6413 matches found
SOL6634 - pam_ldap vulnerability - CVE-2005-2641
This security advisory describes a pamldap vulnerability. Clients who are referred to a different server than the server on which they were originally authenticated, with a different TLS encryption requirement, could possibly bypass the new server's TLS requirements. Information about this adviso...
K000161577: Linux kernel vulnerability CVE-2025-39817
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfsdcompare Observed on kernel 6.6 present on master as well: BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasancheckrange+0xe8/0x190...
K000148250: PostgreSQL vulnerabilities CVE-2016-0766, CVE-2015-3167, CVE-2015-0243, CVE-2015-0242, and CVE-2015-0241
Security Advisory Description CVE-2016-0766 PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings GUCS for PL/Java, which allows attackers to gain privileges via...
K000140693: Apache HTTP server vulnerability CVE-2024-39573
Security Advisory Description Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue. CVE-2024-39573...
K000140602: BIND vulnerability CVE-2024-4076
Security Advisory Description Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1...
K000139793: MacOS vulnerability CVE-2023-41993
Security Advisory Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7...
K000139615: Node.js vulnerability CVE-2024-27982
Security Advisory Description The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly,...
K000139430: Linux kernel vulnerability CVE-2024-1086
Security Advisory Description A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The nftverdictinit function allows positive values as drop error within the hook verdict, and hence the nfhookslow function can...
K000138628: python-pip vulnerabilities CVE-2021-3572 and CVE-2023-5752
Security Advisory Description CVE-2021-3572 A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity...
K000132941: OpenSSL vulnerability CVE-2023-0286
Security Advisory Description There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as...
K000132686: TLS Triple Handshake Attack vulnerability
Security Advisory Description The original TLS protocol includes a weakness in master secret negotiation, potentially allowing the Triple Handshake Attack that is mitigated by the Extended Master Secret EMS extension defined in RFC 7627. Impact This vulnerability may allow an unauthenticated...
K69334442: Intel Processors RRSBA advisory CVE-2022-28693
Security Advisory Description Unprotected alternative channel of return branch target prediction in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2022-28693 Impact There is no impact; F5 products are not affected by this...
K02500249: Linux kernel vulnerability CVE-2013-1059
Security Advisory Description net/ceph/authnone.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via an authreply message that triggers an attempted buildrequest operation...
K49116387: BIND vulnerabilities CVE-2017-3140 and CVE-2017-3141
Security Advisory Description CVE-2017-3140 If named is configured to use Response Policy Zones RPZ an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0-9.11.1, 9.9.10-S1, 9.10.5-S1. An error...
K76444020: OpenJDK vulnerabilities CVE-2019-2933 and CVE-2019-2958
Security Advisory Description CVE-2019-2933 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows...
K11435435: PHP vulnerability CVE-2020-7070
Security Advisory Description In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thu...
K15883: Net-SNMP vulnerability CVE-2012-2141
Security Advisory Description Array index error in the handlensExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service out-of-bounds read and snmpd crash via an SNMP GET request for an entry not in the extension...
K15725: Multiple 5.5.x and 5.6.x MySQL vulnerabilities
Security Advisory Description CVE-2014-6507 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. CVE-2014-6491 Unspecified...
K93683207: Apache vulnerability CVE-2018-1333
Security Advisory Description By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.18-2.4.30,2.4.33. CVE-2018-1333 Impact There is no impact; F5...
K15189: Apache Commons FileUpload vulnerability CVE-2014-0050
Security Advisory Description MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted Content-Type header that bypasses a loop's...
K23630542: MySQL vulnerabilities CVE-2017-3636, CVE-2018-3081, CVE-2018-3174, CVE-2021-2144, and CVE-2020-2812
Security Advisory Description CVE-2017-3636 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to...
K21121402: PHP vulnerability CVE-2020-7062
Security Advisory Description In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.uploadprogress.cleanup is set to 0 disabled, and the file upload fails, the upload procedure would...
K52325031: Linux kernel vulnerabilities CVE-2019-16231 and CVE-2019-16233
Security Advisory Description CVE-2019-16231 drivers/net/fjes/fjesmain.c in the Linux kernel 5.2.14 does not check the allocworkqueue return value, leading to a NULL pointer dereference. CVE-2019-16233 drivers/scsi/qla2xxx/qlaos.c in the Linux kernel 5.2.14 does not check the allocworkqueue retur...
K64721111: vCMP vulnerability CVE-2018-5531
Security Advisory Description Through undisclosed methods, adjacent network attackers can cause a denial of service for vCMP guest and host systems. Attacks must be sourced from an adjacent network Layer 2. CVE-2018-5531 Impact BIG-IP An attacker from an adjacent network may be able to cause a...
