6361 matches found
SOL16471 - Linux kernel vulnerability CVE-2010-0415
Note: As of February 17, 2005, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...
SOL15868 - Multiple Wireshark vulnerabilities
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To...
SOL15189 - Apache Commons FileUpload vulnerability CVE-2014-0050
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL12853 - OpenSSL vulnerability CVE-2008-7270
F5 Product Development has determined that these specific product versions are not vulnerable to the OpenSSL session cache issue indicated by CVE-2008-7270. While these product versions may allow a client to change the ciphersuite on a subsequent connection, the system allows the client to change...
K000140784: Apache HTTPD vulnerability CVE-2024-38477
Security Advisory Description null pointer dereference in modproxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue. CVE-2024-38477 Impact Attackers can exploit this...
K17246: Linux kernel vulnerability CVE-2015-3636
Security Advisory Description The pingunhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service use-after-free and system crash by...
K34985231: PHP vulnerabilities CVE-2016-6288 and CVE-2016-6289
Security Advisory Description CVE-2016-6288 The phpurlparseex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via vectors involving the smartstr data type. CVE-2016-6289 Integer...
K15699: Linux kernel vulnerability CVE-2014-0131
Security Advisory Description Use-after-free vulnerability in the skbsegment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. CVE-2014-0131 Impact...
K08250500: Nginx vulnerability CVE-2016-4450
Security Advisory Description os/unix/ngxfiles.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service NULL pointer dereference and worker process crash via a crafted request, involving writing a client request body to a temporary file. CVE-2016-4450...
K89095152: PHP vulnerability CVE-2018-17082
Security Advisory Description The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the phphandler function in...
K14335949: Intel processors vulnerability CVE-2022-24436
Security Advisory Description Observable behavioral in power management throttling for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via network access. CVE-2022-24436 also known as hertzbleed Impact Successful exploitation of this vulnerabili...
K98221124: Multiple dnsmasq vulnerabilities CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686
Security Advisory Description CVE-2020-25684 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the...
K01934914: Ruby-MySQL vulnerability CVE-2021-3779
Security Advisory Description A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later. CVE-2021-3779 Impact There is no impact; F5 products are...
K35253541: Java vulnerability CVE-2020-14797
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker...
K15317908: Apache mod_cluster vulnerability CVE-2016-8612
Security Advisory Description Apache HTTP Server modcluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process. CVE-2016-8612 Impact There is no impact; F5...
K72453266: Linux kernel vulnerability CVE-2013-2164
Security Advisory Description The mmcioctlcdromreaddata function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. CVE-2013-2164 Impact There is no impact; F5...
K38624343: MySQL vulnerabilities CVE-2017-3308, CVE-2017-3456, CVE-2017-3464, and CVE-2020-2780
Security Advisory Description CVE-2017-3308 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged...
K10772: Linux NULL pointer dereference vulnerability - CVE-2009-2692
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...
K17061: Multiple PHP vulnerabilities
Security Advisory Description CVE-2015-4599 The SoapFault::toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service application crash, or possibly execute arbitrary code...
K28409184: Mozilla NSS vulnerability CVE-2020-12413
Security Advisory Description The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites. CVE-2020-12413 Impact This can lead to an attacker being able to compute the pre-master secret i...
K35012672: PHP vulnerability CVE-2014-9705
Security Advisory Description Heap-based buffer overflow in the enchantbrokerrequestdict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries...
K08641512: glibc vulnerability CVE-2020-27618
Security Advisory Description The iconv function in the GNU C Library aka glibc or libc6 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in...
K04265252: MySQL vulnerabilities CVE-2019-2502, CVE-2019-2503, CVE-2019-2507, CVE-2019-2510, and CVE-2019-2528
Security Advisory Description CVE-2019-2502 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
K23125024: MySQL vulnerabilities CVE-2019-2791, CVE-2019-2795, CVE-2019-2796, CVE-2019-2797, and CVE-2019-2798
Security Advisory Description CVE-2019-2791 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Audit Plug-in. Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with networ...
K82508682: Linux kernel vulnerability CVE-2017-6074
Security Advisory Description The dccprcvstateprocess function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCPPKTREQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service double free via an applicatio...
K61429540: Linux kernel vulnerability CVE-2017-9077
Security Advisory Description The tcpv6synrecvsock function in net/ipv6/tcpipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890...
