6294 matches found
SOL86326526 - MySQL vulnerabilities CVE-2015-4766, CVE-2015-4904, CVE-2015-4791, and CVE-2015-4807
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL17189 - Apache HTTP server vulnerability CVE-2008-0456
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...
SOL17057 - QEMU vulnerabilities CVE-2015-3214, CVE-2015-5154, and CVE-2015-5158
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...
SOL17025 - BIND DNSSEC vulnerability CVE-2010-0097
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC 1 NSEC and 2 NSEC3 records. CVE-2010-0097...
SOL16920 - OpenSSL vulnerability CVE-2014-8176
The failover.secure system database variable is only available in BIG-IP 11.5.0 and later, and is disabled by default. However, Common Criteria mode enables the failover.secure database variable. The BIG-IP Edge Client system will be vulnerable only when connected to a malicious server...
SOL16478 - Linux kernel vulnerabilities CVE-2014-8159 and CVE-2014-8369
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...
SOL16196 - MCPQ vulnerability CVE-2014-6031
MCPQ has been found to suffer from a remote buffer overflow vulnerability. The vulnerability is available to authenticated administrative users only. CVE-2014-6031...
SOL15787 - BIND vulnerability CVE-2010-0382
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custo...
SOL15745 - Multiple Oracle Java vulnerabilities
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL15723 - OpenSSL vulnerability CVE-2014-3567
Recommended action If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently...
SOL15557 - OpenSSH vulnerability CVE-2011-4327
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15417 - OpenSSL vulnerability CVE-2012-0050
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL14261 - OpenSSL OCSP vulnerability CVE-2013-0166
Recommended action To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. Supplemental Information Common Vulnerabilities and Exposures CVE-2013-0166 Note: The previous link takes you to a resource outside of...
SOL12567 - BIND vulnerability CVE-2010-3614
F5 Product Development has determined that these BIG-IP and Enterprise Manager versions use a vulnerable version of BIND. However, the vulnerable code is not used by default on these BIG-IP or Enterprise Manager systems. This security advisory describes a BIND vulnerability. For information about...
SOL9990 - icclib vulnerabilities CVE-2009-0583 and CVE-2009-0584
Description Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in Ghostscript's International Color Consortium Format library icclib. Using specially-crafted ICC profiles, an attacker could create a...
SOL9025 - FirePass SNMP DoS vulnerability
This SNMP vulnerability can at most cause DoS of the FirePass SNMP service and cannot cause either unprivileged access to the FirePass controller or DoS of other FirePass services. Information about this advisory is available at the following location: F5 Product Development tracked this issue a...
K000140693: Apache HTTP server vulnerability CVE-2024-39573
Security Advisory Description Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue. CVE-2024-39573...
K000140602: BIND vulnerability CVE-2024-4076
Security Advisory Description Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1...
K000139430: Linux kernel vulnerability CVE-2024-1086
Security Advisory Description A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The nftverdictinit function allows positive values as drop error within the hook verdict, and hence the nfhookslow function can...
K000138649: GnuTLS vulnerabilities CVE-2023-5981 and CVE-2024-0553
Security Advisory Description CVE-2023-5981 A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. CVE-2024-0553 A vulnerability was found in GnuTLS. The response times to...
K000138628: python-pip vulnerabilities CVE-2021-3572 and CVE-2023-5752
Security Advisory Description CVE-2021-3572 A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity...
K000132941: OpenSSL vulnerability CVE-2023-0286
Security Advisory Description There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as...
K55540723: OpenSSL vulnerability CVE-2015-3196
Security Advisory Description ssl/s3clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service race condition and...
K02500249: Linux kernel vulnerability CVE-2013-1059
Security Advisory Description net/ceph/authnone.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via an authreply message that triggers an attempted buildrequest operation...
K49116387: BIND vulnerabilities CVE-2017-3140 and CVE-2017-3141
Security Advisory Description CVE-2017-3140 If named is configured to use Response Policy Zones RPZ an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0-9.11.1, 9.9.10-S1, 9.10.5-S1. An error...
K06323049: BIG-IP IPsec ALG vulnerability CVE-2022-29473
Security Advisory Description When an IPSec ALG profile is configured on a virtual server, undisclosed responses can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-29473 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows an unauthenticated...
