6392 matches found
SOL17541 - Linux kernel vulnerability CVE-2015-2150
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL17237 - Linux kernel vulnerability CVE-2014-7822
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...
SOL16122 - Linux kernel vulnerability CVE-2014-9322
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...
SOL16011 - Linux kernel vulnerability CVE-2012-6657
The socksetsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service system crash by leveraging the ability to create a raw socket. CVE-2012-6657...
SOL14574 - PHP vulnerability CVE-2012-1172
PHP has been cited with the following vulnerability, which may be locally exploitable on some F5 products: The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid open square bracket characters in name values, which makes it easier for attackers to cause a...
SOL14445 - Linux kernel vulnerability CVE-2013-2094
Vulnerability Recommended Actions To mitigate this vulnerability, you can enable Appliance mode for vulnerable BIG-IP versions. For information about Appliance mode, refer to the following article: Impact of action: Appliance mode is designed to meet the needs of customers in especially sensitive...
SOL13660 - BIND vulnerability CVE-2012-1667
BIG-IP 9.4.8 HF6 contains a patch backported from BIND 9.6 to BIND 9.4. However, the BIND version string was not updated to indicate a change was made. Recommended Action To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the...
SOL4583 - Insufficient validation of ICMP error messages - VU#222750 / CVE-2004-0790
This vulnerability describes the use of spoofed ICMP packets to affect existing TCP connections. An attacker could cause a TCP connection to be closed or slowed by interfering with the Path MTU Discovery process or by generating one of the following spoofed ICMP messages: Destination unreachable...
K93951507: Multiple Samba vulnerabilities
Security Advisory Description CVE-2020-1472 An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC, aka 'Netlogon Elevation of Privilege Vulnerability'...
K16009: OpenSSH vulnerability CVE-2014-9278
Security Advisory Description The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended...
K16993: PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026
Security Advisory Description CVE-2015-4025 PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with...
K16350: Samba vulnerability CVE-2015-0240
Security Advisory Description The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code...
K28464509: PHP vulnerability CVE-2018-7584
Security Advisory Description In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the phpstreamurlwraphttpex function in ext/standard/httpfopenwrapper.c. This subsequently results in...
K18364001: Node.js vulnerability CVE-2017-15896
Security Advisory Description Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS...
K55102004: BIG-IP Edge Client for Windows vulnerability CVE-2020-5855
Security Advisory Description When the Windows Logon Integration feature is configured for BIG-IP Edge Client, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user. CVE-2020-5855 Impact Attackers may be able to bypass...
K48355112: PHP vulnerability CVE-2018-10549
Security Advisory Description An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exifreaddata in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exifiifaddvalue mishandles the case of a MakerNote that lacks a fin...
K00994461: GSON vulnerability CVE-2022-25647
Security Advisory Description The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace method in internal classes, which may lead to DoS attacks. CVE-2022-25647 Impact Traffic is disrupted for new client connections. This...
K15004519: NFS vulnerability CVE-2017-7895
Security Advisory Description The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to...
K31530542: PHP vulnerabilities CVE-2007-1777, CVE-2007-3997, CVE-2007-4657, CVE-2008-3658, and CVE-2008-3659
Security Advisory Description CVE-2007-1777 Integer overflow in the zipreadentry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call,...
K07560020: Linux kernel vulnerabilities CVE-2015-7884, CVE-2015-7885, CVE-2015-8543, CVE-2015-8569, and CVE-2015-8660
Security Advisory Description CVE-2015-7884 The vividfbioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application...
K30291321: The attack signature check may fail to detect and block illegal requests for a case-insensitive policy
Security Advisory Description The web application firewall attack signature check may fail to detect and block illegal requests. This issue occurs when all of the following conditions are met: You are using one of the following web application firewall products: Advanced WAF or BIG-IP ASM 11.6.0 ...
Intel CPU vulnerability CVE-2021-0093
Incorrect default permissions in the firmware for some IntelR Processors may allow a privileged user to potentially enable a denial of service via local access. CVE-2021-0093 Impact An attacker may be able to exploit the Intel processor firmware to gain elevated access to resources. The following...
SOL04253390 - Apache Xerces vulnerability CVE-2016-2099
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL20145801 - Mozilla NSS vulnerability CVE-2016-1979
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL17551 - Linux kernel vulnerability CVE-2014-9419
Although the software of the affected F5 products contains the vulnerable code, the affected F5 products do not use the vulnerable code in a way that exposes the vulnerability in a standard configuration. An attacker must have local shell access to the affected F5 products to trigger an exploit...
