6413 matches found
SOL15648 - PHP vulnerability CVE-2014-2020
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15557 - OpenSSH vulnerability CVE-2011-4327
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15480 - PHP vulnerability CVE-2012-2688
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15388 - OpenSSL vulnerability CVE-2011-4108
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. BIG-IP 11.x To...
SOL15152 - Ruby vulnerability CVE-2013-4164
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL14261 - OpenSSL OCSP vulnerability CVE-2013-0166
Recommended action To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. Supplemental Information Common Vulnerabilities and Exposures CVE-2013-0166 Note: The previous link takes you to a resource outside of...
SOL12794 - GNU C Library vulnerability CVE-2010-4052
Vulnerability description and product information. Stack consumption vulnerability in the regcomp implementation in the GNU C Library glibc or libc6 through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service. Information about this advisory is...
SOL9990 - icclib vulnerabilities CVE-2009-0583 and CVE-2009-0584
Description Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in Ghostscript's International Color Consortium Format library icclib. Using specially-crafted ICC profiles, an attacker could create a...
SOL9762 - OpenSSL vulnerability - CVE-2008-5077
OpenSSL 0.9.8i and earlier versions do not properly check the return value from the EVPVerifyFinal function. Information about this advisory is available at the following locations: Note: These links take you to a resource outside of AskF5, and it is possible that the information may be removed...
SOL9108 - Apache Tomcat Cross-site scripting (XSS) vulnerability - CVE-2008-1232
A cross-site scripting XSS vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML through a crafted string that is used in the message argument to the HttpServletResponse.sendError method...
SOL8171 - Linux kernel IA32 System Call vulnerability - CVE-2007-4573
Vulnerability description This security advisory describes a vulnerability in the Linux kernel which may allow local users to gain elevated privileges using the IA32 system call emulation functionality on 64-bit platforms. Information about this advisory is available at the following location:...
SOL7005 - Overview of MNIN/NNL-Labs Advisory
Future release Obtaining and installing hotfixes F5 recommends you apply the following hotfixes for your specific FirePass version to address the issues presented in these security advisories: Product | Version | Hotfix ---|---|--- FirePass | 6.0.0 | HF-600-8 or later cumulative hotfix FirePass |...
K000148465: Spring framework vulnerability CVE-2024-38816
Security Advisory Description Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process i...
K000148287: Apache Tomcat vulnerability CVE-2019-0232
Security Advisory Description When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The...
K000139228: Envoy vulnerability CVE-2024-27919
Security Advisory Description Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This...
K000139227: amphp/http vulnerability CVE-2024-2653
Security Advisory Description amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set ENDHEADERS flag, resulting in an OOM crash. CVE-2024-2653 Impact There is no impact; F5 products are not affected by this vulnerability. Securi...
K000138649: GnuTLS vulnerabilities CVE-2023-5981 and CVE-2024-0553
Security Advisory Description CVE-2023-5981 A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. CVE-2024-0553 A vulnerability was found in GnuTLS. The response times to...
K000138444: NGINX HTTP/3 QUIC vulnerability CVE-2024-24989
Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. CVE-2024-24989 Note : The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information,...
K000138577: Python-asyncssh vulnerability CVE-2023-46446
Security Advisory Description An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." CVE-2023-46446 Impact There is no impact; F5 products are not affected by this...
K000138452: Intel CPU BIOS vulnerabilities CVE-2023-25756 and CVE-2023-22329
Security Advisory Description CVE-2023-25756 Out-of-bounds read in the BIOS firmware for some IntelR Processors may allow an authenticated user to potentially enable escalation of privilege via adjacent access. CVE-2023-22329 Improper input validation in the BIOS firmware for some IntelR Processo...
K000133092: cURL vulnerability CVE-2022-43552
Security Advisory Description A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET,...
K96300145: C Library (SQLite & libxslt) vulnerabilities CVE-2019-16168 CVE-2019-13117 CVE-2019-13118
Security Advisory Description CVE-2019-16168 In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlitestat1 sz field, aka a "severe division by zero in the query planner." CVE-2019-13117 In numbers.c in libxslt...
K23512141: OpenSSL vulnerability CVE-2016-2179
Security Advisory Description The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service memory consumption by maintaining many crafted DTLS...
K35322517: BIND vulnerability CVE-2016-8864
Security Advisory Description named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service assertion failure and daemon exit via a DNAME record in the answer section of a response to a recursive query, related to...
