OpenSSL vulnerability CVE-2014-0195
The dtls1reassemblefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow a...
K000161614: Out-of-band Security Notification (June 17, 2026)
Security Advisory Description On June 17, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. High CVEs Medi...
K000140552: Quarterly Security Notification (August 2024)
Security Advisory Description On August 14, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...
K000139064: Apache vulnerabilities CVE-2009-2299, CVE-2012-3526, CVE-2012-4001, and CVE-2012-4360
Security Advisory Description CVE-2009-2299 The Artofdefence Hyperguard Web Application Firewall WAF module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via an...
K95463126: OpenSSL vulnerabilities CVE-2016-0703 and CVE-2016-0704
Security Advisory Description CVE-2016-0703 The getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, whic...
K51674118: Linux kernel vulnerability CVE-2019-11599
Security Advisory Description The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have...
K17321505: Apache Tomcat vulnerability CVE-2019-10072
Security Advisory Description The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOWUPDATE messages for the connection window stream 0 clients were able to...
K9990: icclib vulnerabilities CVE-2009-0583 and CVE-2009-0584
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to SOL4602: Overview of F5...
K13588: PHP vulnerability CVE-2011-4885
Security Advisory Description PHP versions prior to 5.3.9 compute hash values for form parameters without restricting the ability to trigger hash collisions predictably, which may allow remote attackers to cause a denial of service DoS CPU consumption by sending many crafted parameters...
K08440897: Linux kernel vulnerability CVE-2016-0774
Security Advisory Description The 1 piperead and 2 pipewrite implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux RHEL 7.1 do not properly consider the...
K15794: ICMP vulnerability CVE-2004-0791
Security Advisory Description Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service network throughput reduction for TCP connections via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack". CVE-2004-07...
K81926432: NGINX ngx_http_mp4_module vulnerability CVE-2022-41741
Security Advisory Description NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGIN...
K24374526: nginx vulnerability CVE-2018-16845
Security Advisory Description nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngxhttpmp4module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted...
K12252011: OpenSSH vulnerability CVE-2019-6109
Security Advisory Description An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional...
K32412075: AngularJS XSS vulnerability CVE-2020-7676
Security Advisory Description angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code. CVE-2020-7676 Impact An attack...
K51585448: Multiple MySQL vulnerabilities CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531
Security Advisory Description CVE-2022-21527 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protoco...
K65234135: Linux kernel vulnerability CVE-2020-25643
Security Advisory Description A flaw was found in the HDLCPPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the pppcpparsecr function which can cause the system to crash or cause a denial of service. The...
K94221585: iControl SOAP vulnerability CVE-2022-41622
Security Advisory Description BIG-IP and BIG-IQ are vulnerable to cross-site request forgery CSRF attacks through iControl SOAP. CVE-2022-41622 Impact An attacker may trick users who have at least resource administrator role privilege and are authenticated through basic authentication in iControl...
SOL57108702 - Apache Tika XML External Entity vulnerability CVE-2016-4434
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL23073482 - Nginx vulnerabilities CVE-2016-0742, CVE-2016-0746, and CVE-2016-0747
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
K000137327: Apache mod_http2 vulnerability CVE-2023-45802
Security Advisory Description When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the...
K67830124: Linux kernel ext3/ext4 file system vulnerability CVE-2020-14314
Security Advisory Description A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from...
K32518458: The BIG-IP DNS/GTM system may be exposed to DNS hijacking when the BIG-IP system host name belongs to a public domain name that the BIG-IP owner does not control
Security Advisory Description The BIG-IP DNS formerly known as BIG-IP GTM system may be exposed to DNS hijacking when the BIG-IP system host name belongs to a public domain name that the BIG-IP owner does not control. This issue occurs when all of the following conditions are met: The BIG-IP DNS...
K6878: Apache Rewrite module (mod_rewrite) vulnerabilities CVE-2006-3747
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K16319: OpenSSL vulnerability CVE-2015-0288
Security Advisory Description Description The X509toX509REQ function in crypto/x509/x509req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service NULL pointer dereference and application crash via an inval...
K31085564: Spectre SWAPGS gadget vulnerability CVE-2019-1125
Security Advisory Description An information disclosure vulnerability exists when certain central processing units CPU speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. CVE-2019-1125 also known as Spect...
K32804955: Linux kernel vulnerability CVE-2019-10639
Security Advisory Description The Linux kernel 4.x starting from 4.1 and 5.x before 5.0.8 allows Information Exposure partial kernel address disclosure, leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for...
K04337527: Linux kernel vulnerability CVE-2018-5803
Security Advisory Description In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP packets length can be exploited to cause a kernel crash. CVE-2018-5803 Impact An attacker can...
K13060403: PHP vulnerability CVE-2018-10548
Security Advisory Description An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service NULL pointer dereference and application crash because of mishandling of the...
K24642829: Linux kernel vulnerability CVE-2015-7515
Security Advisory Description The aiptekprobe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash via a crafted USB device that lacks endpoints. CVE-2015-7515 Impact A...
K87323016: Apache mod_proxy vulnerability CVE-2020-13950
Security Advisory Description Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service CVE-2020-13950 Impact There is no impact; F...
K31263502: PHP vulnerability CVE-2020-7063
Security Advisory Description In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function, the files are added with default permissions 0666, or all access even if the original files on the filesystem were wit...
K35504111: Linux kernel vulnerability CVE-2018-1000026
Security Advisory Description Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitabl...
SOL24734336 - PHP vulnerabilities CVE-2016-4542, CVE-2016-4543, and CVE-2016-4544
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...