K80922332: PHP vulnerability CVE-2015-8866
Security Advisory Description ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxmldisableentityloader changes in other threads, which allows remote attackers to conduct XML External Entity XXE and XML Entity Expansion XEE...
K04280042: BIG-IP ASM vulnerability CVE-2019-6650
Security Advisory Description F5 BIG-IP ASM may expose sensitive information and allow the system configuration to be modified when using non-default settings. CVE-2019-6650 Impact The vulnerability is only present on multi-bladed systems VIPRION with BIG-IP ASM provisioned, on the following...
K12896623: glibc vulnerability CVE-2018-1000001
Security Advisory Description In glibc 2.26 and earlier there is confusion in the usage of getcwd by realpath which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. CVE-2018-1000001 Impact There is no impact; F5 products are not affect...
K53737506: Linux kernel vulnerability CVE-2019-19070
Security Advisory Description DISPUTED A memory leak in the spigpioprobe function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering devmaddactionorreset failures, aka CID-d3b0ffa1d75d. NOTE: third parties...
K15189: Apache Commons FileUpload vulnerability CVE-2014-0050
Security Advisory Description MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted Content-Type header that bypasses a loop's...
K15152: Ruby vulnerability CVE-2013-4164
Security Advisory Description Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a string that is...
K02931614: Multiple dnsmasq vulnerabilities
Security Advisory Description CVE-2020-25681 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid,...
K52868493: libssh vulnerability CVE-2018-10933
Security Advisory Description A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. CVE-2018-10933 Impact There is no impact. F5 products...
K14236: OpenSSL vulnerability CVE-2012-2686
Security Advisory Description A flaw in the OpenSSL handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a denial-of-service DoS attack. Anyone using an AES-NI platform for TLS 1.2 or TLS 1.1 on OpenSSL 1.0.1 before 1.0.1d is affected. Platforms...
K14909: OpenSSL vulnerability CVE-2013-4248
Security Advisory Description The opensslx509parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle...
K05534090: Java vulnerability CVE-2015-4803
Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911. CVE-2015-4803...
K81081046: PHP vulnerabilities CVE-2016-4537 and CVE-2016-4538
Security Advisory Description CVE-2016-4537 The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other...
K53316849: Java vulnerability CVE-2013-5802
Security Advisory Description Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality,...
K77535578: Multiple Java SE client-side vulnerabilities
Security Advisory Description CVE-2016-0636 Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component. CVE-2016-0686 Unspecified vulnerability in Oracle...
K15927: BIND vulnerability CVE-2014-8500
Security Advisory Description ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service memory consumption and named crash via a large or infinite number of referrals. CVE-2014-8500...
K02230327: BIND vulnerability CVE-2017-3143
Security Advisory Description An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND...
K16124: OpenSSL vulnerability CVE-2015-0206
Security Advisory Description Memory leak in the dtls1bufferrecord function in d1pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service memory consumption by sending many duplicate records for the next epoch, leading to failure of replay...
K16123: OpenSSL vulnerability CVE-2014-3571
Security Advisory Description OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted DTLS message that is processed with a different read operation for the handshake...
K98121587: glibc vulnerability CVE-2021-35942
Security Advisory Description The wordexp function in the GNU C Library aka glibc through 2.33 may crash or read arbitrary memory in parseparam in posix/wordexp.c when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs...
K55405388: NTP vulnerability CVE-2016-9311
Security Advisory Description ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted packet. CVE-2016-9311 Impact A remote attacker may be able to send a specially crafted packet to cause ...
K15101402: iControl REST vulnerability CVE-2022-1468
Security Advisory Description An authenticated iControl REST user with at least guest role privileges can cause processing delays to iControl REST requests via undisclosed requests. CVE-2022-1468 Impact Processing delays to iControl REST requests can occur until the iControl REST daemon is either...
K52171282: BIG-IP APM client for Linux and macOS vulnerability CVE-2018-5529
Security Advisory Description The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowled...
K23454411: DNS profile vulnerability CVE-2022-26372
Security Advisory Description When a DNS listener is configured on a virtual server with DNS queueing default, undisclosed requests can cause an increase in memory resource utilization. CVE-2022-26372 Impact System performance can degrade until the Traffic Management Microkernel TMM process is...
K31616043: Linux kernel vulnerability CVE-2021-28660
Security Advisory Description rtwwxsetscan in drivers/staging/rtl8188eu/osdep/ioctllinux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the -ssid array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/ unfinished work;...