K13597: OpenSSL vulnerability CVE-2012-1165
Security Advisory Description The mimeparamcmp function in crypto/asn1/asnmime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service NULL pointer dereference and application crash using a crafted S/MIME message; a different vulnerability than...
K14433: PHP SOAP vulnerability CVE-2013-1643
Security Advisory Description PHP allows the use of external entities while parsing SOAP wsdl files, which allows an attacker to read arbitrary files. If a web application unserializes user-supplied data and tries to execute any method of it, an attacker can send a serialized SoapClient object...
K14909: OpenSSL vulnerability CVE-2013-4248
Security Advisory Description The opensslx509parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle...
K15432: Apache Tomcat vulnerability CVE-2014-0099
Security Advisory Description Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Lengt...
K62012529: BIND vulnerability CVE-2016-1286
Security Advisory Description named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service assertion failure and daemon exit via a crafted signature record for a DNAME record, related to db.c and resolver.c. CVE-2016-1286 Impact An attacke...
K15900: Apache HTTP server vulnerability CVE-2012-3499
Security Advisory Description Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modlda...
K16442: MIT Kerberos 5 vulnerability CVE-2014-9422
Security Advisory Description The checkrpcsecauth function in kadmin/server/kadmrpcsvc.c in kadmind in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/ authorization check and obtain administrative access...
K01128223: PHP vulnerability CVE-2020-7061
Security Advisory Description In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or...
K40317110: MySQL vulnerabilities CVE-2017-10320, CVE-2017-10365, CVE-2017-10378, CVE-2017-10379, and CVE-2017-10384
Security Advisory Description CVE-2017-10320 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB. Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
K85307687: cURL and libcurl vulnerabilities CVE-2014-3613, CVE-2014-3707, and CVE-2014-8150
Security Advisory Description CVE-2014-3613 cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site...
K15101402: iControl REST vulnerability CVE-2022-1468
Security Advisory Description An authenticated iControl REST user with at least guest role privileges can cause processing delays to iControl REST requests via undisclosed requests. CVE-2022-1468 Impact Processing delays to iControl REST requests can occur until the iControl REST daemon is either...
K05940857: Apache Tomcat vulnerabilities CVE-2017-5650 and CVE-2017-5651
Security Advisory Description CVE-2017-5650 In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOWUPDATE before allowing the application to...
K41523201: cURL vulnerability CVE-2019-5482
Security Advisory Description Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. CVE-2019-5482 Impact An attacker could cause a denial of service DoS or arbitrary code execution if you use cURL to transfer data to or from a Trivial File Transport Protocol TFTP server and...
K02354867: Kernel vulnerability CVE-2020-10711
Security Advisory Description A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option CIPSO protocol's category bitmap into the SELinux extensible bitmap via the'...
K12132951: Linux kernel vulnerability CVE-2022-0812
Security Advisory Description An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpcrdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. CVE-2022-0812 Impact There is no impact; F5 products are not affected by...
K35263486: libarchive vulnerability CVE-2016-8688
Security Advisory Description The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service crash via a crafted file, which triggers an invalid read in the 1 detectform or 2 bidentry function in...
K60350722: Java SE Embedded vulnerability CVE-2018-2814
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker...
K54747614: Java SE and JRockit vulnerability CVE-2017-10243
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAX-WS. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows...
K77384526: tcpdump vulnerabilities CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, and CVE-2016-7927
Security Advisory Description CVE-2016-7922 The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ahprint. CVE-2016-7923 The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arpprint. CVE-2016-7924 The ATM parser in tcpdump before 4.9.0 has a buffer...
K04311751: Tcpdump vulnerability CVE-2018-19519
Security Advisory Description In tcpdump 4.9.2, a stack-based buffer over-read exists in the printprefix function of print-hncp.c via crafted packet data because of missing initialization. CVE-2018-19519 Impact There is no impact; F5 products are not affected by this vulnerability. Security...
K81674333: Ruby vulnerabilities CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325
Security Advisory Description CVE-2019-8322 An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur. CVE-2019-8323 An issue was...
K19240391: Apache Tomcat vulnerability CVE-2020-11996
Security Advisory Description A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections,...
K43223005: PHP vulnerability CVE-2018-5711
Security Advisory Description gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the...
K04107324: Linux kernel vulnerability CVE-2019-3900
Security Advisory Description An infinite loop issue was found in the vhostnet kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handlerx. It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote on...
K70023694: Linux kernel vulnerability CVE-2021-4154
Security Advisory Description A use-after-free flaw was found in cgroup1parseparam in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container...
K84940705: cURL and libcurl vulnerability CVE-2016-8623
Security Advisory Description A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure. CVE-2016-8623 Impact A use-after-free can occur with shared cookies, allowing a user or process...