Intel CPU vulnerabilities CVE-2021-0107 and CVE-2021-0111

CVE-2021-0107 Unchecked return value in the firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-0111 NULL pointer dereference in the firmware for some IntelR Processors may allow a privileged user to potentially...

sudo vulnerability CVE-2017-1000367

F5 Product Development has evaluated the currently supported releases for potential vulnerability. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the...

SOL35232053 - PHP vulnerability CVE-2016-7125

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL41739114 - Linux kernel vulnerability CVE-2014-6410

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL16392 - NTP vulnerability CVE-2014-9750

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL16123 - OpenSSL vulnerability CVE-2014-3571

The SOD process is only vulnerable if the failover.secure database variable is enabled; the database variable is disabled by default. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to th...

SOL15751 - OpenSSH vulnerability CVE-2007-0726

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

SOL3284 - Buffer overflows in stub resolver libraries - CAN-2002-0029

The vulnerability described in this article has been resolved, or does not affect any F5 products. There will be no further updates, unless new information is discovered...

K000138586: Node.js c-areas vulnerability CVE-2023-31130

Security Advisory Description c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would...

K000138392: Apache Tomcat vulnerability CVE-2024-21733

Security Advisory Description Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which...

K000137106: HTTP/2 vulnerability CVE-2023-44487

Security Advisory Description The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 also known as HTTP/2 Rapid Reset Attack Impact BIG-IP and...

K17246: Linux kernel vulnerability CVE-2015-3636

Security Advisory Description The pingunhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service use-after-free and system crash by...

K95432245: PHP vulnerability CVE-2016-5768

Security Advisory Description Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application...

K14335949: Intel processors vulnerability CVE-2022-24436

Security Advisory Description Observable behavioral in power management throttling for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via network access. CVE-2022-24436 also known as hertzbleed Impact Successful exploitation of this vulnerabili...

K54811521: Linux kernel vulnerabilities CVE-2019-14815, CVE-2019-14895, CVE-2019-14901, CVE-2019-19055

Security Advisory Description CVE-2019-14815 A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiexsetwmmparams function of Marvell Wifi Driver. CVE-2019-14895 A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18....

K11546763: Linux kernel vulnerability CVE-2021-3653

Security Advisory Description A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this...

K84933088: Linux kernel vulnerability CVE-2019-19338

Security Advisory Description A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort TAA error occurs. When a guest is running on a host CPU affected by t...

K14201: BIND denial-of-service attack CVE-2012-5166/CVE-2012-4244

Security Advisory Description A vulnerability exists in the BIND DNS server process that may allow a remote attacker to initiate a denial-of-service DoS attack against the DNS service. Impact DNS services may be unavailable and cause a failure in DNS resolution. Security Advisory Status F5 Produc...

K14742: OpenSSH vulnerability CVE-2008-4109

Security Advisory Description A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a...

K68120526: Linux kernel vulnerability CVE-2022-0742

Security Advisory Description Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc. CVE-2022-0742 Impact Ther...

K17061: Multiple PHP vulnerabilities

Security Advisory Description CVE-2015-4599 The SoapFault::toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service application crash, or possibly execute arbitrary code...

K72813580: glibc vulnerabilities CVE-2017-1000408 and CVE-2017-1000409

Security Advisory Description CVE-2017-1000408 A memory leak in glibc 2.1.1 released on May 24, 1999 can be reached and amplified through the LDHWCAPMASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. CVE-2017-100040...

K8106: OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

K71960814: OpenSSH vulnerability CVE-2016-1908

Security Advisory Description The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by...

K24324390: OpenSSH vulnerability CVE-2016-10011

Security Advisory Description authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. CVE-2016-10011 Impact...

K27238230: glibc vulnerability CVE-2020-29573

Security Advisory Description sysdeps/i386/ldbl2mpn.c in the GNU C Library aka glibc or libc6 before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a...

K17530: NTP vulnerabilities CVE-2015-7691, CVE-2015-7692, and CVE-2015-7702

Security Advisory Description CVE-2015-7691 The cryptoxmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an...

K65213626: Linux kernel vulnerability CVE-2020-25645

Security Advisory Description A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read...

K56715231: TMM buffer-overflow vulnerability CVE-2021-22991

Security Advisory Description Undisclosed requests to a virtual server may be incorrectly handled by Traffic Management Microkernel TMM URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it theoretically may allow bypass of URL based access...