SOL16898 - PKCS #7 vulnerability CVE-2015-1790
The BIG-IP data plane is not vulnerable to this CVE. The control plane is only vulnerable when a locally authenticated attacker uses the OpenSSL command line tool. While BIG-IP v12.0.0 ships with an OpenSSL version prior to 1.0.1n, the libraries necessary to fix the issue were merged with the...
SOL16334 - Apache Struts vulnerability CVE-2013-4316
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15680 - Linux kernel vulnerabilities CVE-2014-3917, CVE-2014-0205 and CVE-2014-4667
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...
K000138651: c-ares vulnerability CVE-2022-4904
Security Advisory Description A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrit...
K54207009: Apache mod_remoteip vulnerability CVE-2019-10097
Security Advisory Description In Apache HTTP Server 2.4.32-2.4.39, when modremoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only...
K15311661: NodeJS vulnerability CVE-2016-2086
Security Advisory Description Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. CVE-2016-2086 Impact An attacker may be able to perform HTTP reques...
K5533: Potential protocol version rollback vulnerability in OpenSSL - CVE-2005-2969
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this Solution have not been evaluated for...
K28622040: Python vulnerability CVE-2019-9948
Security Advisory Description urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call. CVE-2019-9948 Impac...
K51440224: PCRE vulnerability CVE-2016-3191
Security Advisory Description The compilebranch function in pcrecompile.c in PCRE 8.x before 8.39 and pcre2compile.c in PCRE2 before 10.22 mishandles patterns containing an ACCEPT substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a...
K51512510: tcpdump vulnerability CVE-2018-14879
Security Advisory Description The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:getnextfile. CVE-2018-14879 Impact A local attacker may be able to corrupt data, run arbitrary code, or cause the program to terminate. Security Advisory Status F5 Product...
K16881: OZWPAN driver vulnerabilities CVE-2015-4001, CVE-2015-4002, CVE-2015-4003, CVE-2015-4004
Security Advisory Description Description CVE-2015-4001 Integer signedness error in the ozhcdgetdesccnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service system crash or possibly execute arbitrary...
K80996302: Multiple NTP vulnerabilities
Security Advisory Description CVE-2016-7427 The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service reject broadcast mode packets via a crafted broadcast mode packet. CVE-2016-7428 ntpd in NTP before 4.2.8p9 allows remo...
K18015201: Linux kernel vulnerability CVE-2017-2636
Security Advisory Description Race condition in drivers/tty/nhdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service double free by setting the HDLC line discipline. CVE-2017-2636 Impact This vulnerability may allow locally authenticated users ...
K69309752: Apache HTTPD vulnerability CVE-2022-30556
Security Advisory Description Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread that point past the end of the storage allocated for the buffer. CVE-2022-30556 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...
K22148713: BIND vulnerability CVE-1999-0184
Security Advisory Description When compiled with the -DALLOWUPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records. CVE-1999-0184 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...
K17313: PHP vulnerability CVE-2014-4721
Security Advisory Description The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF variables, which might allow context-dependent attackers to obtain...
K32512431: Linux kernel vulnerabilities CVE-2020-8694 and CVE-2020-8695
Security Advisory Description CVE-2020-8694 Insufficient access control in the Linux kernel driver for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-8695 Observable discrepancy in the RAPL interface for some IntelR...
K13540723: NTP vulnerability CVE-2018-7184
Security Advisory Description ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service disruption by sending a packet with a zero-origin timestamp causing the association to reset and setting the...
K04734219: Red Hat JBoss vulnerability CVE-2015-7501
Security Advisory Description Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid JDG 6.x; Data Virtualization JDV 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works FSW 6.x; Operations Network JBoss ON 3.x; Portal 6.x; SOA Platform...
K75521602: MySQL vulnerability CVE-2022-21444
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple...
K14760551: Multiple libwebp vulnerabilities
Security Advisory Description CVE-2018-25009 A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. CVE-2018-25010 A flaw was...
K10269585: Linux kernel vulnerability CVE-2018-20976
Security Advisory Description An issue was discovered in fs/xfs/xfssuper.c in the Linux kernel before 4.18. A use after free exists, related to xfsfsfillsuper failure. CVE-2018-20976 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...
K73648110: Apache Tomcat vulnerability CVE-2021-25329
Security Advisory Description The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to...
K52379673: Linux kernel vulnerability for CVE-2021-4083
Security Advisory Description A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system o...
K81158013: Linux kernel vulnerability CVE-2017-16939
Security Advisory Description The XFRM dump policy implementation in net/xfrm/xfrmuser.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service use-after-free via a crafted SORCVBUF setsockopt system call in conjunction with XFRMMSGGETPOLICY Netlink...