6396 matches found
K04367730: FRF.16 parser vulnerability CVE-2018-14468
Security Advisory Description The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfrprint. CVE-2018-14468 Impact When tcpdump is active and configured to parse FRF.16 traffic, certain traffic patterns may trigger a crash or other unexpected behavior of the tcpdump...
K08006936: Apache Commons Configuration vulnerability CVE-2022-33980
Security Advisory Description Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of...
K51025656: Linux kernel vulnerability CVE-2016-10229
Security Advisory Description udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSGPEEK flag. CVE-2016-10229 Impact There is no impact; F5...
K35421172: Excess resource consumption due to low MSS values vulnerability CVE-2019-11479
Security Advisory Description Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This...
K17011311: NodeJS vulnerability CVE-2022-35256
Security Advisory Description The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. CVE-2022-35256 Impact There is no impact; F5 products are not affected by this vulnerability...
K09604370: Linux kernel vulnerability CVE-2020-25705
Security Advisory Description A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this...
K86005324: Samba vulnerability CVE-2016-2124
Security Advisory Description A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. CVE-2016-2124 Impact There is no impact; F5 products are not affecte...
K44270253: OpenJDK vulnerabilities CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, and CVE-2022-21299
Security Advisory Description CVE-2022-21291 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and...
K35520031: BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability CVE-2016-5700
Security Advisory Description BIG-IP virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or...
K49711130: OpenSSL and Intel processor SMT side-channel vulnerability (PortSmash) CVE-2018-5407
Security Advisory Description Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention.' CVE-2018-5407 also known as PortSmash Impact The vulnerability allows an attacker who can...
K56142644: Appliance mode Advanced WAF/ASM TMUI authenticated remote command execution vulnerability CVE-2021-22989
Security Advisory Description When running in Appliance mode with Advanced WAF or ASM provisioned, the Traffic Management User Interface TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. CVE-2021-22989 Note : For...
K32592426: Linux kernel vulnerability CVE-2019-15538
Security Advisory Description An issue was discovered in xfssetattrnonsize in fs/xfs/xfsiops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfssetattrnonsize is failing to unlock the ILOCK after the xfsqmvopchownreserve call...
K41913011: Java SE vulnerabilities CVE-2019-2973 and CVE-2019-2981
Security Advisory Description CVE-2019-2973 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated...
K52828640: libcurl vulnerability CVE-2016-8616
Security Advisory Description A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that...
K14200143: Linux kernel vulnerability CVE-2019-19058
Security Advisory Description A memory leak in the allocsgtable function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering allocpage failures, aka CID-b4b814fec1a5. CVE-2019-19058 Impact...
K74251611: Linux kernel vulnerability CVE-2021-38166
Security Advisory Description In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAPSYSADMIN capability. CVE-2021-38166 Impact An...
K53252134: Intel BIOS vulnerability CVE-2021-0155
Security Advisory Description Unchecked return value in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable information disclosure via local access. CVE-2021-0155 Impact A local attacker logged-in as a privileged user can exploit the vulnerability to gai...
K80513384: Apache HTTPD vulnerability CVE-2016-5387
Security Advisory Description The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outboun...
SOL32460441 - OpenSSL vulnerabilities CVE-2016-7053 and CVE-2016-7054
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL23512141 - OpenSSL vulnerability CVE-2016-2179
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL95432245 - PHP vulnerability CVE-2016-5768
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL75248350 - QEMU vulnerability CVE-2016-1714
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL79401162 - Samba vulnerabilities CVE-2016-2111, CVE-2016-2113, and CVE-2016-2114
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL20979231 - Apache vulnerability CVE-2011-3639
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL16909 - BIND vulnerability CVE-2015-5477
1These versions are vulnerable if a self IP address or management IP address is configured to allow inbound connections on port 53. 2These versions are vulnerable if a DNS profile is configured with the Use BIND Server on BIG-IP option enabled by default. 3These versions are vulnerable if...
SOL16866 - PowerDNS vulnerabilities CVE-2014-8601 and CVE-2015-1868
CVE-2014-8601 PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service "performance degradations" via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it. Â CVE-2015-1868 The label...
