6402 matches found
K82034427: BIG-IP FTP profile vulnerability CVE-2022-26130
Security Advisory Description When an Active mode-enabled FTP profile is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing active FTP data channel connections. CVE-2022-26130 Impact Traffic is disrupted for active FTP data channel connections. Thi...
K62506335: libgxps vulnerability CVE-2018-10733
Security Advisory Description There is a heap-based buffer over-read in the function ftfontfacehash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack. CVE-2018-10733 Impact There is no impact; F5 products are not affected by this vulnerabilit...
K75555129: Netty vulnerabilities CVE-2019-16869 and CVE-2020-7238
Security Advisory Description CVE-2019-16869 Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a "Transfer-Encoding : chunked" line, which leads to HTTP request smuggling. CVE-2020-7238 Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles...
K36302720: Apache Tomcat vulnerability CVE-2016-6797
Security Advisory Description The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web...
K17518: NTP vulnerability CVE-2015-7871
Security Advisory Description Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. CVE-2015-7871 Impact An unauthenticated remote attacker may force ntpd processes on targeted servers to peer with time sources of the...
K07944249: Node.js vulnerability CVE-2020-8277
Security Advisory Description A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions 15.2.1, 14.15.1, and 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is...
K04185528: LibTIFF vulnerabilities CVE-2016-3186 CVE-2018-10779 CVE-2018-10963 CVE-2018-12900 CVE-2018-17100 CVE-2018-17101 CVE-2018-18661 CVE-2018-7456 CVE-2018-8905
Security Advisory Description CVE-2016-3186 Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service application crash via a crafted GIF file. CVE-2018-10779 TIFFWriteScanline in tifwrite.c in LibTIFF 3.8.2 has a heap-based...
K73464925: Multiple Java vulnerabilities CVE-2021-35588, CVE-2021-35603, CVE-2021-35565, CVE-2021-35578
Security Advisory Description CVE-2021-35588 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit...
K02186513: Linux kernel vulnerability CVE-2020-1749
Security Advisory Description A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link;...
K28418435: Java vulnerability CVE-2017-10053
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: 2D. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows...
K04897373: BIG-IP TMM vulnerability CVE-2019-6678
Security Advisory Description When the tm.minipfragsize BigDB variable is modified from the default value to a value less than 60 and the packet filter feature is enabled, specifically crafted fragmented TCP packets may cause the Traffic Management Microkernel TMM to fail and restart. CVE-2019-66...
K19855851: Intel SPI Flash vulnerability CVE-2017-5703
Security Advisory Description Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service. CVE-2017-5703 Impact BIG-IP A local attacker can alter the behavior of the SPI Flash...
K51813353: Linux Kernel vulnerability CVE-2019-9506
Security Advisory Description The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks aka "KNOB" that can decrypt traff...
K05911127: Java vulnerability CVE-2017-10176
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows...
K06044762: systemd vulnerabilities CVE-2018-16864 and CVE-2018-16865
Security Advisory Description CVE-2018-16864 An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash...
K11010341: Authenticated iControl REST in Appliance mode vulnerability CVE-2022-35243
Security Advisory Description When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary...
K15635: PHP 5.x vulnerability - CVE-2012-1171
Security Advisory Description The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the openbasedir protection mechanism and read arbitrary files via vectors involving a streamclose method call during use of a custom stream wrapper. CVE-2012-1171 Impact None. No F5 products a...
K72430453: PostgreSQL vulnerability CVE-2020-25696
Security Advisory Description A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute...
K59722044: PHP vulnerabilities CVE-2016-1903 and CVE-2016-1904
Security Advisory Description CVE-2016-1903 The gdImageRotateInterpolated function in ext/gd/libgd/gdinterpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service out-of-bounds read and...
K53244431: SSL Intercept iApp HTTP Explicit Proxy vulnerability CVE-2017-0305
SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus...
K05200155: Multiple Java vulnerabilities
Security Advisory Description CVE-2015-4734 Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS. CVE-2015-4805 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60,...
