6401 matches found
SOL75136237 - Privilege escalation vulnerability CVE-2015-7393
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL16835 - ICU overflow vulnerabilities CVE-2014-8146 and CVE-2014-8147
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...
SOL16477 - Linux kernel vulnerability CVE-2010-2524
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...
SOL16429 - Linux kernel vulnerability CVE-2015-0239
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy...
SOL15901 - Apache HTTP server vulnerability CVE-2012-2687
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...
SOL15595 - Apache Xalan-Java vulnerability CVE-2014-0107
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15328 - OpenSSL vulnerability CVE-2010-5298
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists...
SOL15317 - Linux kernel vulnerability CVE-2014-0101
The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash via an...
SOL13600 - SSH vulnerability CVE-2012-1493
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...
SOL3144 - Apache mod_alias buffer overflow vulnerability - CAN-2003-0542
Multiple stack-based buffer overflows in 1 modalias and 2 modrewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service crash or execute arbitrary code via a regular expression with more than 9 captures. Although the Configuration utility for F5...
K000148351: PostgreSQL vulnerabilities CVE-2017-15098, CVE-2017-14798, CVE-2016-7048, CVE-2016-5424, and CVE-2016-5423
Security Advisory Description CVE-2017-15098 Invalid jsonpopulaterecordset or jsonbpopulaterecordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory...
K000141459: Angular JS vulnerabilities CVE-2019-14863 and CVE-2022-25869
Security Advisory Description CVE-2019-14863 There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. CVE-2022-2586...
K000140768: OpenSSH vulnerability CVE-2024-7589
Security Advisory Description A signal handler in sshd8 may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds 120 by default. This signal handler executes in the context of the sshd8's...
K000138353: Quarterly Security Notification (February 2024)
Security Advisory Description On February 14, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associat...
K000138586: Node.js c-areas vulnerability CVE-2023-31130
Security Advisory Description c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would...
K17235: PCRE library vulnerability CVE-2015-3210
Security Advisory Description Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^?P=B?P=B?J:?Pc?Pa?P=BWGXCREDITS/, a different vulnerability than CVE-2015-8384. CVE-2015-3210...
K15320518: FasterXML jackson-databind vulnerability CVE-2020-8840
Security Advisory Description In FasterXML jackson-databind 2.0.0 through 2.9.10.2, due to the lack of certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter , attackers can exploit JNDI injections to remotely execute code. FasterXML Jackson is a...
K52125139: NGINX Ingress Controller vulnerability CVE-2022-30535
Security Advisory Description An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. CVE-2022-30535 Impact This vulnerability may allow an authenticated attacker with network access to NGINX Ingress Controller ingress objects t...
K84933088: Linux kernel vulnerability CVE-2019-19338
Security Advisory Description A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort TAA error occurs. When a guest is running on a host CPU affected by t...
K40752270: Linux kernel vulnerability CVE-2019-15917
Security Advisory Description An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hciuartregisterdev fails in hciuartsetproto in drivers/bluetooth/hcildisc.c. CVE-2019-15917 Impact There is no impact; F5 products are not affected by this vulnerability...
K16443: MIT Kerberos 5 vulnerabilities CVE-2014-9421 and CVE-2014-5352
Security Advisory Description CVE-2014-9421 The authgssapiunwrapdata function in lib/rpc/authgssapimisc.c in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cau...
K14742: OpenSSH vulnerability CVE-2008-4109
Security Advisory Description A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a...
K17566: NTP vulnerability CVE-2015-7704
Security Advisory Description The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. CVE-2015-7704 Impact An off-path attacker can send a crafted Kiss of Death KoD packet to the client, which...
K24249971: Linux kernel vulnerability CVE-2019-10638
Security Advisory Description In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols e.g., UDP and ICMP. When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash...
K8939: SNMPv3 HMAC verification vulnerability CVE-2008-0960 - VU#878044
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K72813580: glibc vulnerabilities CVE-2017-1000408 and CVE-2017-1000409
Security Advisory Description CVE-2017-1000408 A memory leak in glibc 2.1.1 released on May 24, 1999 can be reached and amplified through the LDHWCAPMASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. CVE-2017-100040...
K27238230: glibc vulnerability CVE-2020-29573
Security Advisory Description sysdeps/i386/ldbl2mpn.c in the GNU C Library aka glibc or libc6 before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a...
