6401 matches found
SOL16983 - PCRE library vulnerability CVE-2015-2325
Although the BIG-IP/BIG-IQ/Enterprise Manager software contains the vulnerable code, BIG-IP/BIG-IQ/Enterprise Manager does not use the vulnerable code in a way that exposes the vulnerability. An attacker must have local access to BIG-IP/BIG-IQ/Enterprise Manager to trigger an exploit, which the...
SOL16833 - Linux vulnerability CVE-2014-7826
kernel/trace/tracesyscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service invalid pointer dereference via a crafted application. CVE-2014-7826...
SOL15568 - OpenSSL vulnerability CVE-2014-3510
Recommended Action You can eliminate this vulnerability by running a version listed in the Versions known to be not vulnerable column in the previous table. If the Versions known to be not vulnerable column does not list a version that is later than the version you are running, then no upgrade...
SOL15133 - BIND vulnerability CVE-2014-0591
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy...
SOL13277 - Apache vulnerability CVE-2009-2412
Recommended action ARX To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column of the table. To mitigate this vulnerability, do not enable access to the ARX management API. Supplemental Information Note: The previous link takes you to...
SOL13108 - TCP Packet Filtering Weakness - CERT VU # 464113
This security advisory describes a TCP vulnerability. Various vendors' TCP/IP implementations handle packets containing unusual flag combinations in different ways, which may lead to a violation of implicit or explicit security policies. For example, an attacker may be able to bypass network acce...
SOL9988 - libpng vulnerability CVE-2009-0040
Description The PNG reference library libpng, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code by way of a crafted PNG file. Information about this advisory is available at the followin...
SOL7923 - Cross-site scripting vulnerability in the logon page after enabling a pre-logon sequence - CVE-2007-6704
A cross-site scripting XSS vulnerability—CVE-2007-6704—exists in the FirePass logon page when a pre-logon sequence is enabled. The affected FirePass URL fails to fully sanitize URL input before the web page content is sent to the browser. It is possible for an attacker to create web pages,...
K000141402: SQLite vulnerabilities CVE-2018-20506, CVE-2018-20505, CVE-2018-20346, CVE-2015-5895, CVE-2015-3717
Security Advisory Description CVE-2018-20506 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow and resultant buffer overflow for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute...
K15217245: Oracle Java SE vulnerability CVE-2018-2815
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability...
K86772626: OpenSSL vulnerability CVE-2015-3194
Security Advisory Description crypto/rsa/rsaameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an RSA PSS ASN.1 signature that lacks a mask generation function parameter...
K30714460: OpenSSL vulnerability CVE-2015-3193
Security Advisory Description The Montgomery squaring implementation in crypto/bn/asm/x8664-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x8664 platform, as used by the BNmodexp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to...
K59010802: Multiple MySQL vulnerabilities
Security Advisory Description CVE-2015-4730 Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types. CVE-2015-4792 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and...
K16965: bzip2 vulnerabilities CVE-2005-0953 and CVE-2005-1260
Security Advisory Description CVE-2005-0953 Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete...
K06208063: Linux kernel vulnerability CVE-2018-1000004
Security Advisory Description In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. CVE-2018-1000004 Impact There is no impact; F5 products are not affected by this...
K37046163: Kernel vulnerability CVE-2016-6480
Security Advisory Description Race condition in the ioctlsendfib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service out-of-bounds access or system crash by changing a certain size value, aka a "double fetch" vulnerability...
K69488451: Multiple QEMU vulnerabilities CVE-2020-13791, CVE-2020-13800, CVE-2020-15469, CVE-2020-15859, and CVE-2020-15863
Security Advisory Description CVE-2020-13791 hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. CVE-2020-13800 ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite...
K54811521: Linux kernel vulnerabilities CVE-2019-14815, CVE-2019-14895, CVE-2019-14901, CVE-2019-19055
Security Advisory Description CVE-2019-14815 A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiexsetwmmparams function of Marvell Wifi Driver. CVE-2019-14895 A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18....
K51201255: Linux kernel vulnerability CVE-2016-7117
Security Advisory Description Use-after-free vulnerability in the sysrecvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. CVE-2016-7117 Impact...
K62282045: Linux kernel vulnerability CVE-2021-38207
Security Advisory Description drivers/net/ethernet/xilinx/lltemacmain.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service buffer overflow and lockup by sending heavy network traffic for about ten minutes. CVE-2021-38207 Impact There is no impact; F5 products...
K21458044: Linux kernel vulnerability CVE-2020-10942
Security Advisory Description In the Linux kernel before 5.5.8, getrawsocket in drivers/vhost/net.c lacks validation of an skfamily field, which might allow attackers to trigger kernel stack corruption via crafted system calls. CVE-2020-10942 Impact There is no impact; F5 products are not affecte...
K14086714: BIND vulnerability CVE-2022-1183
Security Advisory Description On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS...