SOL40521234 - Multiple Oracle Java SE vulnerabilities
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL54225343 - libxml2 vulnerabilities CVE-2016-3627 and CVE-2016-3705
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL04972684 - PHP vulnerability CVE-2016-3185
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL03151140 - ImageMagick vulnerability CVE-2016-3714
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL23230229 - OpenSSL vulnerability CVE-2016-2109
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL79215841 - OpenSSL vulnerability CVE-2016-0702
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL17524 - NTP vulnerability CVE-2015-7854
If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not lis...
SOL17309 - Linux kernel vulnerability CVE-2015-5366
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...
SOL16826 - PHP vulnerability CVE-2015-4024
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL16764 - PHP vulnerability CVE-2015-4022
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...
SOL16302 - OpenSSL vulnerability CVE-2015-0292
Integer underflow in the EVPDecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact v...
SOL16009 - OpenSSH vulnerability CVE-2014-9278
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15792 - Path MTU discovery vulnerability CVE-2004-1060
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL15784 - Kerberos vulnerability CVE-2013-1418
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists...
SOL15641 - Outdated or incorrect version vulnerability CVE-1999-0662
Recommended action To mitigate this vulnerability, you can subscribe to email notifications to keep up with the latest hotfixes and updates for your product. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new...
SOL15316 - PHP vulnerability CVE-2013-4635
Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL10143 - Cross-Site Scripting Vulnerabilities in the FirePass logon
Cross-site scripting XSS vulnerabilities exist in the FirePass logon page, which is accessible prior to authentication. The affected FirePass page fails to fully sanitize HTTP request input before the web page content is sent to the browser. By altering the HTTP request input in the cookie, a...
SOL9107 - OpenSSH vulnerability CVE-2008-1483
Information about this advisory is available at the following locations: Note: The following links take you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge...
SOL8186 - Cross-site scripting vulnerability in Apache mod_imap CVE-2007-5000
F5 Product Development has determined the likelihood of exploitation is low for the cross-site scripting XSS vulnerability disclosed in CVE-2007-5000. Exploiting this vulnerability would require an administrator of an F5 device to interact with a web page crafted by an attacker. Possible attacks...
SOL4009 - Vulnerabilities in libpng - CAN-2004-0597, CAN-2004-0598, CAN-2004-0599
These vulnerabilities are described as methods under which an attacker could generate a PNG file that would cause applications that use libpng to execute arbitrary code. Since an attacker would require root access to the BIG-IP or 3-DNS in order to exploit this vulnerability, it is considered to ...
SOL2888 - DNS cache poisoning vulnerability CVE-2003-0914
Information about this advisory is available at the following location: Note: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge...
K000139611: NGINX HTTP/3 QUIC vulnerability CVE-2024-31079
Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection...
K000138850: OpenJDK vulnerabilities CVE-2024-20918, CVE-2024-20925, CVE-2024-20945, CVE-2024-20952, and CVE-2024-20955
Security Advisory Description CVE-2024-20918 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle...
K000138679: Golang vulnerabilities CVE-2023-24540, CVE-2023-29400, and CVE-2023-29403
Security Advisory Description CVE-2023-24540 Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly...
K42219132: OpenSSL vulnerability CVE-2016-6309
Security Advisory Description statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service use-after-free or possibly execute arbitrary code via a crafted TLS session. CVE-2016-6309 Impact There is no...
K35205264: Linux kernel vulnerability CVE-2018-10938
Security Advisory Description A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipsov4optptr function in net/ipv4/cipsoipv4.c leading to a denial-of-servic...
K01225001: Apache Tomcat vulnerability CVE-2017-5664
Security Advisory Description The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to...
K01837042: Multiple Wireshark (tshark) vulnerabilities
Security Advisory Description CVE-2015-8711 epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash v...
K15745: Multiple Oracle Java vulnerabilities
Security Advisory Description CVE-2014-6513 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. CVE-2014-6532 Unspecified vulnerability in Oracle Jav...