K44512851: OpenSSL vulnerability CVE-2017-3732
Security Advisory Description There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to...
K01955184: Python smtplib library vulnerability CVE-2016-0772
Security Advisory Description The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the...
K03674368: Linux kernel vulnerability CVE-2021-3715
Security Advisory Description A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate the...
K08503505: BIG-IP Edge Client for Windows vulnerability CVE-2021-23022
Security Advisory Description The BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. CVE-2021-23022 Impact This vulnerability can be exploited to allow an unprivileged user to run a specially crafted application to gain privilege escalation on th...
K29154575: ImageMagick vulnerability CVE-2016-3717
Security Advisory Description The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. CVE-2016-3717 Note : This vulnerability is one of the series of vulnerabilities known as ImageTragick. Impact Exploiting this...
K22526232: Multiple Intel software vulnerabilities
Security Advisory Description CVE-2019-14629 INTEL-SA-00332 Improper access control in driver for IntelR VTuneTM Amplifier for Windows before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2019-14615 INTEL-SA-00314 Insufficient control...
K05345625: Linux kernel vulnerability CVE-2018-10872
Security Advisory Description A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first...
K01311313: Linux kernel vulnerability CVE-2021-3612
Security Advisory Description An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the...
K11165942: Linux kernel vulnerability CVE-2018-18710
Security Advisory Description An issue was discovered in the Linux kernel through 4.19. An information leak in cdromioctlselectdisc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is...
K14845276: OpenSSH vulnerability CVE-2016-6210
Security Advisory Description When SSHD tries to authenticate a non-existing user, it will pick up a fake password structure hard-coded in the SSHD source code. An attacker can measure timing information to determine if a user exists when verifying a password. CVE-2016-6210 Impact This...
K62178133: Linux kernel vulnerability CVE-2017-14106
Security Advisory Description The tcpdisconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service tcpselectwindow divide-by-zero error and system crash by triggering a disconnect within a certain tcprecvmsg code path. CVE-2017-14106 Impact ...
K82896488: Cyrus SASL vulnerability CVE-2022-24407
Security Advisory Description In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. CVE-2022-24407 Impact Failure to properly escape SQL input allows an attacker to run arbitrary SQL commands. Security Advisory Status F...
K53092542: Linux kernel vulnerability CVE-2021-20226
Security Advisory Description A use-after-free flaw was found in the iouring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations ...
K12543: OpenSSL vulnerability CVE-2010-4180
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...
K15679: UEFI EDK2 Capsule Update vulnerabilities CVE-2014-4859 / CVE-2014-4860
Security Advisory Description CVE-2014-4859 During the Drive Execution Environment DXE phase of the UEFI boot process, the contents of the capsule image are parsed during processing. An integer overflow vulnerability exists in the capsule processing phase that can cause the allocation of a buffer...
K16898: PKCS #7 vulnerability CVE-2015-1790
Security Advisory Description The PKCS7dataDecodefunction in crypto/pkcs7/pk7doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a PKCS7 blob tha...
K70517410: The BIG-IP ASM CSRF token may fail to renew when the original web server renews its session
Security Advisory Description This issue occurs when all of the following conditions are met: The BIG-IP ASM cross-site request forgery CSRF protection feature is enabled in a security policy. The CSRF token CSRT expiration time is disabled by default in the security policy. The original web serv...
K31301245: TMUI CSRF vulnerability CVE-2020-5904
Security Advisory Description A cross-site request forgery CSRF vulnerability in the Traffic Management User Interface TMUI, also referred to as the Configuration utility, exists in an undisclosed page. CVE-2020-5904 Impact An attacker may be able to use the session of an administrator user to...
K21462542: OpenSSL vulnerability CVE-2017-3735
Security Advisory Description While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then...
K36462841: Linux kernel vulnerability CVE-2018-18281
Security Advisory Description Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that...
Intel CPU vulnerabilities CVE-2021-0107 and CVE-2021-0111
CVE-2021-0107 Unchecked return value in the firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-0111 NULL pointer dereference in the firmware for some IntelR Processors may allow a privileged user to potentially...
SOL43167094 - Apache Struts 2 vulnerability CVE-2016-6795
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL35240323 - PHP Vulnerability CVE-2016-4539
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL10550253 - ImageMagick vulnerability CVE-2016-3715
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...