K09422508: OpenSSL vulnerabilities CVE-2016-6307 and CVE-2016-6308
Security Advisory Description CVE-2016-6307 The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service memory consumption via crafted TLS messages, related to...
K95003704: Java SE vulnerability CVE-2018-3183
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Scripting. Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows...
K51801290: RSRE Variant 3a vulnerability CVE-2018-3640
Security Advisory Description Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Rea...
K13322484: libssh2 vulnerability CVE-2019-13115
Security Advisory Description In libssh2 before 1.9.0, kexmethoddiffiehellmangroupexchangesha256keyexchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose...
K07052904: PHP vulnerability CVE-2015-3307
Security Advisory Description The pharparsemetadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service heap metadata corruption or possibly have unspecified other impact via a crafted tar archive...
K84310302: Linux kernel vulnerability CVE-2019-12456
Security Advisory Description DISPUTED An issue was discovered in the MPT3COMMAND case in ctlioctlmain in drivers/scsi/mpt3sas/mpt3sasctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of...
K13219: DHCP Client vulnerability CVE-2011-0997
Security Advisory Description The ISC Dynamic Host Configuration Protocol DHCP client, dhclient , in versions 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands by way of shell metacharacters in a...
K21125762: The BIG-IP CFE logs sensitive Azure storage account credentials
Security Advisory Description The BIG-IP Cloud Failover Extension CFE logs sensitive Azure storage account credentials in /var/log/restnoded/restnoded.log. This issue occurs when all of the following conditions are met: You configure the CFE to provide failover functionality for your BIG-IP syste...
K8077: BIND 8 vulnerability CVE-2007-2930
Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...
K34341852: Apache Tomcat 6.x vulnerability CVE-2015-5345
Security Advisory Description The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.67, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via...
K6623: OpenSSL signature vulnerability - CVE-2006-4339
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this Solution have not been evaluated for...
K55354030: OpenJDK vulnerabilities CVE-2021-2341, CVE-2021-2369, CVE-2021-2388, CVE-2021-2432
Security Advisory Description CVE-2021-2341 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0...
K37080719: NGINX Instance Manager vulnerability CVE-2022-35241
Security Advisory Description When NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. CVE-2022-35241 Impact System performance can degrade until system inodes become free. This vulnerability allows a remote, authenticated attacker to cause a...
K01512680: Linux kernel vulnerability CVE-2019-11811
Security Advisory Description An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmisi module is removed, related to drivers/char/ipmi/ipmisiintf.c, drivers/char/ipmi/ipmisimemio.c, and...
K16321: OpenSSL vulnerability CVE-2015-0293
Security Advisory Description The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service s2lib.c assertion failure and daemon exit via a crafted CLIENT-MASTER-KEY message. CVE-2015-0293...
K11936401: Java SE vulnerability CVE-2017-10102
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with...
K42117350: Intel-SA-00213: Intel CSME, Intel SPS, Intel TXE, Intel DAL, and Intel AMT vulnerabilities
Security Advisory Description In May 2019, Intel announced the discovery of multiple vulnerabilities with Intel technology. To review Intel-SA-00213, the complete announcement, refer to the following link: Intel CSME, Intel SPS, Intel TXE, Intel DAL, and Intel AMT 2019.1 QSR Advisory Note : The...
K53084033: OpenSSL vulnerability CVE-2016-2178
Security Advisory Description The dsasignsetup function in crypto/dsa/dsaossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. CVE-2016-2178 Impact An...
K03009991: iControl REST unauthenticated remote command execution vulnerability CVE-2021-22986
Security Advisory Description The iControl REST interface has an unauthenticated remote command execution vulnerability. CVE-2021-22986 Impact This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management interface and se...
K34239812: Libexpat vulnerability CVE-2019-15903
Security Advisory Description In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read. CVE-2019-15903...
K15605622: MySQL vulnerability CVE-2016-6664
Security Advisory Description mysqldsafe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and...
K45213552: cups-filters vulnerabilities CVE-2015-8327 and CVE-2015-8560
Security Advisory Description CVE-2015-8327 Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via backtick characters in a print job. CVE-2015-8560...
K04253390: Apache Xerces vulnerability CVE-2016-2099
Security Advisory Description Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier does not properly handle exceptions raised in the XMLReader class, which allows context-dependent attackers to have unspecified impact via an invalid character in an...
K05441360: Oracle Java SE vulnerability CVE-2018-2797
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JMX. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows...
K76295179: Linux kernel vulnerability CVE-2019-15099
Security Advisory Description drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. CVE-2019-15099 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...
K04623854: Apache Tomcat vulnerability CVE-2018-1304
Security Advisory Description The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the...
K01988340: HTTP/2 Reset Flood vulnerability CVE-2019-9514
Security Advisory Description Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RSTSTREAM frames from the peer. Depending on...
K80311892: InfoZIP vulnerability CVE-2019-13232
Security Advisory Description Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service resource consumption, aka a "better zip bomb" issue. CVE-2019-13232 Impact Local users with administrative access to the BIG-IP Advanced Shell bash may be able...