SOL17136 - Java and JRockit vulnerabilities CVE-2015-0478 and CVE-2015-0488

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

SOL15680 - Linux kernel vulnerabilities CVE-2014-3917, CVE-2014-0205 and CVE-2014-4667

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

SOL14574 - PHP vulnerability CVE-2012-1172

PHP has been cited with the following vulnerability, which may be locally exploitable on some F5 products: The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid open square bracket characters in name values, which makes it easier for attackers to cause a...

SOL14445 - Linux kernel vulnerability CVE-2013-2094

Vulnerability Recommended Actions To mitigate this vulnerability, you can enable Appliance mode for vulnerable BIG-IP versions. For information about Appliance mode, refer to the following article: Impact of action: Appliance mode is designed to meet the needs of customers in especially sensitive...

K000139404: Quarterly Security Notification (May 2024)

Security Advisory Description On May 8, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...

K000139064: Apache vulnerabilities CVE-2009-2299, CVE-2012-3526, CVE-2012-4001, and CVE-2012-4360

Security Advisory Description CVE-2009-2299 The Artofdefence Hyperguard Web Application Firewall WAF module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via an...

K5533: Potential protocol version rollback vulnerability in OpenSSL - CVE-2005-2969

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this Solution have not been evaluated for...

K28622040: Python vulnerability CVE-2019-9948

Security Advisory Description urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call. CVE-2019-9948 Impac...

K51440224: PCRE vulnerability CVE-2016-3191

Security Advisory Description The compilebranch function in pcrecompile.c in PCRE 8.x before 8.39 and pcre2compile.c in PCRE2 before 10.22 mishandles patterns containing an ACCEPT substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a...

K93951507: Multiple Samba vulnerabilities

Security Advisory Description CVE-2020-1472 An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC, aka 'Netlogon Elevation of Privilege Vulnerability'...

K51512510: tcpdump vulnerability CVE-2018-14879

Security Advisory Description The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:getnextfile. CVE-2018-14879 Impact A local attacker may be able to corrupt data, run arbitrary code, or cause the program to terminate. Security Advisory Status F5 Product...

K16881: OZWPAN driver vulnerabilities CVE-2015-4001, CVE-2015-4002, CVE-2015-4003, CVE-2015-4004

Security Advisory Description Description CVE-2015-4001 Integer signedness error in the ozhcdgetdesccnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service system crash or possibly execute arbitrary...

K80996302: Multiple NTP vulnerabilities

Security Advisory Description CVE-2016-7427 The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service reject broadcast mode packets via a crafted broadcast mode packet. CVE-2016-7428 ntpd in NTP before 4.2.8p9 allows remo...

K28464509: PHP vulnerability CVE-2018-7584

Security Advisory Description In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the phpstreamurlwraphttpex function in ext/standard/httpfopenwrapper.c. This subsequently results in...

K75133288: Linux kernel vulnerability CVE-2021-33909

Security Advisory Description fs/seqfile.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. CVE-2021-33909 Impact...

K18015201: Linux kernel vulnerability CVE-2017-2636

Security Advisory Description Race condition in drivers/tty/nhdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service double free by setting the HDLC line discipline. CVE-2017-2636 Impact This vulnerability may allow locally authenticated users ...

K18364001: Node.js vulnerability CVE-2017-15896

Security Advisory Description Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS...

K22148713: BIND vulnerability CVE-1999-0184

Security Advisory Description When compiled with the -DALLOWUPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records. CVE-1999-0184 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...

K04734219: Red Hat JBoss vulnerability CVE-2015-7501

Security Advisory Description Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid JDG 6.x; Data Virtualization JDV 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works FSW 6.x; Operations Network JBoss ON 3.x; Portal 6.x; SOA Platform...

K48355112: PHP vulnerability CVE-2018-10549

Security Advisory Description An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exifreaddata in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exifiifaddvalue mishandles the case of a MakerNote that lacks a fin...

K73648110: Apache Tomcat vulnerability CVE-2021-25329

Security Advisory Description The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to...

K12252011: OpenSSH vulnerability CVE-2019-6109

Security Advisory Description An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional...

K81158013: Linux kernel vulnerability CVE-2017-16939

Security Advisory Description The XFRM dump policy implementation in net/xfrm/xfrmuser.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service use-after-free via a crafted SORCVBUF setsockopt system call in conjunction with XFRMMSGGETPOLICY Netlink...

