6396 matches found
SOL15638 - Python vulnerability CVE-2013-4238
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15273 - Apache vulnerability CVE-2012-0053
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. ARX To mitigate th...
K000137053: Overview of F5 vulnerabilities (October 2023)
Security Advisory Description Note : F5 is committed to responding quickly to potential vulnerabilities in F5 products. As with all publicly known vulnerabilities, F5 is committed to publishing a response as soon as the vulnerability has been thoroughly investigated. In this case, an external...
K43310520: BIG-IP TMUI vulnerability CVE-2020-5940
Security Advisory Description A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the BIG-IP Configuration utility. CVE-2020-5940 Impact An authenticated attacker may be able to store JavaScript, which i...
K21561554: Linux kernel vulnerability security/apparmor CVE-2019-18814
Security Advisory Description An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aalabelparse fails in aaauditruleinitin security/apparmor/audit.c. CVE-2019-18814 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisor...
K21531693: libssh2 vulnerability CVE-2016-0787
Security Advisory Description The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...
K61971428: Multiple Java vulnerabilities
Security Advisory Description CVE-2013-5775 Unspecified vulnerability in the Java SE and JavaFX components in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. CVE-2013-5777 Unspecified...
K30404955: Linux kernel vulnerability CVE-2019-5489
Security Advisory Description The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Fixing this affects the output of...
K02553911: Java vulnerabilities CVE-2020-14556, CVE-2020-14583, and CVE-2020-14664
Security Advisory Description CVE-2020-14556 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticate...
K26555255: Multiple Java vulnerabilities CVE-2020-2781, CVE-2020-2800, CVE-2020-2803, CVE-2020-2805, CVE-2020-2830
Security Advisory Description CVE-2020-2781 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated...
K14613: BIND vulnerability CVE-2013-4854
Security Advisory Description The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial-of-service DoS through a query with a...
K61267093: Multiple NSS vulnerabilities CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, and CVE-2020-12402
Security Advisory Description CVE-2020-6829 When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the...
K41385746: Apache Tomcat vulnerability CVE-2017-5648
Security Advisory Description While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application...
K34425791: Intel processor vulnerabilities CVE-2019-0151, CVE-2019-0152
Security Advisory Description CVE-2019-0151 Insufficient memory protection in IntelR TXT for certain IntelR Core Processors and IntelR XeonR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2019-0152 Insufficient memory protection in Syste...
K15648: PHP vulnerability CVE-2014-2020
Security Advisory Description ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a 1 string or 2 array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string f...
K56231955: RSA Authentication Agent vulnerabilities CVE-2018-1232, CVE-2018-1233, and CVE-2018-1234
Security Advisory Description CVE-2018-1232 RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit...
K32019083: Linux kernel vulnerability CVE-2019-11815
Security Advisory Description An issue was discovered in rdstcpkillsock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. CVE-2019-11815 Impact There is no impact; F5 products are not affected by this...
K10002140: Eclipse Jetty vulnerabilities CVE-2017-7657 and CVE-2017-7658
Security Advisory Description In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk...
K61223103: Linux kernel vulnerability CVE-2017-9074
Security Advisory Description The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service out-of-bounds read and BUG or possibly have unspecified...
K15526101: Linux kernel vulnerability CVE-2017-8824
Security Advisory Description The dccpdisconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service use-after-free via an AFUNSPEC connect system call during the DCCPLISTEN state. CVE-2017-8824 Impact An attacker may...
K13400: SSL 3.0/TLS 1.0 vulnerability CVE-2011-3389 and TLS protocol vulnerability CVE-2012-1870
Security Advisory Description CVE-2011-3389 The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows...
K17382: OpenSSL vulnerability CVE-2010-4252
Security Advisory Description OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in ea...
K47133310: Samba vulnerability CVE-2016-2112
Security Advisory Description The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying...
SOL51025324 - Apache Tomcat 7.x vulnerabilities CVE-2015-5346, CVE-2015-5351, and CVE-2016-0763
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL95698826 - LZO vulnerability CVE-2014-4607
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL53445000 - BIND vulnerability CVE-2015-8704
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL49233165 - Apache Groovy vulnerability CVE-2015-3253
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL51841514 - QEMU vulnerability CVE-2015-6855
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL16479 - Linux kernel vulnerability CVE-2009-4537
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...
SOL15934 - NTP vulnerability CVE-2014-9293
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...
SOL15782 - SQL injection vulnerability CVE-2014-3704
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL15329 - SSL_MODE_RELEASE_BUFFERS vulnerability CVE-2014-0198
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...
K000137326: Apache mod_macro vulnerability CVE-2023-31122
Security Advisory Description Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development ha...
K000133098: Apache vulnerability CVE-2023-25690
Security Advisory Description Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches...
K25511825: Linux kernel vulnerabilities CVE-2021-3564, CVE-2021-3573, and CVE-2021-3752
Security Advisory Description CVE-2021-3564 A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kerne...
K54082580: BIG-IP CGNAT LSN vulnerability CVE-2022-26517
Security Advisory Description When the BIG-IP CGNAT Large Scale NAT LSN pool is configured on a virtual server and packet filtering is enabled, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-26517 For more information about packet filters, refer to th...
K42454663: PHP vulnerability CVE-2015-8874
Security Advisory Description Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.CVE-2015-8874 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status ...
K00303143: Apache Tomcat vulnerability CVE-2022-34305
Security Advisory Description In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. CVE-2022-34305 Impact A...
K9107: OpenSSH vulnerability CVE-2008-1483
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K15640: GNU C Library (glibc) vulnerabilities CVE-2014-0475, CVE-2014-5119, CVE-2013-4458
Security Advisory Description CVE-2014-0475 Multiple directory traversal vulnerabilities in GNU C Library aka glibc or libc6 before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. dot dot in a 1 LC, 2 LANG, or other...
K14445: Linux kernel vulnerability CVE-2013-2094
Security Advisory Description The perfsweventinit function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type. CVE-2013-2094 Impact Local users may be able to gain privileges through a crafted perfeventopen system call. Security Advisory Status F5 Product...
K54095660: Linux kernel vulnerability CVE-2016-9555
Security Advisory Description The sctpsfootb function in net/sctp/smstatefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service out-of-bounds slab access or possibly have unspecified other impact via...
K32562936: Intel CPU vulnerabilities CVE-2020-24511 and CVE-2020-24512
Security Advisory Description CVE-2020-24511 Improper isolation of shared resources in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-24512 Observable timing discrepancy in some IntelR Processors may allow an...
K31501591: QEMU vulnerability CVE-2017-15118
Security Advisory Description A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu...
K04367730: FRF.16 parser vulnerability CVE-2018-14468
Security Advisory Description The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfrprint. CVE-2018-14468 Impact When tcpdump is active and configured to parse FRF.16 traffic, certain traffic patterns may trigger a crash or other unexpected behavior of the tcpdump...
K08006936: Apache Commons Configuration vulnerability CVE-2022-33980
Security Advisory Description Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of...
K51025656: Linux kernel vulnerability CVE-2016-10229
Security Advisory Description udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSGPEEK flag. CVE-2016-10229 Impact There is no impact; F5...
K35421172: Excess resource consumption due to low MSS values vulnerability CVE-2019-11479
Security Advisory Description Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This...
K17011311: NodeJS vulnerability CVE-2022-35256
Security Advisory Description The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. CVE-2022-35256 Impact There is no impact; F5 products are not affected by this vulnerability...
K46859523: Multiple Java vulnerabilities
Security Advisory Description CVE-2022-21618 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily...