6401 matches found
K000140711: Python urllib3 vulnerability CVE-2024-37891
Security Advisory Description urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy suppor...
K000137584: Linux kernel vulnerability CVE-2023-1829
Security Advisory Description A use-after-free vulnerability in the Linux Kernel traffic control index filter tcindex can be exploited to achieve local privilege escalation. The tcindexdelete function which does not properly deactivate filters in case of a perfect hashes while deleting the...
K41204355: PHP vulnerability CVE-2016-5114
Security Advisory Description sapi/fpm/fpm/fpmlog.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service out-of-bounds read...
K82570157: NTP vulnerability CVE-2018-7170
Security Advisory Description ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This...
K57110035: BIG-IP APM Edge Client for Windows logging vulnerability CVE-2022-27636
Security Advisory Description BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. CVE-2022-27636 Impact An attacker with privileges on the Windows system can view the logged sensitive APM session-related information. Security Advisory...
K02825271: Linux kernel vulnerability CVE-2017-13166
Security Advisory Description An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167. CVE-2017-13166 Impact This flaw could be exploited by an attacker to overwrite a kernel memory from an unprivileged userspace...
K14338030: libxml2 vulnerability CVE-2016-1762
Security Advisory Description The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document. CVE-2016-1762 Impact Allows an attacker unauthorized disclosure of information, unauthorized modification, an...
K25423748: QEMU vulnerability CVE-2019-14378
Security Advisory Description ipreass in ipinput.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. CVE-2019-14378 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Statu...
K28273449: Linux kernel vulnerability CVE-2018-6555
Security Advisory Description The irdasetsockopt function in net/irda/afirda.c and later in drivers/staging/irda/net/afirda.c in the Linux kernel before 4.17 allows local users to cause a denial of service iasobject use-after-free and system crash or possibly have unspecified other impact via an...
K03444640: MySQL vulnerabilities CVE-2019-2740, CVE-2019-2741, CVE-2019-2743, CVE-2019-2746, and CVE-2019-2747
Security Advisory Description CVE-2019-2740 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: XML. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with...
K11830089: BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2022-41617
Security Advisory Description When the F5 BIG-IP Advanced WAF or BIG-IP ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface. CVE-2022-41617 Impact On systems deployed in Standard or Appliance mode, this vulnerability may all...
K58928452: Kernel vulnerability CVE-2017-1000410
Security Advisory Description The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker i...
K32412503: Trusted Platform Module vulnerabilities CVE-2019-11090 and CVE-2019-16863
Security Advisory Description CVE-2019-11090 Cryptographic timing conditions in the subsystem for IntelR PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; IntelR TXE 3.1.70 and 4.0.20; IntelR SPS before versions SPSE504.01.04.305.0, SPSSoC-X04.00.04.108.0,...
K31209433: Linux kernel vulnerabilities CVE-2017-6345, CVE-2017-6347, and CVE-2017-6348
Security Advisory Description CVE-2017-6345 The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service BUGON or possibly have unspecified other impact via crafted system...
K13213418: BIG-IP monitor configuration vulnerability CVE-2022-35735
Security Advisory Description An authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner, leading to a privilege escalation. CVE-2022-35735 Impact This vulnerability may allow an...
K15079139: Linux kernel vulnerability CVE-2019-18660
Security Advisory Description The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry64.S and arch/powerpc/kernel/security.c. CVE-2019-18660...
K73071205: PHP vulnerability CVE-2016-5385
Security Advisory Description PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...
K15404: OpenSSL vulnerability CVE-2009-3245
Security Advisory Description OpenSSL before 0.9.8m does not check for a NULL return value from bnwexpand function calls in 1 crypto/bn/bndiv.c, 2 crypto/bn/bngf2m.c, 3 crypto/ec/ec2smpl.c, and 4 engines/eubsec.c, which has unspecified impact and context-dependent attack vectors. CVE-2009-3245...
K35358312: TCP vulnerability CVE-2015-8099
Security Advisory Description Under limited conditions, an invalid TCP segment can lead to a Denial of Service for the High-Speed Bridge HSB on the following platforms: 3900, 6900, 8900, 8950, 11000, 11050, PB100 or PB200. This issue is only exposed on virtual servers while Software SYN cookies a...
K91024405: Java SE vulnerability CVE-2017-10115
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows...
K17326: Linux kernel vulnerability CVE-2015-5157
Security Advisory Description arch/x86/entry/entry64.S in the Linux kernel before 4.1.6 on the x8664 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI. CVE-2015-5157 Impact A locally...
K15935: NTP vulnerability CVE-2014-9294
Security Advisory Description util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. CVE-2014-9294 Impact Theoretically, a remote attacker can determine a weak...
K16950: SQLite vulnerability CVE-2015-3416
Security Advisory Description The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service integer overflow and stack-based buffer overfl...
K69734255: INTEL-SA-00251 - Intel NUC Firmware vulnerability CVE-2019-11094
Security Advisory Description Insufficient input validation in system firmware for Intel R NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access. CVE-2019-11094 Impact There is no impact; F5 product...
K52004282: Linux kernel vulnerability CVE-2021-32606
Security Advisory Description In the Linux kernel 5.11 through 5.12.2, isotpsetsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. This does not affect earlier versions that lack CAN ISOTP SFBROADCAST support. CVE-2021-32606 Impact There is no impact; F5...
K92665308: Apache Tomcat vulnerabilities CVE-2017-7674 and CVE-2017-7675
Security Advisory Description CVE-2017-7674 The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache...
K42910051: OpenSSL vulnerability CVE-2020-1971
Security Advisory Description The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not...
K31616043: Linux kernel vulnerability CVE-2021-28660
Security Advisory Description rtwwxsetscan in drivers/staging/rtl8188eu/osdep/ioctllinux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the -ssid array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/ unfinished work;...
K52401347: Linux kernel vulnerability CVE-2021-28972
Security Advisory Description In drivers/pci/hotplug/rpadlparsysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly...
K13815051: Apache vulnerability CVE-2021-30641
Security Advisory Description Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' CVE-2021-30641 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently...
K96223611: BIND vulnerability CVE-2021-25215
Security Advisory Description In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named...
K98155950: Linux kernel vulnerability CVE-2018-19824
Security Advisory Description In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device with zero interfaces that is mishandled in usbaudioprobe in sound/usb/card.c. CVE-2018-19824 Impact There is no impact; F5...
K17321: Linux kernel UDF vulnerability CVE-2015-4167
Security Advisory Description The udfreadinode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service incorrect data representation or integer overflow, and OOPS via a crafted UDF filesystem...
K22012502: Linux kernel vulnerability CVE-2017-7273
Security Advisory Description The cpreportfixup function in drivers/hid/hid-cypress.c in the Linux kernel 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service integer underflow or possibly have unspecified other impact via a crafted HID report. CVE-2017-7273 Impact...
K01369521: bind vulnerability CVE-2022-0667
Security Advisory Description When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 CVE-2022-0667 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for...
K03451253: Java vulnerabilities CVE-2018-3150, CVE-2018-3157, and CVE-2018-13785
Security Advisory Description CVE-2018-3150 Vulnerability in the Java SE component of Oracle Java SE subcomponent: Utility. The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...
K91040959: Polkit vulnerabilities CVE-2018-1116 and CVE-2018-19788
Security Advisory Description CVE-2018-1116 A flaw was found in polkit before version 0.116. The implementation of the polkitbackendinteractiveauthoritycheckauthorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users...
K10396196: Linux RPM vulnerability CVE-2021-20271
Security Advisory Description A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute...
K37256400: Linux kernel vulnerability CVE-2021-4028
Security Advisory Description A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local...
K38472857: Kernel vulnerability CVE-2016-8655
Security Advisory Description Race condition in net/packet/afpacket.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service use-after-free by leveraging the CAPNETRAW capability to change a socket version, related to the packetsetring and...
K32805465: Linux kernel Vulnerability CVE-2021-3483
Security Advisory Description A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality,...
K51390683: PHP vulnerabilities CVE-2016-5094 and CVE-2016-5095
Security Advisory Description CVE-2016-5094 Integer overflow in the phphtmlentities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from...
K03521623: Linux kernel vulnerability CVE-2017-7541
Security Advisory Description The brcmfcfg80211mgmttx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service buffer overflow and system crash or possibly gain privileges via a crafted NL80211CMDFRAM...
K49905324: BIG-IP TMUI CSRF vulnerability CVE-2022-1389
Security Advisory Description A cross-site request forgery CSRF vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping, traceroute, and WOM diagnostics. CVE-2022-1389 Impact An attacker may...
K76314525: Samba vulnerabilities CVE-2015-5252 and CVE-2015-5299
Security Advisory Description CVE-2015-5252 vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points...
K73644551: Apache Tomcat vulnerability CVE-2016-6325
Security Advisory Description The Tomcat package on Red Hat Enterprise Linux RHEL 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for 1 /etc/sysconfig/tomcat and 2 /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat...
K43378049: Linux kernel vulnerability CVE-2019-19074
Security Advisory Description A memory leak in the ath9kwmicmd function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption, aka CID-728c1e2a05e4. CVE-2019-19074 Impact There is no impact; F5 products are not...
K50148721: MySQL vulnerabilities CVE-2018-3282, CVE-2018-3283, CVE-2018-3284, CVE-2018-3285, and CVE-2018-3286
Security Advisory Description CVE-2018-3282 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Storage Engines. Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allow...
K93419216: Multiple MySQL vulnerabilities CVE-2022-21534, CVE-2022-21535, CVE-2022-21537, CVE-2022-21538, CVE-2022-21539
Security Advisory Description CVE-2022-21534 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
K12853: OpenSSL vulnerability CVE-2008-7270
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : F5 has not evaluated specific versions that are not listed in this article fo...