K73705133: Bash vulnerability CVE-2016-7543

Security Advisory Description Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. CVE-2016-7543 Impact BIG-IP, F5 iWorkflow, BIG-IQ, and Enterprise Manager Impact is minimal for BIG-IP, iWorkflow, BIG-IQ, and...

K17503: PHP vulnerabilities CVE-2015-7803 and CVE-2015-7804

Security Advisory Description CVE-2015-7803 A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. CVE-2015-7804 An uninitialized pointer use flaw was found in the pharmakedirstream function of PHP's Ph...

K000132230: Java SE vulnerability CVE-2023-21835

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily...

K52322100: Authenticated F5 BIG-IP Guided Configuration integrity check in Appliance mode vulnerability CVE-2022-25946

Security Advisory Description When running in Appliance mode, an authenticated attacker with Administrator role privileges may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. CVE-2022-25946 Impact In Appliance mode, an authenticate...

SOL52430518 - PHP vulnerability CVE-2016-6289

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL04253390 - Apache Xerces vulnerability CVE-2016-2099

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL17315 - SNMP vulnerability CVE-2014-3565

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

SOL16946 - Boost memory allocator vulnerability CVE-2012-2677

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

SOL16505 - NTP vulnerability CVE-2015-1798

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL15320 - Apache vulnerability CVE-2014-0098

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. ARX To mitigate th...

K000161377: NGINX ngx_http_rewrite_module vulnerability CVE-2026-9256

Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a...

K97324400: OpenSSL vulnerability CVE-2019-1563

Security Advisory Description In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypt...

K16009: OpenSSH vulnerability CVE-2014-9278

Security Advisory Description The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended...

K07020416: Linux kernel vulnerability CVE-2017-18344

Security Advisory Description The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function called when /proc/$PID/timers is read. This...

K31085564: Spectre SWAPGS gadget vulnerability CVE-2019-1125

Security Advisory Description An information disclosure vulnerability exists when certain central processing units CPU speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. CVE-2019-1125 also known as Spect...

K04337527: Linux kernel vulnerability CVE-2018-5803

Security Advisory Description In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP packets length can be exploited to cause a kernel crash. CVE-2018-5803 Impact An attacker can...

K17313: PHP vulnerability CVE-2014-4721

Security Advisory Description The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF variables, which might allow context-dependent attackers to obtain...

K32512431: Linux kernel vulnerabilities CVE-2020-8694 and CVE-2020-8695

Security Advisory Description CVE-2020-8694 Insufficient access control in the Linux kernel driver for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-8695 Observable discrepancy in the RAPL interface for some IntelR...

K13540723: NTP vulnerability CVE-2018-7184

Security Advisory Description ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service disruption by sending a packet with a zero-origin timestamp causing the association to reset and setting the...

K00994461: GSON vulnerability CVE-2022-25647

Security Advisory Description The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace method in internal classes, which may lead to DoS attacks. CVE-2022-25647 Impact Traffic is disrupted for new client connections. This...

K10269585: Linux kernel vulnerability CVE-2018-20976

Security Advisory Description An issue was discovered in fs/xfs/xfssuper.c in the Linux kernel before 4.18. A use after free exists, related to xfsfsfillsuper failure. CVE-2018-20976 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

K15518610: Multiple OpenJDK vulnerabilities

Security Advisory Description CVE-2016-5546 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable...

K21037322: Multiple MySQL vulnerabilities CVE-2022-21547, CVE-2022-21550, CVE-2022-21553, CVE-2022-21555, CVE-2022-21556

Security Advisory Description CVE-2022-21547 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Federated. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protoco...

K40293611: Oracle Java SE vulnerability CVE-2022-21349

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerabili...

Intel CPU vulnerability CVE-2021-0093

Incorrect default permissions in the firmware for some IntelR Processors may allow a privileged user to potentially enable a denial of service via local access. CVE-2021-0093 Impact An attacker may be able to exploit the Intel processor firmware to gain elevated access to resources. The following...

SOL11853211 - Multiple Linux kernel vulnerabilities

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL51920288 - OpenSSL vulnerability CVE-2016-2105

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...