K41242221: QEMU vulnerability CVE-2017-2615

Security Advisory Description Quick emulator QEMU built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU...

K63326092: NTP vulnerability CVE-2016-7434

Security Advisory Description The readmrulist function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service crash via a crafted mrulist query. CVE-2016-7434 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

K55672042: Linux kernel vulnerability CVE-2016-4470

Security Advisory Description The keyrejectandlink function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service system crash via vectors involving a crafted keyctl request2...

K00103182: Oniguruma vulnerability CVE-2019-13224

Security Advisory Description A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and...

K91125274: RubyGems vulnerability CVE-2017-0903

Security Advisory Description RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code...

K32615023: Linux kernel vulnerability CVE-2022-2588

Security Advisory Description It was discovered that the clsroute filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. CVE-2022-2588 Impact This flaw allows a local user to cause a denial-of-service DoS on the...

K21430012: Linux kernel vulnerability CVE-2018-16884

Security Advisory Description A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host...

K14229426: BIG-IP SSL vulnerability CVE-2022-29491

Security Advisory Description When a virtual server is configured with HTTP, TCP on one side client/server, and DTLS on the other server/client, undisclosed requests can cause the TMM process to terminate. CVE-2022-29491 Impact Traffic is disrupted while the TMM process restarts. This vulnerabili...

K18193959: Spring Framework vulnerability CVE-2018-1258

Security Advisory Description Spring Security in combination with Spring Framework versions prior to 5.0.6 contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. CVE-2018-1258 Impact Traffix SD...

K02566623: Overview of F5 vulnerabilities (March 2021)

Security Advisory Description On March 10th, 2021, F5 announced twenty-one 21 CVEs, including four Critical vulnerabilities. This document is intended to serve as an overview of these vulnerabilities to help determine the impact on your F5 devices. The details of each issue can be found in the...

K03202240: FFmpeg vulnerabilities CVE-2016-1897 and CVE-2016-1898

Security Advisory Description CVE-2016-1897 FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming HLS M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a...

K12853: OpenSSL vulnerability CVE-2008-7270

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : F5 has not evaluated specific versions that are not listed in this article fo...

K17236: Apache HTTP server vulnerability CVE-2015-3185

Security Advisory Description The apsomeauthrequired function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass...

K16826: PHP vulnerability CVE-2015-4024

Security Advisory Description Algorithmic complexity vulnerability in the multipartbufferheaders function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service CPU consumption via crafted form data that triggers an...

K17132: Linux kernel vulnerability CVE-2014-8133

Security Advisory Description arch/x86/kernel/tls.c in the Thread Local Storage TLS implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a craft...

K27673650: Linux kernel vulnerability CVE-2018-17972

Security Advisory Description An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel...

SOL24311131 - MySQL vulnerability CVE-2016-3492

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL22232964 - Expat XML library vulnerability CVE-2016-4472

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL42219132 - OpenSSL vulnerability CVE-2016-6309

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL55181425 - Wget vulnerability CVE-2016-4971

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL68942513 - Java vulnerability CVE-2013-5780

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL47098834 - glibc vulnerability CVE-2015-7547

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL59010802 - Multiple MySQL vulnerabilities

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL20219314 - OpenSSL vulnerability CVE-2015-1794

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL93203055 - Java vulnerability CVE-2015-4872

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL17326 - Linux kernel vulnerability CVE-2015-5157

Recommended Action If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently...

SOL17227 - BIND vulnerability CVE-2015-5986

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL16950 - SQLite vulnerability CVE-2015-3416

Although the software of the affected F5 products contain the vulnerable code, the affected F5 products do not use the vulnerable code in a way which exposes the vulnerability in a standard configuration. An attacker must have local shell access to the affected F5 products to trigger an exploit...

SOL16352 - Multiple OpenJDK vulnerabilities

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy...

SOL15984 - Linux kernel vulnerability CVE-2013-7265

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

SOL15741 - Apache Commons HttpClient vulnerability CVE-2012-6153

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

SOL15737 - Apache vulnerability CVE-2014-3577

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

SOL15683 - Ruby vulnerability CVE-2013-4073

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

SOL15236 - ConfigSync IP Rsync full file system access vulnerability CVE-2014-2927

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...

SOL15343 - OpenSSL vulnerability CVE-2014-0221

The dtls1getmessagefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service recursion and client crash via a DTLS hello message in an invalid DTLS handshake. CVE-2014-0221...

SOL3631 - Stack-based buffer overflow in Apache - CAN-2004-0488

Vulnerability description and product information: Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code by way of a client certificate with a long...

SOL6623 - OpenSSL signature vulnerability - CVE-2006-4339

This security advisory describes an OpenSSL signature vulnerability. Forged RSA signatures may be accepted during client certificate validations when the certificates are signed by certain Certificate Authority CA. This flaw could potentially cause F5 products to accept maliciously crafted client...

K000140963: libarchive vulnerability CVE-2021-31566

Security Advisory Description An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when...

K000139668: MySQL Server vulnerabilities CVE-2024-21000 and CVE-2024-21008

Security Advisory Description CVE-2024-21000 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with...

K000138445: NGINX HTTP/3 QUIC vulnerability CVE-2024-24990

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. CVE-2024-24990 Note : The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information,...

K000137584: Linux kernel vulnerability CVE-2023-1829

Security Advisory Description A use-after-free vulnerability in the Linux Kernel traffic control index filter tcindex can be exploited to achieve local privilege escalation. The tcindexdelete function which does not properly deactivate filters in case of a perfect hashes while deleting the...

K30714460: OpenSSL vulnerability CVE-2015-3193

Security Advisory Description The Montgomery squaring implementation in crypto/bn/asm/x8664-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x8664 platform, as used by the BNmodexp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to...

K41204355: PHP vulnerability CVE-2016-5114

Security Advisory Description sapi/fpm/fpm/fpmlog.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service out-of-bounds read...

K10429441: Linux kernel vulnerability CVE-2020-14331

Security Advisory Description A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VTRESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to t...

K64348180: MySQL vulnerabilities CVE-2022-21517, CVE-2022-21519, CVE-2022-21522, CVE-2022-21525, and CVE-2022-21526

Security Advisory Description CVE-2022-21517 Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

K03444640: MySQL vulnerabilities CVE-2019-2740, CVE-2019-2741, CVE-2019-2743, CVE-2019-2746, and CVE-2019-2747

Security Advisory Description CVE-2019-2740 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: XML. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with...

K41582535: Linux kernel vulnerability CVE-2017-18509

Security Advisory Description An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inetcsklistenstop general protection fault, or potentially execute arbitrary code under...

K55545288: Linux kernel vulnerability CVE-2019-19046

Security Advisory Description DISPUTED A memory leak in the ipmibmcregister function in drivers/char/ipmi/ipmimsghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering idasimpleget failure, aka CID-4aa7afb0ee20. NOTE: third...

K15079139: Linux kernel vulnerability CVE-2019-18660

Security Advisory Description The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry64.S and arch/powerpc/kernel/security.c. CVE-2019-18660...

K15404: OpenSSL vulnerability CVE-2009-3245

Security Advisory Description OpenSSL before 0.9.8m does not check for a NULL return value from bnwexpand function calls in 1 crypto/bn/bndiv.c, 2 crypto/bn/bngf2m.c, 3 crypto/ec/ec2smpl.c, and 4 engines/eubsec.c, which has unspecified impact and context-dependent attack vectors. CVE-2009-3245...