K68562154: MySQL vulnerability CVE-2005-0004

Security Advisory Description The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files. CVE-2005-0004 Impact There ...

K82508682: Linux kernel vulnerability CVE-2017-6074

Security Advisory Description The dccprcvstateprocess function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCPPKTREQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service double free via an applicatio...

K75547109: Samba vulnerability CVE-2020-25717

Security Advisory Description A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. CVE-2020-25717 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...

K18684657: QEMU 4.2.0 vulnerability CVE-2020-7039

Security Advisory Description tcpemu in tcpsubr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMUIRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code...

K16122: Linux kernel vulnerability CVE-2014-9322

Security Advisory Description arch/x86/kernel/entry64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment SS segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address...

K44923228: Oracle Java SE vulnerability CVE-2018-2783

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit vulnerability allows...

K35513527: Oracle Java SE vulnerability CVE-2018-2800

Security Advisory Description Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access vi...

K04600292: Apache vulnerability CVE-2017-9789

Security Advisory Description When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behavior. CVE-2017-9789 Impact There is no impact; F5 products are not affected by thi...

K39604784: BIG-IP system incorrectly forwards VLAN-tagged frames with STP at Pass Through mode

Security Advisory Description The BIG-IP system incorrectly forwards VLAN-tagged frames, even if the VLAN is not defined on the ingress interface, when Spanning Tree Protocol STP is set to Pass Through mode. Note : The following BIG-IP platforms are not affected: BIG-IP 2000s/2200s BIG-IP...

K22526232: Multiple Intel software vulnerabilities

Security Advisory Description CVE-2019-14629 INTEL-SA-00332 Improper access control in driver for IntelR VTuneTM Amplifier for Windows before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2019-14615 INTEL-SA-00314 Insufficient control...

K05137342: Linux kernel vulnerability CVE-2018-1000004

Security Advisory Description In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. CVE-2018-1000004 Impact There is no impact; F5 products are not affected by this...

K04303225: Intel BIOS vulnerability CVE-2021-0190

Security Advisory Description Uncaught exception in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable aescalation of privilege via local access. CVE-2021-0190 Impact A local attacker logged in as a privileged user can exploit the vulnerability to gain...

K56213806: Intel SSD INTEL-SA-00563 vulnerabilities

Security Advisory Description CVE-2021-33069 Improper resource shutdown or release in firmware for some IntelR SSD, IntelR SSD DC, IntelR OptaneTM SSD and IntelR OptaneTM SSD DC may allow a privileged user to potentially enable denial of service via local access. CVE-2021-33074 Protection mechani...

K32051722: Apache Tomcat vulnerability CVE-2018-1305

Security Advisory Description Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL...

K55121327: GnuPG vulnerability CVE-2018-12020

Security Advisory Description mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example,...

K51484039: PHP 'snmp.c' remote format string vulnerability CVE-2016-4071

Security Advisory Description Format string vulnerability in the phpsnmperror function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call. CVE-2016-4071 Impact There...

K15910: Linux kernel SCTP vulnerabilities CVE-2014-3673 and CVE-2014-3687

Security Advisory Description CVE-2014-3673 The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service system crash via a malformed ASCONF chunk, related to net/sctp/smmakechunk.c and net/sctp/smstatefuns.c. CVE-2014-3687 The...

K44942017: NTP vulnerability CVE-2014-5209

Security Advisory Description An Information Disclosure vulnerability exists in NTP 4.2.7p25 private mode 6/7 messages via a GETRESTRICT control message, which could let a malicious user obtain sensitive information. CVE-2014-5209 Impact An attacker may be able to prompt the network time protocol...

K49229034: Sudo vulnerabilities CVE-2014-9680, CVE-2016-7032, CVE-2016-7076, and CVE-2016-7077

Security Advisory Description CVE-2014-9680 sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as...

K01948202: Linux kernel vulnerability CVE-2016-0728

Security Advisory Description The joinsessionkeyring function in security/keys/processkeys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service integer overflow and use-after-free via...

K31026324: Linux kernel vulnerabilities CVE-2015-2925, CVE-2015-5307, and CVE-2015-8104

Security Advisory Description CVE-2015-2925 The prependpath function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a...