SOL16828 - Apache Tomcat vulnerability CVE-2005-2090
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...
SOL16475 - Multiple Sun Java vulnerabilities
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy...
SOL8578 - Security Advisory: BIND buffer overflow in inet_network CVE-2008-0122
An off-by-one error in the inetnetwork function in libbind could lead to memory corruption with certain inputs. libbind has a vulnerability in the inetnetwork API. However, this API is not used by any F5 products that use the affected version of BIND. Information about this advisory is available ...
SOL4743 - Inadequate validation for TCP segments CVE-2005-0356
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers PAWS with the timestamps option enabled allow remote attackers to cause a denial of service connection loss via a spoofed packet with a large timer value, which causes the host to discard later packets because they appe...
SOL1648 - OpenSSH array overflow - CAN-2002-0083
Note: By default, BIG-IP and 3-DNS do not have non-root accounts so this vulnerability is not a significant issue for F5 Networks customers. This vulnerability requires that the user already be authenticated on the BIG-IP system in order to assume root access...
K000139525: Libexpat vulnerability CVE-2022-43680
Security Advisory Description In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations. CVE-2022-43680 Impact System performance degradation can occur until the process is forced to restart...
K000139764: Apache HTTPD vulnerability CVE-2023-38709
Security Advisory Description Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. CVE-2023-38709 Impact This vulnerability allows malicious or exploitable...
K000139218: CVE-2024-22243 Spring Framework vulnerability
Security Advisory Description Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to...
K42332834: NTP vulnerability CVE-2018-12327
Security Advisory Description Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any...
K82112489: GNOME GLib vulnerability CVE-2021-27219
Security Advisory Description An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function gbytesnew has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. CVE-2021-27219...
K04755144: Multiple QEMU vulnerabilities
Security Advisory Description CVE-2015-8613 Stack-based buffer overflow in the megasasctrlgetinfo function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service QEMU instance crash via a crafted SCSI controller CTRLGETINFO command...
K17848347: Oracle Java vulnerabilities CVE-2019-2422, CVE-2019-2449, and CVE-2019-2540
Security Advisory Description CVE-2019-2422 Vulnerability in the Java SE component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with...
K38573130: Apache Tomcat vulnerability CVE-2020-13934
Security Advisory Description An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading...
K63519101: Multiple QEMU vulnerabilities
Security Advisory Description CVE-2014-8106 Heap-based buffer overflow in the Cirrus VGA emulator hw/display/cirrusvga.c in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for...
K24444803: Node.js vulnerabilities CVE-2015-8860, CVE-2015-8856, CVE-2016-7099, and CVE-2016-5325
Security Advisory Description CVE-2015-8860 The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. CVE-2015-8856 Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote...
K05428062: pcregrep in PCRE vulnerability CVE-2015-8393
Security Advisory Description pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. CVE-2015-8393 Impact A local,...
K68562154: MySQL vulnerability CVE-2005-0004
Security Advisory Description The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files. CVE-2005-0004 Impact There ...
K56331254: Apache HTTP server vulnerability CVE-2021-41524
Security Advisory Description While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No...
K48523069: System Security Services Daemon vulnerability CVE-2015-5292
Security Advisory Description Memory leak in the Privilege Attribute Certificate PAC responder plugin sssdpacplugin.so in System Security Services Daemon SSSD 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service memory consumption via a large number of logins that...
K30363030: PHP vulnerability CVE-2016-5771
Security Advisory Description splarray.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and...
K02613439: Linux kernel vulnerability CVE-2017-9076
Security Advisory Description The dccpv6requestrecvsock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890...
K51048910: Eclipse Jetty vulnerability CVE-2021-28169
Security Advisory Description For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the...
K91084571: PHP vulnerability CVE-2015-8873
Security Advisory Description Stack consumption vulnerability in Zend/zendexceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service segmentation fault via recursive method calls. CVE-2015-8873 Impact An authenticated...
K12092991: Linux Kernel vulnerability CVE-2020-35519
Security Advisory Description An out-of-bounds OOB memory access flaw was found in x25bind in net/x25/afx25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash o...