K17530: NTP vulnerabilities CVE-2015-7691, CVE-2015-7692, and CVE-2015-7702
Security Advisory Description CVE-2015-7691 The cryptoxmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an...
K65213626: Linux kernel vulnerability CVE-2020-25645
Security Advisory Description A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read...
K75547109: Samba vulnerability CVE-2020-25717
Security Advisory Description A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. CVE-2020-25717 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...
K35513527: Oracle Java SE vulnerability CVE-2018-2800
Security Advisory Description Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access vi...
K65230547: Apache Tomcat vulnerabilities CVE-2016-5018, CVE-2016-6794, and CVE-2016-6796
Security Advisory Description CVE-2016-5018 In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web...
K10105323: Java Bouncy Castle vulnerability CVE-2015-7940
Security Advisory Description The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve...
K55181425: Wget vulnerability CVE-2016-4971
Security Advisory Description GNU Wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. CVE-2016-4971 Impact An attacker with local access may be able to upload arbitrary files to the system. Security Advisory Status F5...
K04600292: Apache vulnerability CVE-2017-9789
Security Advisory Description When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behavior. CVE-2017-9789 Impact There is no impact; F5 products are not affected by thi...
K70300233: BIG-IP TMUI XSS vulnerability CVE-2022-28707
Security Advisory Description A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility also referred to as the BIG-IP TMUI that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2022-28707 Impact A...
K39604784: BIG-IP system incorrectly forwards VLAN-tagged frames with STP at Pass Through mode
Security Advisory Description The BIG-IP system incorrectly forwards VLAN-tagged frames, even if the VLAN is not defined on the ingress interface, when Spanning Tree Protocol STP is set to Pass Through mode. Note : The following BIG-IP platforms are not affected: BIG-IP 2000s/2200s BIG-IP...
K05137342: Linux kernel vulnerability CVE-2018-1000004
Security Advisory Description In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. CVE-2018-1000004 Impact There is no impact; F5 products are not affected by this...
K04303225: Intel BIOS vulnerability CVE-2021-0190
Security Advisory Description Uncaught exception in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable aescalation of privilege via local access. CVE-2021-0190 Impact A local attacker logged in as a privileged user can exploit the vulnerability to gain...
K45439210: libxml2 vulnerability CVE-2015-8710
Security Advisory Description The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service out-of-bounds heap memory access and application crash, or possibly have unspecified other impact via an unclosed HTML comment...
K42398544: Linux kernel vulnerability CVE-2018-15471
Security Advisory Description An issue was discovered in xenvifsethashmapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When...
K07933942: Linux kernel vulnerabilities CVE-2020-25668, CVE-2020-25669
Security Advisory Description A flaw was found in Linux Kernel because access to the global variable fgconsole is not properly synchronized leading to a use after free in confontop. CVE-2020-25668 A vulnerability was found in the Linux Kernel where the function sunkbdreinit having been scheduled ...
K30503705: Java SE vulnerability CVE-2018-3180
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows...
K25920352: Intel CPU SRBDS side-channel vulnerability CVE-2020-0543
Security Advisory Description Incomplete cleanup from specific special register read operations in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-0543 Impact There is no impact; F5 products are not affected by this...
K55121327: GnuPG vulnerability CVE-2018-12020
Security Advisory Description mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example,...
K84341091: Apache2 vulnerability CVE-2019-10081
Security Advisory Description HTTP/2 2.4.20 through 2.4.39 very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplie...
K15910: Linux kernel SCTP vulnerabilities CVE-2014-3673 and CVE-2014-3687
Security Advisory Description CVE-2014-3673 The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service system crash via a malformed ASCONF chunk, related to net/sctp/smmakechunk.c and net/sctp/smstatefuns.c. CVE-2014-3687 The...
K9108: Apache Tomcat Cross-site scripting (XSS) vulnerability - CVE-2008-1232
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K01948202: Linux kernel vulnerability CVE-2016-0728
Security Advisory Description The joinsessionkeyring function in security/keys/processkeys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service integer overflow and use-after-free via...
Intel CPU vulnerability CVE-2021-0156
Improper input validation in the firmware for some IntelR Processors may allow an authenticated user to potentially enable an escalation of privilege via local access. CVE-2021-0156 Impact An attacker may be able to exploit the Intel processor firmware to gain elevated access to resources. The...