K04280042: BIG-IP ASM vulnerability CVE-2019-6650
Security Advisory Description F5 BIG-IP ASM may expose sensitive information and allow the system configuration to be modified when using non-default settings. CVE-2019-6650 Impact The vulnerability is only present on multi-bladed systems VIPRION with BIG-IP ASM provisioned, on the following...
K42842401: MySQL vulnerabilities CVE-2018-3145, CVE-2018-3155, CVE-2018-3156, CVE-2018-3161, and CVE-2018-3162
Security Advisory Description CVE-2018-3145 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Parser. Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protoco...
K65043534: Multiple INTEL BIOS vulnerabilities
Security Advisory Description CVE-2017-5705 Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code. CVE-2017-5706 Multiple buffer overflows in kernel in Intel Server Platfo...
K16764: PHP vulnerability CVE-2015-4022
Security Advisory Description Integer overflow in the ftpgenlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. CVE-2015-40...
K17125: Multiple Java vulnerabilities
Security Advisory Description CVE-2015-0458 Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2015-0459 Unspecified vulnerability in Oracle Java SE 5.0u8...
K56851402: Linux kernel vulnerability CVE-2019-17666
Security Advisory Description rtlp2pnoaie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. CVE-2019-17666 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...
K00947806: Linux kernel vulnerability CVE-2019-3846
Security Advisory Description A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. CVE-2019-3846 Impact There is no impact; F5 products are not affected by this vulnerability...
K52868493: libssh vulnerability CVE-2018-10933
Security Advisory Description A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. CVE-2018-10933 Impact There is no impact. F5 products...
K14236: OpenSSL vulnerability CVE-2012-2686
Security Advisory Description A flaw in the OpenSSL handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a denial-of-service DoS attack. Anyone using an AES-NI platform for TLS 1.2 or TLS 1.1 on OpenSSL 1.0.1 before 1.0.1d is affected. Platforms...
K16833: Linux vulnerability CVE-2014-7826
Security Advisory Description kernel/trace/tracesyscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service invalid pointer dereference via a crafted...
K01324833: NTP vulnerability CVE-2015-8158
Security Advisory Description The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service infinite loop via crafted packets with incorrect values. CVE-2015-8158 Impact When this vulnerability is exploited, an attacke...
K25200948: Linux kernel vulnerability CVE-2021-33034
Security Advisory Description In the Linux kernel before 5.12.4, net/bluetooth/hcievent.c has a use-after-free when destroying an hcichan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. CVE-2021-33034 Impact There is no impact; F5 products are not affected by this vulnerability...
K55405388: NTP vulnerability CVE-2016-9311
Security Advisory Description ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted packet. CVE-2016-9311 Impact A remote attacker may be able to send a specially crafted packet to cause ...
K39573942: DHCP vulnerability CVE-2019-6470
Security Advisory Description There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this...
K41412302: Jetty vulnerability CVE-2019-10247
Security Advisory Description In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not...
K71249196: Python-Pillow vulnerability CVE-2021-25288
Security Advisory Description An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2kugrayi. CVE-2021-25288 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the...
K97521840: logback vulnerability CVE-2021-42550
Security Advisory Description In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. CVE-2021-42550 Impact There is no impact; F5 products...
K83181523: PHP vulnerability CVE-2018-10546
Security Advisory Description An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences. CVE-2018-10546 Impact There is no...
K54039800: MatrixSSL vulnerability CVE-2016-6883
Security Advisory Description MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack. CVE-2016-6883 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status...
K95375529: PHP vulnerabilities CVE-2013-7456, CVE-2016-4343, and CVE-2016-5093
Security Advisory Description CVE-2013-7456 gdinterpolation.c in the GD Graphics Library aka libgd before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impa...
K63525058: cURL vulnerability CVE-2020-8284
Security Advisory Description A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doin...
K64119434: GNU C Library vulnerability CVE-2009-5155
Security Advisory Description In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service assertion failure and application exit or trigger an incorrect result by attempting a regular-expression...
K63314101: Multiple MySQL vulnerabilities
Security Advisory Description CVE-2022-21451 Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via...
K44945790: glibc vulnerability CVE-2021-3326
Security Advisory Description The iconv function in the GNU C Library aka glibc or libc6 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. CVE-2021-3326...
K72255110: MySQL vulnerability CVE-2016-6662
Security Advisory Description Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to creat...
K54225343: libxml2 vulnerabilities CVE-2016-3627 and CVE-2016-3705
Security Advisory Description CVE-2016-3627 The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service infinite recursion, stack consumption, and application crash via a crafted XML document...